Injected google ads script??

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
opkyrtsis
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Sep 19, 2017 11:06 pm

Injected google ads script??

Post by opkyrtsis » Tue Jul 19, 2022 11:21 pm

Hi there, it seems my sites were hacked with a script that has embedded on top - bottom and sides google ads. I've looked everywhere but can't locate the script(s). It's horribly annoying and has ruined my sites. Can you help me please to get rid of it?

Code: Select all

https://myxalandri.gr/
https://myxolargos.gr/
Last edited by mandville on Wed Jul 20, 2022 2:53 am, edited 1 time in total.
Reason: broke ;links

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20518
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: Injected google ads script??

Post by leolam » Thu Jul 21, 2022 4:06 pm

PLs provide a link the the pages where this shows up

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -

opkyrtsis
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Sep 19, 2017 11:06 pm

Re: Injected google ads script??

Post by opkyrtsis » Thu Jul 21, 2022 8:38 pm

It shows up in every page, thanks.Image
Screenshot 2022-07-21 233358.jpg
Screenshot 2022-07-21 233527.jpg

Code: Select all

https://myxalandri.gr/
https://myxolargos.gr/
You do not have the required permissions to view the files attached to this post.

opkyrtsis
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Sep 19, 2017 11:06 pm

Re: Injected google ads script??

Post by opkyrtsis » Wed Jul 27, 2022 5:58 pm

Any ideas? Thanks.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15106
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Injected google ads script??

Post by mandville » Wed Jul 27, 2022 8:34 pm

look at this bit on the widgetkit?

Code: Select all

	<!--/* Revive Adserver Javascript Tag v3.0.5 */-->

<!--/*
  * The backup image section of this tag has been generated for use on a
  * non-SSL page. If this tag is to be placed on an SSL page, change the
  *   'http://www.dmstrategy.eu/openx/openx-2.8.10/www/delivery/...'
  * to
  *   'https://www.dmstrategy.eu/openx/openx-2.8.10/www/delivery/...'
  *
  * This noscript section of this tag only shows image banners. There
  * is no width or height in these banners, so if you want these tags to
  * allocate space for the ad before it shows, you will need to add this
  * information to the <img> tag.
  *
  * If you do not want to deal with the intricities of the noscript
  * section, delete the tag (from <noscript>... to </noscript>). On
  * average, the noscript tag is called from less than 1% of internet
  * users.
  */-->

<script type='text/javascript'><!--//<![CDATA[
   var m3_u = (location.protocol=='https:'?'https://www.dmstrategy.eu/openx/openx-2.8.10/www/delivery/ajs.php':'http://www.dmstrategy.eu/openx/openx-2.8.10/www/delivery/ajs.php');
   var m3_r = Math.floor(Math.random()*99999999999);
   if (!document.MAX_used) document.MAX_used = ',';
   document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
   document.write ("?zoneid=1&amp;block=1");
   document.write ('&amp;cb=' + m3_r);
   if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
   document.write (document.charset ? '&amp;charset='+document.charset : (document.characterSet ? '&amp;charset='+document.characterSet : ''));
   document.write ("&amp;loc=" + escape(window.location));
   if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
   if (document.context) document.write ("&context=" + escape(document.context));
   if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
   document.write ("'><\/scr"+"ipt>");
//]]>--></script><noscript><a href='http://www.dmstrategy.eu/openx/openx-2.8.10/www/delivery/ck.php?n=a399ab2b&amp;cb=INSERT_RANDOM_NUMBER_HERE' target='_blank'><img src='http://www.dmstrategy.eu/openx/openx-2.8.10/www/delivery/avw.php?zoneid=1&amp;cb=INSERT_RANDOM_NUMBER_HERE&amp;n=a399ab2b' border='0' alt='' /></a></noscript>

</div></div>
                </section>
                
                                <main id="tm-content" class="tm-content">

                    
                    <div id="system-message-container">
</div>


<article class="uk-article tm-article  " >

	
	<div class="tm-article-container ">
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

opkyrtsis
Joomla! Apprentice
Joomla! Apprentice
Posts: 12
Joined: Tue Sep 19, 2017 11:06 pm

Re: Injected google ads script??

Post by opkyrtsis » Wed Jul 27, 2022 8:49 pm

Actually this code is the real ads I use. The problem is only with the google ads shown in the pics. Thanks.


Post Reply

Return to “Security in Joomla! 3.x”