Link to home
Start Free TrialLog in
Avatar of DS928
DS928Flag for United States of America

asked on

Can't Find The Code

If you look to the bottom left of this website  www.audiodigz.com  you will see the words  "GO TO MEHID.COM.BR" I have looked everywhere in the code and can't find it.  I need to remove it.  Any help is appreciated.  Thank you.
Avatar of Nancy Rindone
Nancy Rindone
Flag of United States of America image

It appears to be within this element:

<div class="welcome-full" id="welcome-explore">
               ((lots of other things))

GO TO MEHID.COM.BR
</div>
Well, the container tree is the following:
<div class="footer">
		<div class="footer-container">
			<div class="footer-links">
				<a href="http://www.audiodigz.com/index.php?a=page&amp;b=tos" rel="loadpage">Terms of Use</a> - 
				<a href="http://www.audiodigz.com/index.php?a=page&amp;b=privacy" rel="loadpage">Privacy Policy</a> - 
				<a href="http://www.audiodigz.com/index.php?a=page&amp;b=dmca" rel="loadpage">DMCA</a> - 
				<a href="http://www.audiodigz.com/index.php?a=page&amp;b=contact" rel="loadpage">Contact</a> 
				<!--a href="http://www.audiodigz.com/index.php?a=admin" rel="loadpage">Admin</a-->
			</div>
			<!--div class="footer-languages">
				Language: <a href="http://www.audiodigz.com/index.php?lang=english">English</a>
			</div-->
			<div class="footer-info">
				Copyright © 2017 MEHID.COM.BR. All rights reserved
			</div>
		</div>
	</div>

Open in new window

Now, this can actually be "injected" by whatever server-side platform you're using.
Some sites have this kind of stuff embedded in config settings.
ASKER CERTIFIED SOLUTION
Avatar of Julian Hansen
Julian Hansen
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of DS928

ASKER

I see it where you are showing me, but I can't find it in the code anywhere.  I think its more of this....

"Now, this can actually be "injected" by whatever server-side platform you're using.
Some sites have this kind of stuff embedded in config settings."   I am checking the config files but no luck...I did a search of the entire site and it doesn't show up anywhere.....I think it coming from here....
<iframe src="http://www.audiodigz.com/ADDESIGN/preview.php" frameborder="0" scrolling="auto" width="100%" onload='this.style.height=this.contentWindow.document.body.scrollHeight + "px";'></iframe>

Open in new window

Interesting... You also have this in the HTML.
			<div class="footer-info">
				Copyright &copy; 2017 MEHID.COM.BR. All rights reserved
			</div>

Open in new window

Can it be a database configuration?
Did you develop the site from scratch or do you use a base platform that you customised?
Avatar of DS928

ASKER

Its from a platform that I customized.  This just sort showed up.........MEHID.COM.BR
If it "just showed up" then I'm with Julian here... you might have been "hacked".

Do you recognize that iframe code you posted?
If you search for it on your codebase, can you find it?
That URL looks shady.  Check the reCaptcha here:
http://mehid.com.br/contact.html
I just looked at the response from your server and it already contains the MEHID content so I think we can discard any client side injection magic.

Look well at your config (DB included) and you should be able to find it.

Also, consider Julian's comments... confirm that what you're looking at is actually what is being served and hasn't been tempered/moved in any way.
Avatar of DS928

ASKER

I put the iframe code in.  I am also paying GoDaddy to guard against this "Hacking".  So what would the next step be then?
Did you check any DB-level configurations that might be holding this?

Someone might also have found a way input that into your database.
Do you have any input fields on your site that will be stored on a DB?
Avatar of DS928

ASKER

I have several input fields......checking the database now...
Avatar of DS928

ASKER

Definiteley Hacked.  I confirmed it with Go Daddy.  Thank God I had their protection plan (?)  They are fixing it now.
Avatar of DS928

ASKER

Definitely Hacked.  Go Daddy is cleaning it up for me.