DS928
asked on
Can't Find The Code
If you look to the bottom left of this website www.audiodigz.com you will see the words "GO TO MEHID.COM.BR" I have looked everywhere in the code and can't find it. I need to remove it. Any help is appreciated. Thank you.
Well, the container tree is the following:
Some sites have this kind of stuff embedded in config settings.
<div class="footer">
<div class="footer-container">
<div class="footer-links">
<a href="http://www.audiodigz.com/index.php?a=page&b=tos" rel="loadpage">Terms of Use</a> -
<a href="http://www.audiodigz.com/index.php?a=page&b=privacy" rel="loadpage">Privacy Policy</a> -
<a href="http://www.audiodigz.com/index.php?a=page&b=dmca" rel="loadpage">DMCA</a> -
<a href="http://www.audiodigz.com/index.php?a=page&b=contact" rel="loadpage">Contact</a>
<!--a href="http://www.audiodigz.com/index.php?a=admin" rel="loadpage">Admin</a-->
</div>
<!--div class="footer-languages">
Language: <a href="http://www.audiodigz.com/index.php?lang=english">English</a>
</div-->
<div class="footer-info">
Copyright © 2017 MEHID.COM.BR. All rights reserved
</div>
</div>
</div>
Now, this can actually be "injected" by whatever server-side platform you're using.Some sites have this kind of stuff embedded in config settings.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see it where you are showing me, but I can't find it in the code anywhere. I think its more of this....
"Now, this can actually be "injected" by whatever server-side platform you're using.
Some sites have this kind of stuff embedded in config settings." I am checking the config files but no luck...I did a search of the entire site and it doesn't show up anywhere.....I think it coming from here....
"Now, this can actually be "injected" by whatever server-side platform you're using.
Some sites have this kind of stuff embedded in config settings." I am checking the config files but no luck...I did a search of the entire site and it doesn't show up anywhere.....I think it coming from here....
<iframe src="http://www.audiodigz.com/ADDESIGN/preview.php" frameborder="0" scrolling="auto" width="100%" onload='this.style.height=this.contentWindow.document.body.scrollHeight + "px";'></iframe>
Interesting... You also have this in the HTML.
<div class="footer-info">
Copyright © 2017 MEHID.COM.BR. All rights reserved
</div>
Can it be a database configuration?
Did you develop the site from scratch or do you use a base platform that you customised?
Did you develop the site from scratch or do you use a base platform that you customised?
ASKER
Its from a platform that I customized. This just sort showed up.........MEHID.COM.BR
If it "just showed up" then I'm with Julian here... you might have been "hacked".
Do you recognize that iframe code you posted?
If you search for it on your codebase, can you find it?
Do you recognize that iframe code you posted?
If you search for it on your codebase, can you find it?
That URL looks shady. Check the reCaptcha here:
http://mehid.com.br/contact.html
http://mehid.com.br/contact.html
I just looked at the response from your server and it already contains the MEHID content so I think we can discard any client side injection magic.
Look well at your config (DB included) and you should be able to find it.
Also, consider Julian's comments... confirm that what you're looking at is actually what is being served and hasn't been tempered/moved in any way.
Look well at your config (DB included) and you should be able to find it.
Also, consider Julian's comments... confirm that what you're looking at is actually what is being served and hasn't been tempered/moved in any way.
ASKER
I put the iframe code in. I am also paying GoDaddy to guard against this "Hacking". So what would the next step be then?
Did you check any DB-level configurations that might be holding this?
Someone might also have found a way input that into your database.
Do you have any input fields on your site that will be stored on a DB?
Someone might also have found a way input that into your database.
Do you have any input fields on your site that will be stored on a DB?
ASKER
I have several input fields......checking the database now...
ASKER
Definiteley Hacked. I confirmed it with Go Daddy. Thank God I had their protection plan (?) They are fixing it now.
ASKER
Definitely Hacked. Go Daddy is cleaning it up for me.
<div class="welcome-full" id="welcome-explore">
((lots of other things))
GO TO MEHID.COM.BR
</div>