Ange 0 Posted January 9 Share Posted January 9 (edited) Can somebody please have a look for me to help find it? Url is in the screenshot - I don't want to post the URL directly in case Google ranks it! Can I get a code line number of where the detection was made? Edited January 9 by Ange Add information Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 4,553 Posted January 10 Administrators Solution Share Posted January 10 Searching for "parentNode.insertBefore(po, s)" should help you locate the malicious JS. Quote Link to comment Share on other sites More sharing options...
Ange 0 Posted January 10 Author Share Posted January 10 Hey Marcos, Okay thank you - that gives me a starting point. This could pertain to a number of code lines in our script. I'll list them below - can you please let me know what you think could be triggering it? Is it possible that I ESET is triggering a false positive? Quantcast Tag </script> <!-- Quantcast Tag --> <_script type="text/javascript"> window._qevents = window._qevents || []; (function() { var elem = document.createElement('script'); elem.src = (document.location.protocol == "https:" ? "https://secure" : "hxxp://edge") + ".quantserve.com/quant.js"; elem.async = true; elem.type = "text/javascript"; var scpt = document.getElementsByTagName('script')[0]; scpt.parentNode.insertBefore(elem, scpt); })(); window._qevents.push({ qacct:"p-0yt8t04BdHBHy", uid:"" }); </script> Facebook Tag </style> <!-- Facebook Business Extension for Magento 2 --> <!-- Facebook Pixel Code --> <_script> !function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=[];t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window, document,'script','//connect.facebook.net/en_US/fbevents.js'); fbq( 'init', '260325074565775', {}, {agent: 'magento2-2.4.2-1.2.5' } ); fbq('track', 'PageView', { source: "magento2", version: "2.4.2", pluginVersion: "1.2.5" }); </script> <noscript> <img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=260325074565775&ev=PageView&noscript=1&a=magento2-2.4.2-1.2.5" /> </noscript> <!-- End Facebook Pixel Code --> Yotpo Tag <!-- Yotpo - Widget Script --> <_script> (function e(){var e=document.createElement("script");e.type="text/javascript",e.async=true,e.src="//staticw2.yotpo.com/MiYqr6pLo4uM7oXnMnqaO13o5qy27pLQHQp9o9zC/widget.js";var t=document.getElementsByTagName("script")[0];t.parentNode.insertBefore(e,t)})(); </script> Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,553 Posted January 10 Administrators Share Posted January 10 Quote Link to comment Share on other sites More sharing options...
Ange 0 Posted January 10 Author Share Posted January 10 Hey Marco, Thank you for locating that! Only after I replied I also found this script. Is this definitely a virus code, or could it be a false positive? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,553 Posted January 10 Administrators Share Posted January 10 It's definitely malicious, the script loads a JS from a website blocked by 2 vendors: Quote Link to comment Share on other sites More sharing options...
Ange 0 Posted January 10 Author Share Posted January 10 Hey Marco, Wow, thanks so much for your assistance! You are brilliant! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.