AlfredoBenni 0 Posted March 25 Share Posted March 25 Good morning, I am having a problem with this site being compromised. www.exoterica.it. Eset on online website detects malware I went through sitecheck.secure.net and it detects the following locations. Malware Found hxxp://www.exoterica.it/404testpage4525d2fdc (More Details) Known javascript malware: malware.injection?35.62 Malware Found https://www.exoterica.it/checkout/ (More Details) Known javascript malware: malware.injection?35.62 Malware Found https://www.exoterica.it/chi-siamo/ (More Details) Known javascript malware: malware.injection?35.62 Malware Found https://www.exoterica.it/exoterica/ (More Details) Known javascript malware: malware.injection?35.62 Malware Found https://www.exoterica.it/exoterika-studio/ (More Details) Known javascript malware: malware.injection?35.62 Malware Found https://www.exoterica.it/negozio/ (More Details) Known javascript malware: malware.injection?35.62 Malware Found https://www.exoterica.it/rituali/ (More Details) Known javascript malware: malware.injection?35.62 I downloaded the site locally via FTP but ESET on the PC does not detect anything on the pages locally. How do I proceed with remediation since the malware is obfuscated and a JS injection ? Kind regards Translated with DeepL.com (free version) Link to comment Share on other sites More sharing options...
AlfredoBenni 0 Posted March 25 Author Share Posted March 25 Where are the malicious scripts placed in JS ? I can't find them to clean up the files Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted March 25 Administrators Share Posted March 25 You can see the location in the Securi report. However, on the web server the code may be obfuscated, stored in a CMS db, etc. If you can't find it, you could contact Sucuri or another company that provides website cleaning services. Link to comment Share on other sites More sharing options...
AlfredoBenni 0 Posted March 25 Author Share Posted March 25 Please check these two images. I have the distinct impression that malware is lurking in here. I recently suffered an attempted attack by Chinese hackers who attempted to reset the password on the site and then left comments on these images. Very strange! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,306 Posted March 25 Administrators Share Posted March 25 Sucuri did not detect any malware now and I'm not getting any detection from ESET while browsing the site either. Appears to be clean now. https://sitecheck.sucuri.net/results/exoterica.it Link to comment Share on other sites More sharing options...
itman 1,760 Posted March 25 Share Posted March 25 32 minutes ago, AlfredoBenni said: Please check these two images. I have the distinct impression that malware is lurking in here. I recently suffered an attempted attack by Chinese hackers who attempted to reset the password on the site and then left comments on these images. Very strange! Web page looks OK to me; Link to comment Share on other sites More sharing options...
AlfredoBenni 0 Posted March 25 Author Share Posted March 25 Ok Thanks Link to comment Share on other sites More sharing options...
Recommended Posts