xpindia Posted September 27, 2018 Share Posted September 27, 2018 (edited) Is this a backdoor script, it suddenly pops up when i click on one of the links eg modules link in the admin panel, theres a pop up and i am redirected to a new page not belonging to my site. http://1bcde.com/imp/6933/?scontext_r=Fmn43Me0ewWdbW2K2G6NirK0OP4LIgs*4DYoaUR8KF5tVhiEfXIug3HCR9HZMkh9zjnN04Fwbett3nnvSRu6somqKjB_ui0PTaKHMr4bb_x3iqbOppv3HJulvKNW4UvYIAbR5VG34Gsu7Y0YMY3*nA&md=weiEmI6YjNxkDLiMnI6ISM1MjN4hjN0ICLiImI6ISM5IDM4lDM0ICLiInI6IiIsICaioTMzATMsICbiojIl5WLVNlIsICdioTLzMDMsIieiozNzcDLismI6QTf Edited September 27, 2018 by xpindia (see edit history) Link to comment Share on other sites More sharing options...
Soyons Solidaire Posted September 27, 2018 Share Posted September 27, 2018 HI, you have a proxy install ? Link to comment Share on other sites More sharing options...
xpindia Posted September 28, 2018 Author Share Posted September 28, 2018 hi, no there is no proxy used. Link to comment Share on other sites More sharing options...
jstillings1 Posted October 8, 2018 Share Posted October 8, 2018 It appears to be a licensing token for the module sent off to the dev to ensure it is paid up. But if your seeing a site that the module author is not in control of then that is a Xscript hack and was injected into the link that used to be there. I checked the root URL.. Yup that is a Xscript attack:) Get mod security installed and Clam AV if you dont. already. Note if your on shared hosting it could be coming from a buddy on the share:) Shared hosting scares me. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now