Thanks Alex! that's a very thorough analysis.
I found this post on Reddit:
"... spent over an hour with Weebly to discover that a template I was
using on one of the sites was compromised. Changing the template removed
the redirecting code."
-jake
On Thu, May 2, 2024 at 2:01 AM Alexander Papazoglou via sudo-discuss <
sudo-discuss(a)sudoroom.org> wrote:
Hello,
I found two <script> elements that produced the ads in the html for
www.counterculturelabs.com.
One is:
<script async
src="https://js.onclckmn.com/static/onclicka.js"
data-admpid="171393"><script type="text/javascript">
and the other is
<script type='text/javascript'
src='//abashfireworks.com/35/f1/c2/35f1c209595f2fcdf8f067a0f5e11d09.js
'></script>
There are other suspicious lines, like:
<link id="wsite-base-style" rel="stylesheet"
type="text/css"
href="//cdn2.editmysite.com/css/sites.css?buildTime=1714421746" />
and I'm sure there's more.
Looks like your site is managed by Weebly. Either your credentials
have been compromised and someone has access to your site, or Weebly
has been compromised in some way.
Log into Weebly and check the edit history.
Alex
On Wed, May 1, 2024 at 1:28 PM Edwinsaurus via sudo-discuss
<sudo-discuss(a)sudoroom.org> wrote:
Can someone who knows malware please check out the CCL website:
https://www.counterculturelabs.org/
There appears to be malware generating pop ups infecting the site.
I'm sure that someone at Sudo will know exactly what bugspray to use,
thanks.
_______________________________________________
sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org
To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org
More options at
https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/
_______________________________________________
sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org
To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org
More options at
https://sudoroom.org/lists/postorius/lists/sudo-discuss.sudoroom.org/
_______________________________________________
sudo-discuss mailing list -- sudo-discuss(a)sudoroom.org
To unsubscribe send an email to sudo-discuss-leave(a)sudoroom.org
More options at