Javascript Injected Into tag
-
I’m not sure if this is an appropriate post for this forum. If not, please let me know. But I could use some help.
I’m running several sites on a single Grid at MediaTemple. Most of them are WP and are running WordFence. There are a couple older sites that are Drupal and 2 that are hard coded (html/php/css – one has mysql). Could it still be a hack in WP or Drupal?
All of my sites seem to have javascript injected into the <head> tag. I have tried it using Firefox (my main browser), IE and Edge. All 3 show the same. So it doesn’t seem to be browser related.
I tried it on my android phone and it isn’t there. I tested it on my laptop and it is there (using Firefox).
I have found the same script on 2 other sites that don’t appear to be on the same hosting platform, but most sites I’ve checked don’t have it.
MediaTemple says it’s not the server, that I likely have a hacked site or browser. But it seems server related somehow to me. Unless it is my ISP or my router.
So, a couple of questions.
1) Where is it coming from (and how can I get rid of it)?
2) What is it doing?
On the site it is all in a single line, but I tried to prettify it to make it more readable.
<script type="text/javascript"> /* <![CDATA[ */ Math.random=function(a,c,d,b){ return function(){ return 300>d++?(a=(1103515245*a+12345)%b,a/b):c() } }(237429089,Math.random,0,1<<21); (function(){ function b(){ try{ if(top.window.location.href==c&&!0!=b.a){ var p=document.createElement('a'); p.href=c; var len=p.hostname.length; var sep=''; var path=p.pathname; if(p.hostname.charAt(len-1)!='/'){ sep=(p.pathname.charAt(0)=='/')?'':'/'; }else{ if(p.pathname.charAt(0)=='/'){ path=p.pathname.slice(1); } } c='http%3A%2F%2F'+p.hostname+sep+path+'%2F'; var a=-1!=navigator.userAgent.indexOf('MSIE')?new XDomainRequest:new XMLHttpRequest; a.open('GET','https://1.2.3.4/cserver/clientresptime?cid=CID5460105.AID1492092648.TID387&url='+c+'&resptime='+(new Date-d)+'&starttime='+d.valueOf(),!0); a.send(null); b.a=!0 } } catch(e){ } } var d=new Date,a=window,c=document.location.href,f='undefined'; f!=typeof a.attachEvent?a.attachEvent('onload',b):f!=typeof a.addEventListener&&a.addEventListener('load',b,!1) })(); /* ]]> */ </script>
-
Hello,
Here is an interesting resource that I found. It has a staff member from HughesNet ISP confirm that the same code that you have is a normal function of their modem web acceleration feature and it measures web response for http so that they can continuously improve their service:
I would speak to you internet service provider to see what they have to say.
- The topic ‘Javascript Injected Into tag’ is closed to new replies.
