Added cdn-cgi script on my page


#1

Just yesterday I noticed my web site pages had a code added. I thought perhaps my site had been hacked,

so I looked at my files and found infected .php files that someone upload on my ftp.

I removed the malicious .php file.

Unfortunately could not look what was in the php file because my antivirus software prevented it: message (PhpSpy.A Trojan)

But still now i get an malicious (popup) that these files caused before.i dont get rit of it!


List of javascripts included

/cdn-cgi/scripts/cf.challenge.js

/cdn-cgi/scripts/cf.common.js

/cdn-cgi/scripts/zepto.min.js


List of iframes included

https://www.google.com/recaptcha/api/fallback?k=6LfBixYUAAAAABhdHynFUIMA_sa4s-XsJvnjtgB0


If i deactivate cloudflare cdn the codes will not be executed, only via active cloudflare cdn.

Im using vbulletin 4.2.0 and php version 5.3.29

Urgently need help. Thanks!


#2

Can you post the URL where you found these links? I’d expect these files to be included only when the challenge is displayed.


#3

This topic was automatically closed after 30 days. New replies are no longer allowed.