One of my sites (https://catareno.com) is showing some weird js being called up. It looks like advertising from Oracle. I’ve eliminated most everything (plugins, themes, etc) but still see it.
s7.addthis.com
z.moatads.com
Maybe an infected graphic> Any ideas?
Looks like the script that adds it is a Cloudflare App at, https://catareno.com/cdn-cgi/apps/body/EA3IhcrzvbSNMdOgfFL35GAzfio.js
Check over the Cloudflare Apps you have installed on your domain, you can find them in your zone/website in the Cloudflare Dash, under Apps → Installed apps, or via this magic link: https://dash.cloudflare.com/?to=/:account/:zone/apps/installed-apps
I would remove any you don’t recognize.
It looks like the specific app injecting this script is “Share Buttons” by AddThis.
Exactly right. No idea how that got installed but it must have been user error. I don’t install any apps on any sites.
Thanks Chaika – I was getting close to reviewing CF but not quite there.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
