Hello CloudFlare Community,
I’m having a problem with my site that, so far, has been impossible to diagnose and fix. The site is https://travelersfreeclassifieds.com and another support tech, from PayPall, just sent me code taken from my site, as he views it, which is not at all similar to the code I uploaded to the hosting servers.
The PayPall payment button is inactive in Live mode, but worked perfectly in Sandbox mode. The tech sent me a screenshot (see attachment) that has an Iframe and other code that is not apart of my site. He stated that this code, the Iframe, is what is preventing the button from being active. To make things worse, there are no error messages being generated.
The strangest thing about this situation is that when I go to the cart page and view the source code, the code is exactly what I uploaded to the hosting server. And when I search all my files on the hosting server, the “<iframe name=…” and “data-gr-ext-installed…>” and “<gramarly-desktop-integration…>” code do not exist anywhere in the files.
It occurred to me that this may be injected at some point beyond the hosting server and before the client machine that made the page requests, so somewhere or some platform outside of the normal scope of web development. This is the first time I’ve employed a CDN as a security layer and I’m not very familiar with the application or stack of applications used by CloudFlare. I would like to be able to view my site pages as cached to see if the malicious code is within the files. How do I go about doing this? Also, is it possible for someone to hack my CloudFlare account? Thank you in advance for your assistance on this issue.