0

I have a bit of HTML that seems to getting injected into my site. I have checked the skin html, the modules on the page (settings and develop) and the page settings withing and I can't see where it is coming from.

As A work around I am trying to add some jquery to remove it. However I think the html is coming from one of the jquery files in one of the modules added. The site has too many modules to look at so it's like looking for a needle in a haystack.

My issue is when i try to hide this and the following is the last element within the body tag.

<div style="font-style: normal; font-variant: normal; font-weight: normal; font-stretch: normal; font-size: 0px; line-height: normal; font-family: 'Trebuchet MS'; color: #333333;">
  <li> <a href="http://www.hatayescortbayanim.com" rel="dofollow" title="hatay escort"> hatay escort </a>
  </li>
</div>

I use the following jquery

$(document).ready(function() {  

  $("html > body > div > li a[href$='www.hatayescortbayanim.com']").parent().parent().empty();

});

or 

$(document).ready(function() {  

  $('body > div:last-child').remove();

});

It does not work.........as it is not the last thing to load. What is the last .js file to load with DNN?

I want my custom fix to run last. Alternatively how can I track where the unwanted HTML is coming from? I have done a search through all of the files for 'hatay escort' but i'm having no luck. Any help would be greatly appreciated.

Jason P
  • 26,984
  • 3
  • 31
  • 45
user1379916
  • 49
  • 7
  • 1
    Have to made sure it isn't being injected on the client side if you are only checking this on one computer? – charsi Aug 15 '16 at 14:02
  • This happens from the server so it doesn't matter which computer I view it from. I have even looked through the sql to see if it may be contained in one of the tables – user1379916 Aug 15 '16 at 15:12

2 Answers2

0

This sounds like the DNN upgrade hack.

Please read

https://support.managed.com/news/1125/dnn-install-wizard-vulnerability-resurfaces-users-encouraged-to-address-immediately.aspx

and

http://www.dnnsoftware.com/community-blog/cid/155362/critical-security-update--please-read

On those pages are also instructions on how to remove an prevent those hacks in the future.

VDWWD
  • 35,079
  • 22
  • 62
  • 79
0

Hi all thanks for trying to help.....in the end the offending HTML snippet was held in the Default.aspx file. I have no idea how it got there but will be changing the host password. In addition I am about to upgrade my DNN to the latest and greatest.

user1379916
  • 49
  • 7