inject.preload.js - An issue with removal after the July 18 attack

5 Posts

erprzezo Reply #1, 6 years, 7 months ago

Hello,

I have a problem after the hacker attack of 18 July on my MODX system, I managed to recover a slightly-revived backup from July 20, update to the MODX version 2.6.5-en, and delete infected files. One thing I have to remove manually, unfortunately I can not find it. It's about the entry in the file invocation code: inject.preload.js, someone had such a problem, please help me.

Screen from the console:

☆ A M B ☆
31 Posts

Jens Wolff Reply #2, 6 years, 7 months ago

Try to rightclick the filename and open it in a new tab. Then you can see where this file is located via the URL which gets loaded.

Perhaps that helps.

Good Luck!
Jens

5 Posts

erprzezo Reply #3, 6 years, 7 months ago

The way you mention it will not do anything because it's not about locating files. Files do not exist anymore, they have been dropped from the server. There is a call somewhere in the code, I infected the infected files from the server so I get an error. I checked the code of the page, can they be called from the database, for example?

Had anyone had such a problem?

As I open in a new window, it generates such a strange address:
blob:http://biofeedbackgdansk.pl/89dd6005-2d11-474e-a243-ddcd8304b24b

108 Posts

argonaut2k Reply #4, 6 years, 7 months ago

It's not problem of MODX, more https://stackoverflow.com/questions/50849510/inject-preload-js-failing-to-load-a-file-in-chrome-from-my-dev-environment