Hi there,
We have this where all links could not be clicked. We investigate this by looking at the modified date and found that all javascript (.js) files are tempered with this at the end of the file with this extra codes:
Code:
Only registered members can view the code.
With the help from https://matthewfl.com/unPacker.html and it translate into:
Code:
Only registered members can view the code.
The code is suspicious.
At this stage, we go through all js files and removed this line. BUT my question how the attacker can insert this line of extra code? Originally, we thought it was hosting site (CPanel) BUT then we moved to dedicated virtual machine and it's pretty secure so it looks like it's a code itself potentially.
The version that we have is Flynax 4.8.2.
We also document this on our blog: https://dewapost.com/2022/04/23/expl...n-the-website/
Any feedback or anything, we are appreciated it.
Thanks,
DCPartners