A recent exploitation happens in several Madara sites surprise us. The malicious code added this script (https://gdpr.web0.eu/scripts/cookie.js) to the site and causes many popups & redirection. The code is added to many .php files, .js files and also in the Theme Options data.
We conducted the investigation immediately and find out that the attack aimed specifically at Madara-based sites (because of the popular of Madara?). Here’s to clean your site and fix the issue:
- Clean your site as guided in this article Then, remember to check all settings in the Theme Options > Advertising fields and remove the malicious code
- Update Madara to 220.127.116.11
- Review your administrator accounts, remove strange accounts and change your own password
- Important: if you are using a child theme and override the Search page, remember to update your child theme “madara-core/manga-search.php”
If you need more help, do not hesitate to contact us via our Support Forum https://mangabooth.ticksy.com