I am facing an issue where unwanted JavaScript code is being injected into my Magento 2 CMS static blocks. Every time I manually remove this obfuscated JavaScript code from a static block, it reappears automatically after about 5 minutes.
Steps I Followed:
- Navigated to Content → Blocks in Magento 2 admin.
- Edited the affected static block and removed the injected JavaScript.
- Saved the block.
- After a few minutes, the unwanted JavaScript was injected back into the block.
Troubleshooting Done:
- Checked the
core_config_datatable to see if any suspicious scripts are stored in the database. - Scanned Magento files for possible malware injections.
- Reviewed Magento logs (
var/log/system.log,var/log/exception.log) but found no relevant errors. - Disabled third-party extensions temporarily to see if any extension is causing this issue.
- Checked for any automated cron jobs that might be modifying the CMS block content.
Possible Causes I Suspect:
- Malware Infection: There might be a malicious script running on the server injecting this code.
- Compromised Admin Account: A script or extension might be modifying CMS content using Magento’s API.
- Database Injection: The JavaScript could be stored directly in the database and injected whenever the page loads.
My Questions:
- How can I prevent this JavaScript from being re-added to my CMS blocks?
- Are there any specific Magento logs or database tables I should inspect further?
- Has anyone encountered a similar issue before, and what was the resolution?
Any guidance would be greatly appreciated! Thanks in advance.