Urgent: Malicious Script Injection Only on HTTPS (Cloudflare Issue?)
Hey everyone, I'm facing a serious issue with my website, and I need help identifying the cause.
- My website is https://americadelsurtours.com and it's behind Cloudflare.
- When accessing the site over HTTPS, a malicious script is injected into the page.
- The script attempts to fetch data from data-seed-prebsc-1-s1.bnbchain.org and runs obfuscated JavaScript.
- However, when accessing http://americadelsurtours.com (without HTTPS), the script does not appear.
- I have checked my Nginx configuration, SSL certificates, and server files (/var/www/html/index.html), and the script is not present on my server.
- Running curl -s -k https://americadelsurtours.com | grep -i "data-seed-prebsc-1-s1.bnbchain.org" confirms that the script is being injected only when using Cloudflare HTTPS.
