ian
CDCloudflare Developers
•Created by ian on 3/13/2025 in #general-help
Urgent: Malicious Script Injection Only on HTTPS (Cloudflare Issue?)
Hey everyone, I'm facing a serious issue with my website, and I need help identifying the cause.
- My website is https://americadelsurtours.com and it's behind Cloudflare.
- When accessing the site over HTTPS, a malicious script is injected into the page.
- The script attempts to fetch data from data-seed-prebsc-1-s1.bnbchain.org and runs obfuscated JavaScript.
- However, when accessing http://americadelsurtours.com (without HTTPS), the script does not appear.
- I have checked my Nginx configuration, SSL certificates, and server files (/var/www/html/index.html), and the script is not present on my server.
- Running curl -s -k https://americadelsurtours.com | grep -i "data-seed-prebsc-1-s1.bnbchain.org" confirms that the script is being injected only when using Cloudflare HTTPS.
This makes me suspect that either Cloudflare is compromised, or there is an unknown misconfiguration. Has anyone encountered this issue before? Any ideas on how to fully debug and fix this?
125 replies