RUM (Real User Monitoring) JS code in website
Solution 1
It looks like my webhost was adding the code. They only admitted it after I had spoken to three people. The first one denied everything and was blaming me for "bad code or bad scripts". Finally, a senior manager told me it was for benchmarking purposes they had added the script to my website.
I really don't like this, I'm very sure they can't do that without letting me know, so I'm looking into taking further steps.
Solution 2
It's part of New Relic's Real User Monitoring feature (either you or your host have installed New Relic on your server).
The JavaScript injected for Real User Monitoring collects timing information in the browser that contains details to identify the specific app and the web transaction processed on the backend, as well as how time was spent in the app for each request. When a page completes loading in an end user’s browser, RUM sends the information back to New Relic asynchronously, so it doesn’t affect page load time. RUM uses the IP address to resolve the geographic location of each request.
https://newrelic.com/docs/features/how-does-real-user-monitoring-work
randomizer
Programming in PHP and Javascript. Photographer and graphic design.
Updated on July 06, 2022Comments
-
randomizer almost 2 years
I suddenly discovered some weird code in my websites:
<script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()]);</script>But I never implemented this in my code and suddenly it's there.
Is there any way this has been hacked some way into my website? Or what can cause this weird code?
UPDATE:
I just deleted all my code and added an index.php file with these contents:
<html> <head> </head> <body> test </body> </html>When I look in the source, the following code is shown:
<html> <head> <script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()]);</script> </head> <body> test <script type="text/javascript">if(!NREUMQ.f){NREUMQ.f=function(){NREUMQ.push(["load",new Date().getTime()]);var e=document.createElement("script");e.type="text/javascript";e.src=(("http:"===document.location.protocol)?"http:":"https:")+"//"+"d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js";document.body.appendChild(e);if(NREUMQ.a)NREUMQ.a();};NREUMQ.a=window.onload;window.onload=NREUMQ.f;};NREUMQ.push(["nrfj","beacon-3.newrelic.com","0320653fc3","2194086","YAFRYxcHXUYCBUdQWVlLZkUMSVpbBwNLF0ZfFA==",0,1,new Date().getTime(),"","","","",""]);</script> </body> </html>UPDATE 2:
What I have tried so far:
- deleted all my files and just added a php file with a simple html layout
- copied all my webspace files to my local dir: THE SCRIPT IS GONE!
- disabled all kind of services in the control panel of my host
- My webhost says they don't put code in webfiles, but it seems they do because I can not think of any other scenario to try. I also tracked other websites hosted via this company and a lot of websites have the code in their source too!