It’s long time I am didn’t not upgrade my moodle , right now I use 1.9 , looked the web for a while there nothing change. I login using admin user and browse some admin menu. Something weird happen , when I click a menu , it’s redirected to facebook, before redirected it show address I google it and found it’s adware site.

I guess my google chrome infected with some adware, I did clean the browser , reset the setting. scan with malwarebyte & adwcleaner nothing suspicious found.I  did upgrade moodle from 1.9 to 2.2 , 2.2 to 2.8 and 2.8 to 2.9 and the Ads on my moodle still running. I look on moodledata folder delete all file on it and the Ads still appear.

I believe that ads appear triggered by javascript, and that what I miss i didn’t look on database. I guess there some function injected on database so I search with keyword “function” and I am wrong. On some “Discussion Intro” title there a javascript loader , it’s load script from another web. The solution¬†is just search “.js” on my database , then delete the javascript loader.