Anyone else getting weird pop ups or malware warnings while coming to this blog? I've gotten a couple emails about it.
Not sure how to correct this problem.
Suggestions welcome.
Friday, June 12, 2015
Interwebs
Subscribe to:
Post Comments (Atom)
15 comments:
Web developer here. I just looked at the code on the site and I didn't see anything that looks suspicious.These kinds of things can occur when a site is compromised and an malicious Javascript and/or iframes are inserted into code without the site owner knowing.
I didn't see either of these on Pumpkinrot. This indicates that people seeing strange popups/messages probably have other issues going on (virus on their computer, etc.) but it's not related to your site.
Happy Halloween!
Jonathan
Thanks for looking at my code.
I went to my blog on my old laptop and got a suspicious "You need to update your version of media player" pop up and that was the same thing experienced by another blog reader who mentioned this issue to me.
Jonathan,
Just got this from a blog reader... this is the exact pop up I got:
Important update. You should update your Media Payer immediately.
The URL is
http://nwrzz.domainstall.6083.info/?sov=1062780699&hid=cescsoksekeg&redid=9526&gsid=22&id=XNSX.wACAMHHKB2LG9ETK04GS2JQG%3A%3Aronvertical2-r9526-t22
Though I feel like I'm infecting the world by including that link!
I was just writing to say I spoke to soon. I didn't get anything on the main page but I did get the redirect when I clicked through to a blog post page.
Still digging...
Was just clicking on the comment link to say that I haven't seen anything then there it was. Same error message and URL for me as well.
I got the same Media Player pop up when I clicked to view this page of comments.
Thanks, all!
Really appreciate the feedback.
I think this is the result of a malicious script called prestosavings.js.
I can see this script attaching an event listener to links on your site, which it's probably using to perform the redirect. I can't actually see where the script is being included from yet.
Do you have access the the template files of your site? I think there is some rogue PHP code that has been inserted that's resulting in this script being included. If you trust me to take a look, I'll be glad to see what I can find.
At any rate I would go ahead and change my Blogger password as a precaution.
care to shoot me an email at:
rot@pumpkinrot.com
?
I removed the statcounter widget.
Hopefully that was the cause.
If anyone still gets that popup, please let me know.
Thanks.
Here I am a day late and I clicked on a couple links and didn't see anything odd. Hopefully it got fixed!
Thanks for checking.
Hopefully it's fixed.
Nothing here either, Rot.
I've never had any problems like that with your site. =] Sorry to hear it's been happening for other peeps.
Very strange.
No idea what it was.
No help yet from blogger, so I deleted my statcounter widget since it's the only outside party widget on my site.
Post a Comment