Spam pop-up
-
Hi, someone visited my blog from a link when it was shared on facebok and complained on lading on my blog post they got a spam pop-up claiming they had won a mobile phone.
My blog has adds but should it have pop-ups, and should it have spam ones? I didn’t think so but am worried incase my security is comprimised. I don’t mind adds but don’t want fake adds and pop-ups
Thank you.The blog I need help with is: (visible only to logged in users)
-
Hi @cathelinaalessandri
I checked with our ads team, and they said that we don’t intentionally serve ads like the one you’re describing. So there are two possibilities:
- Your site visitor had some external malware on their computer that was inserting spam ads into sites they visited
- Or, it could be that an advertiser in our network snuck that ad in temporarily before we caught it and removed it
If you see anything like this again, please make a screenshot and we will investigate.
-
I’ve also experienced this problem with a visitor to my site: rebeccafernandez.wordpress.com
It’s not a popup though, it’s a redirect that appeared once my site was completely loaded. It’s very, very unlikely that this particular visitor was affected by malware or DNS hijacking. Screenshot here.
-
That is definitely malware on the person’s device. ratarvis[.]info is a known malware attack – it’s actually the malware itself that’s giving a warning that the device is infected and if you click the button to install the app you basically give it complete access to your device:
https://howtoremove.guide/ratarvis-info-virus-iphone-remove/
On a computer (either Mac or Windows), I’d recommend also trying a program like Malwarebytes to remove any malware on the computer.
Note that’s it’s a myth that iPhones and Macs can’t get viruses and malware. All software contain vulnerabilities that can be exploited. The people who write malware and viruses have just never bothered with Macs because not many people were using them, but as Apple devices become more mainstream they’re increasingly being targeted in these types of attacks.
-
Hi Kokkieh and Coreymckrilla8c, I also have the problem on my WP site – kake2kale.com. So far, I have tried different iphone devices (by going to a cell phone store) and 2 different virus messages are consistently popping up. Surely, not all these devices are infected with the malware. I believe it’s either coming from the ads that are being placed on my site or the WP site is infected. It’s not the iOS devices.
One virus msgr is the about corrupting the battery and the other is from Premium.ios-offers.com about a jackpot. I have screen shots…who can I send these to? It seems to be happening with my last blog post.
Is WP working on this? Clearly, this is affecting many member sites. Can you scan my site for malware please? I sent a message to WP support and have heard nothing back.
-
When does this happen? When you type a link to your site directly into your mobile browser, or if you click on the link from another service like Facebook or Twitter?
We do not serve pop-up ads on WordPress.com at all – the only ads we show are the ones that appear at the bottom of a post if you view it in a browser. We’re looking into the possibility of one of our advertising partners having slipped these ads past us, but we’ve not found any evidence of that.
Your site is also not infected with malware. It’s not possible to infect a WordPress.com site with malware, as we completely block the types of code that Malware is written with on all WordPress.com sites, and every file you upload to your media library is scanned when you do it.
This is more likely caused by adware running in the Safari browser. Google “iOS pop ups” and you’ll find many reports of this happening on a variety of websites, not just WordPress.com. Ads like this have been showing up on iOS since at least 2014 from what I can find, but it appears to be on the increase in the past few weeks.
Both the “battery virus” and “premium-ios-offers” are known adware pop-ups that have been around for a while now on iOS devices.
Set your device to airplane mode and force-quit Safari. Restart Safari and completely clear the browser cache and history. Then disable airplane mode. Based on the articles I could find about this issue, that should stop the pop-ups from appearing.
For more info see https://discussions.apple.com/docs/DOC-8771 and https://dowser.org/your-apple-iphone-is-infected-by-6-viruses-remove/
-
Hi kokkieh, thank you for replying. It consistently happened when I open my website (type in my url) in a browser – Chrome or Safari – on an iphone. I’ve only tried it on an iphone. It seems to be that the either of the 2 pop-ups displays when I open my latest blog post and scroll down. Note that the WP ads are at the bottom of the post, which is why I think there’s a connection with the ads. These pop-ups are only coming up when I display my website. Other websites that I bring up in the browsers do not activate these pop-ups. Again, this leads me to believe it’s a problem with WP or the WP ads. I have done everything – closed the browser apps, cleared my cache, removed the browsers and reinstalled, and rebooted. Both Chrome and Safari have the No Pop-ups allowed turned on. The pop-ups still come up as soon as I bring up my website in the browser. As I said above, I went to a store that sells cell phones and tried it on their phones by opening my website in Safari and sure enough, the pop-ups are there. Again, it leads me to believe it’s the source is at the website, not the device. Why is it impossible to infect a wordpress.com site? I have also spoken to Apple support and they say it’s not possible for their devices to be infected. I heard of many WP sites being hacked.
-
The WordPress sites you read about being hacked are sites using the self-hosted software and who did not keep the software updated as they were supposed to.
On WordPress.com we use our own version of the software which, as I said above, does not allow the types of code that can make the site vulnerable to attack, and which can be used to inject malware into a site.
As I also said above, we’re investigating whether this might be related to our ads, but we’ve not been able to find any evidence of that yet. WordPress.com does not use pop-up ads, and those pop ups are not coming from any of our advertising partners.
-
Hi Kokkieh,
How do you explain that the adware or spam pop-ups are only coming up (looks like consistently) on my site and not other websites that I bring up in a browser, whether it’s on my iphone or other iphones? As I said, it can’t be the device since it’s not happening with many other websites that I’ve been browsing.
It seems to be connected to my site on WP.com. And, judging from other member comments in the forum, it’s also on their WP.com sites. Is it not possible that the malware is launching through the ads on WP.com in iOS devices, but unbeknownst to the advertiser and WP?
-
Hi Kokkieh,
I went back to our local cellphone store and entered my website URL on both Androids and iOs devices. I have 9/10 times replicated the problem on the iOs devices, not Android. On the mobile site homepage (with my homepage being a list of blog posts), the problem doesn’t show up. It shows up when I select and open any blog post, then scroll down to the bottom of the post where WP places the ads. Within a few seconds of sitting over or passing the ad boxes, the URL gets redirected to other sites and the adware pop-up are displayed. When I select ‘close’ the adware opens a new browser window with threats. It’s happening to both Safari and Chrome. So, thus far, I’ve proven and replicated that these adware pop-ups are happening in relation to ads in WP.com. If I don’t scroll down in a blog post, then nothing happens…at least so far.You need to try it, per above, for yourself. Please discuss this with your tech team…it’s clear to me after these tests that it’s related to WP code embedded on member sites for the purpose of ads, which may be compromised. We don’t have control of that ad space or it’s code so it’s the responsibility of WP to dig into this. I look forward to your reply!
-
As I’ve told you twice now already in this thread, we’re investigating it. I have not once said I don’t believe you that it’s happening. I’ve only told you it’s unlikely that it’s coming from us, and I gave you the reasons why. But we are investigating it.
Once I have more information I’ll update this thread accordingly.
Please try the steps I gave above to clear your browser data. You can also try these instructions from Apple to block pop-ups on your device entirely.
-
Hi Kokkieh,
As I said, I have been clearing the cache/history and I’ve blocked pop-ups, but none of that stops the problem from reappearing when I visit my site, open a blog post and scroll over the ads. The issue isn’t from any of the devices…it’s from the site.
I trust you understand that the real problem is not about me reading my own blog posts on my device. I’m only looking at my site on my iphone to trouble-shoot the problem. It’s an issue for my blog readers. This type of adware turns people off from our websites – they will be scared off by the threatening pop-ups and they will not return to the site. Therefore, it’s hugely important issue for WP fix…these spam pop-ups are negatively effecting members’ websites.
I am glad to hear that you are still investigating it and hoping for a quick solution.
-
@kake2kale – Rest assured that WordPressdotcom has every interest in ensuring that your site and the millions of other sites hosted here are secure. If you have any question whether your site is secure, you could run a website check at https://sitecheck.sucuri.net/
Do you or your site visitors have an antivirus program installed on your iPhones? If not, you may wish to consider installing one. It’s unfortunate, but iPhones are no longer immune to mal/adware in spite of what Apple support told you.
-
Hi JustJennifer,
Allow me to remind you about some key points. Looking at the proof (outlined above) from me replicating the problem over and over again on multiple devices, it’s not the device. If it was the device, the adware and malware would show up with every site that I visit. This is not the case. Thus far, it’s only showing up when I browse my WP site open a blog post and scroll down over or pass an ad that WP has placed. I haven’t tested other WP.com sites because I don’t know any off hand. Have you and your colleagues tried it on your iphones?
I have used at least 6 different site checks and they claim my site is not infected. BTW, Sucuri is not foolproof…I’ve known a site or two that was infected and Sucuri did not pick it up. That aside, assuming the site checks are correct then that is why I pointed out that it could be coming through the ads. They may be hijacked by some clever malware that may not be entrenched on my site but coming through the ad placements. I am hoping your tech team is checking the vulnerability of those ads?
As a side note, just as WP insists that it’s not possible to infect a WP.com site; Apple insists their devices cannot be infect by a virus and do not need antivirus apps. Many articles support this. Anyways, this is not relevant – going back to the start of my message, if there was a virus on my device that the adware would be appearing on all the sites I was browsing…again, this is not the case. So, it’s not the device.
- The topic ‘Spam pop-up’ is closed to new replies.
WordPress.com Forums 