WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Unwanted Ads Suddently Overlaying My Images (26 posts)

  1. goldferris
    Member
    Posted 2 years ago #

    Hey, guys!

    So, I visited my blog today to find that the pictures are being overlayed with ads. This isn't something I installed or anything I want, so it must be a sort of virus/hijacking of my blog. You go to any post and an ad will pop up over the bottom of the picture.

    Here's my website so you can see it in action:

    http://www.makeupfiles.com/

    As far as I can tell, it only happens from within the posts, so click on any of the posts to see it. And, when I view the source of the ad, this is what it looks like:

    <div id="corticaFcl" style="text-align:right;width:16px;height:16px;position:absolute;top:0;right:0;display:block;z-index:999999;cursor:pointer;" onclick="javascript:hideDiv(this);">
    <img src="http://srv.overlay-ad.com:8080/adserver/static/overlay/close.png">
    </div>
    <script type="text/javascript">
    function hideDiv(obj){
    obj.style.display = 'none';
    	if(document.getElementById("corticaInnerDiv")){
    		document.getElementById("corticaInnerDiv").style.display = 'none';
    	}
    };
    </script>
    
    <div id="corticaInnerDiv" style="position:absolute;top:0;left:0;height:75px;width:100%;border:1px solid #BABABA;">
    <div style="background: #666666; background: -moz-linear-gradient(top, #666666 0%, #000000 100%);
    background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#666666), color-stop(100%,#000000));
    background: -webkit-linear-gradient(top, #666666 0%,#000000 100%);
    background: -o-linear-gradient(top, #666666 0%,#000000 100%);
    background: -ms-linear-gradient(top, #666666 0%,#000000 100%);
    background: linear-gradient(to bottom, #666666 0%,#000000 100%);
    filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#666666', endColorstr='#000000',GradientType=0 );
    background-color:#333333;
    height:75px; width:100%; opacity:0.8; filter:alpha(opacity=80);"></div>
    
    <div style="border-bottom-width:0px;border-bottom-style:solid;border-bottom-color:#fff;position:absolute;left:4px;top:4px;right:4px;bottom:4px;">
    
    <div style="text-align:center;float:left;height:49px;width:49px;padding-top:0px;"><img src="http://srv.overlay-ad.com:8080/adserver/static/images/empty/iStock_000019473221XSmall.jpg" style="width:67px;height:67px;cursor:pointer;" onclick="window.open('http://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');" /></div>
    
    <div style="">
    <div style="color:#D9D919;font-family:Verdana,Geneva,sans-serif;font-size:13px;font-weight:bold;line-height:14px;vertical-align:middle;width: 100%;position:relative;left:32px;top:0;cursor:pointer; white-space:nowrap;padding:4px 0 0 0px;cursor:pointer;" onclick="window.open('http://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');">play games on your PC</div>
    
    <div style="font-family:Verdana,Geneva,sans-serif;font-size:13px;line-height:15px;font-weight:normal;color:#FFF;padding:2px 0 0 0px; margin-right:40px;position:relative;left:32px;top:0;white-space:normal;cursor:pointer; max-width:300px; height:32px; overflow:hidden;" onclick="window.open('http://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');">Enjoy a large variety of cool and fun games for your PC</div>
    
    <div style="font-family:Verdana,Geneva,sans-serif;font-size:13px;line-height:12px;font-weight:normal;text-decoration:none;color:#F90;padding:0px 0 0 50px;width: 90%;position:relative;left:32px;top:0;cursor:pointer; height:20px; overflow:hidden;cursor:pointer;" onclick="window.open('http://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');">game4free.com</div>
    
    </div>
    </div>
    </div>

    I have no idea where this came from or where I can find it in my code to remove it. Anyone have any idea?

  2. goldferris
    Member
    Posted 2 years ago #

    Okay...I'm starting to think this isn't a problem with my blog and is instead a virus (or similar) connected to Firefox. I've now seen the same ads on other websites, and it doesn't show up on my blog when I try it in Chrome.

    So, this isn't a WordPress problem. But, if I find a solution, I'll let you know anyway.

  3. goldferris
    Member
    Posted 2 years ago #

    I couldn't figure out what was doing it, but I reset Firefox to defaults and the problem went away. Resolved!

  4. dominic Singh
    Member
    Posted 1 year ago #

    I Found the same problem with my blog today ..after installing better wp security ..did you do the same ? the ads are annoying though

  5. jlixerkun
    Member
    Posted 1 year ago #

    Annoying situation.
    I'm having the same issue with all images inside posts and pages, also with featured images.

  6. jlixerkun
    Member
    Posted 1 year ago #

    In a very naive attempt to rid the site from this annoying ads i created a set of css rules in my stylesheet. I guess it'll work for the time being

    div#corticaInnerDiv{
    	display:none !important;
    }
    div#corticaOF0{
    	display:none !important;
    }
    div#_STP_slsdiv{
    	display:none !important;
    }

    Oh, and BTW I believe this is browser-independent

  7. AJaegle
    Member
    Posted 1 year ago #

    Same thing is happening on my website. Is it a virus?

    http://www.musicalertsnow.com

  8. lazyink
    Member
    Posted 1 year ago #

    I also had the same problem, so I started turning off any new extensions I installed. I found one called: Fast Save v1.1 ID: cfjjohldijabngglooemkchgjeidlhnf

    I turned this off and everything seems to be back to normal. I don't remember installing this extension and I can find no info on it in the Chrome web store.. so a virus it must be!

  9. cookiect2003
    Member
    Posted 1 year ago #

    I am having this problem on my Joomla site. I believe it was an sql injection attack. I have gzipped my remote contents and am downloading now. After I analyze and fix the problem, I'll post a fix for wordpress.

  10. cookiect2003
    Member
    Posted 1 year ago #

    @lazyink, the question is what flaw in our websites allows this extension to attach itself to our images?

  11. cookiect2003
    Member
    Posted 1 year ago #

    @jlixerkun, It's not naive at all. Now that we've established this problem to be caused by a malicious Chrome extension, your css rules will hide these ads from visitors who unknowingly have the "Fast Save" extension installed. :-D

  12. jazz363
    Member
    Posted 1 year ago #

    So how can we stop this @cookiect?

  13. cookiect2003
    Member
    Posted 1 year ago #

    for now, uninstall the offending extension from your browser; on mine it was called "Fast Save"

    But others with that extension installed will still see ads on your site so we use jlixerkun's CSS rules to hide the ads.

    We need to place this CSS code:

    div#corticaInnerDiv{
    display:none !important;
    }
    div#corticaOF0{
    display:none !important;
    }
    div#_STP_slsdiv{
    display:none !important;
    }

    ideally, in our template header.php file; but, sometimes wordpress template authors make this hard to find. In that case, place that code in your main stylesheet.

  14. in2photos
    Member
    Posted 1 year ago #

    I just noticed it today on my site so disabled fastsave which solves it for me on Chrome. Will wait for some update from WP which fixes this without having to hack my theme. Thanks everybody for working on this.

  15. techstar
    Member
    Posted 1 year ago #

    If this is indeed a virus, lets all list our OS and browser/version because I think it has just happend to me on a Cargo Collective site which does not use wordpress.

    Mac OSX 10.7.3
    Google Chrome 20.0.1132.57

    It looks like the culprit host is click-srv.com although I cannot find any code on my wordpress files or within the database, did an egrep on click-srv and nothing shows. That's why I believe it may be a cookie or some javascript.

  16. To-mos
    Member
    Posted 1 year ago #

    Ok it's not a virus, it's not an sql injection the fact it disappeared after a reset means it is client side. To set the conversation straight it is a plugin/addon depending on what browser your on. If you on firefox remove the quick save addon if you on chrome get rid of the quick save extension.

  17. jlixerkun
    Member
    Posted 1 year ago #

    I was experiencing the issue with google Chrome, and had delicious bookmarks add-on. I simply uninstalled the whole thing and then re-installed it.
    Will continue to use the code in the css for now on, can't hurt nobody after all, huh?

  18. AJaegle
    Member
    Posted 1 year ago #

    Okay so I think I got it. As far as my site, I added the code and it did the job:

    div#corticaInnerDiv{
    display:none !important;
    }
    div#corticaOF0{
    display:none !important;
    }
    div#_STP_slsdiv{
    display:none !important;
    }

    I then noticed that I was getting popunders on the text of my ads. I went into my browser extensions and eliminated the addon that was causing them. I guess this is a browser issue.. I've since noticed that every site I saw with the unwanted ads have disappeared.

  19. To-mos
    Member
    Posted 1 year ago #

    You shouldn't even add code to fix it, it is a client side virus. That means it isn't even on your site and the ads will overlay on everyone's site, even google image results has the ads if the person has the virus. Adding the code just makes it that much harder to track down the virus to being inside the browser. Its like you have a glowing ball and you put a cover on it with duct-tape.

    @ AJaegle: I already solved the issue for people it is a browser extension that hijacks <img> tags.

  20. jlixerkun
    Member
    Posted 1 year ago #

    @To-mos

    Adding the code just makes it that much harder to track down the virus to being inside the browser. Its like you have a glowing ball and you put a cover on it with duct-tape.

    HA HA HAH! Thank you very much for your putting my

    naive attempt
    so brilliantly into words, I liked your analogy a lot!

  21. To-mos
    Member
    Posted 1 year ago #

    Haha glad you appreciated it xD. I really try to put things like that into perspective. When I'm teaching students about web-coding and any other code for that matter, I try my hardest to give a visual representation or analogy of the event or explination.

  22. mlmnewsblog
    Member
    Posted 1 year ago #

    Guys there is nothing wrong with your sites and blogs.

    all this is happening due to a Chrome extension called Fast save 1.1
    ID: apfldfpppomcomboincaiiphebcofigd

    Just uninstall it and the problem with be gone and please do not make any kind of change to your CSS.

    This extension has already been removed from Google Chrome extensions.

    I hope this solves the problem.

  23. To-mos
    Member
    Posted 1 year ago #

    @mlmnewsblog We already figured it out buddy.
    "If you on firefox remove the quick save addon if you on chrome get rid of the quick save extension."-To-mos

  24. kiddychang
    Member
    Posted 1 year ago #

    Just had a similar problem with Chrome using XP. My WordPress kept showing banners but only in Chrome. So I did the obvious and ran a quick virus check and found an infected cookie. It's been resolved and all is fine!

  25. GuitarLicksAndTabs
    Member
    Posted 1 year ago #

    I am having this trouble on both firefox and chrome, and do not have the above mentioned "quick save" nor "fast save" addons or extensions.

    Running a full virus scan found nothing.

    Anyone at all know what to do with the problem?

    my site: http://guitarlicksandtabs.com/

    Thank you.

  26. billy-not-happy
    Member
    Posted 1 year ago #

    This is likely the solidsaving malware or a variant

    For Windows, look in Control Panel for application of same name and uninstall the sucker.

Topic Closed

This topic has been closed to new replies.

About this Topic