How to remove this scam popup

Resolved aages
(@aages)

3 years, 2 months ago
On our website I am new to WP an getting this popup – how to remove as I have tried everything.

Here is a link of the screenshot – https://radio-alanya.no/Screenshot_20220330_134704.png
- This topic was modified 3 years, 2 months ago by aages.
- This topic was modified 3 years, 2 months ago by aages.
- This topic was modified 3 years, 2 months ago by aages.

Viewing 15 replies - 1 through 15 (of 53 total)

1 2 3 4 →

Clarus Dignus
(@clarus-dignus)

3 years, 2 months ago
Figure out which plugin is causing the pop-up by deactivating your plugins one by one.

As a temporary quick fix, you could try adding this to your stylesheet:
```
#lp-confirm{
    display: none !important;
}
```
If you don’t know how to manually add this code to your stylesheet, use a plugin:

https://wordpress.org/plugins/simple-custom-css/
- This reply was modified 3 years, 2 months ago by Clarus Dignus.
lisa
(@contentiskey)

3 years, 2 months ago

scan for Malware: https://sitecheck.sucuri.net/

Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

3 years, 2 months ago

That sure looks like a hack to me. Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Thread Starter aages
(@aages)

3 years, 2 months ago
this does not work at all when i put it in style.ccs

#lp-confirm{
display: none !important;
}
- This reply was modified 3 years, 2 months ago by aages.
Clarus Dignus
(@clarus-dignus)

3 years, 2 months ago
Try:
```
body #lp-confirm.lp-confirm-style4{
display: none !important;
}
```
Using the inspector (like in the screenshot you provided), confirm if the above CSS is being applied or overridden.

I can’t view your style.css file because your WP Fastest Cache plugin uses a different stylesheet:

https://radio-alanya.no/wp-content/cache/wpfc-minified/5hzxh0e/4bcly.css

If you make changes to style.css, do the changes take effect immediately? Try this and refresh your browser a few times:
```
#main #main-content {
    background: red;
}
```
Is the background color of your page now red?

See “style.css” in the bottom-right corner of your screen-shot. Right click that and select “Open in new tab”. The URL of the opened tab should reveal where the pop-up is coming from.

I don’t see the pop-up on my end.
Thread Starter aages
(@aages)

3 years, 2 months ago

I turned red but and it looks like the

body #lp-confirm.lp-confirm-style-4{
display: none !important;
}
is lined over, but I do not get it.

Is there any way I can give you a personal access to our pages as an administrator?
Clarus Dignus
(@clarus-dignus)

3 years, 2 months ago
I don’t want administrator access but with patience and further testing, we can resolve this via the forum.
1. Post a screen-shot of the lined-over code so we can see what CSS is overriding it.
2. Right-click “style.css” to the right of “#lp-confirm.lp-confirm-style4” as requested in my last reply and select “Open in new tab”. Post the URL of the opened tab.
Thread Starter aages
(@aages)

3 years, 2 months ago
Here is the link to the screenshot:

https://radio-alanya.no/Screenshot_20220406_181009.png

thi8s is the link I found; https://dating-point.top/js/push/style.css
- This reply was modified 3 years, 2 months ago by aages.
Thread Starter aages
(@aages)

3 years, 2 months ago
I found that https://dating-point.top/ uses IP address 5.8.67.216 which address I have blocked on our server – I thought it could help – but not, it is still popping up.

Bye the way I took away the red background since the web site is up and running.
- This reply was modified 3 years, 2 months ago by aages.
- This reply was modified 3 years, 2 months ago by aages.
- This reply was modified 3 years, 2 months ago by aages.
Clarus Dignus
(@clarus-dignus)

3 years, 2 months ago

The wrong line of HTML is selected in the screen-shot. See the bottom-left of the screen-shot. This is selected (highlighted in blue):

<div class="lp-confirm-wrap">

Select this line above it instead and repost screen-shot:

<div id="lp-confirm" class="lp-confirm lp-confirm-style4 left">

These articles suggest the problem is your computer/browser(s) rather than your website:

https://solvemalwareinfections.com/2022/02/15/how-to-solve-i-datingpoint-top-pop-up/

https://malwaretips.com/blogs/remove-dating-meet-top/

If so, the good news is that only you are seeing the pop-up, not your visitors. I can’t see it. Have you seen the pop-up when viewing other websites or using others browsers to view your website? How about when viewing your website on other devices, like your smartphone?

Before following the instructions in the articles, I recommend downloading and installing Malwarebytes. The free trial will allow you to scan your computer for malware.

https://www.malwarebytes.com/for-home (Click “Free Download”)

Run a full scan. It may take some time.

Also, afterwards, run a scan with SUPERAntiSpyware, which is also free.

https://www.superantispyware.com/free-edition.html

These steps should identify and eliminate the malware. If not, we can proceed with the steps in the article, and beyond that, explore if your website is the problem as you originally suspected.
Thread Starter aages
(@aages)

3 years, 2 months ago
I am running my PC on Linux – openSuse Leap 15.3 and using Firefox 91.4.0esr.

Tried Opera and Chromium without this problem showing up ,so far.
- This reply was modified 3 years, 2 months ago by aages.
- This reply was modified 3 years, 2 months ago by aages.
Clarus Dignus
(@clarus-dignus)

3 years, 2 months ago

Check your Firefox extensions and uninstall anything that looks suspicious.

https://support.mozilla.org/en-US/kb/disable-or-remove-add-ons

I’m unfamiliar with Linux. Find software for Linux that will detect and remove malware.

https://www.safetydetectives.com/blog/best-really-free-antivirus-for-linux/

https://www.makeuseof.com/best-tools-to-scan-linux-server-malware-and-security-flaws/
Moderator Steven Stern (sterndata)
(@sterndata)

Volunteer Forum Moderator

3 years, 2 months ago
@aages

Please don’t offer to send or post logon credentials on these forums:

https://wordpress.org/support/guidelines#the-bad-stuff
- This reply was modified 3 years, 2 months ago by Steven Stern (sterndata).
Clarus Dignus
(@clarus-dignus)

3 years, 2 months ago

Ignore the second link; it’s for Linux servers. The first link relates to Linux computer operating systems. ClamAV is reportedly the best.

https://www.clamav.net/

Thread Starter aages
(@aages)

3 years, 2 months ago

@sterndata

Hi, I am sorry about that as I did not read the rules well enough – I have now