Support » Plugin: Sweet Captcha » Sweetcapcha hacked and causing malicious popups

  • I had to uninstall SweetCapcha because it was causing malicious popups on my website. The popup ads are being triggered through a javaascript file serverd from sweetcaptcha.com. The offending javascript-file has this URL in the source: //www.sweetcaptcha.com/api/v2/apps/csrf/38661?ver=3.1.0

    There is a reference to a javascript file on clktag.com. This triggers the popup to clkdeals.com

    How can you insure that this will never happen again?

    https://wordpress.org/plugins/sweetcaptcha-revolutionary-free-captcha-service/

Viewing 15 replies - 16 through 30 (of 47 total)
  • I had the same issue. Malicious browser window opening with ads on the first click. I have removed SweetCAPTCHA completely from my site. Wish I could have the hours back I spent tracking down this issue. Thanks a lot.

    same here on my blog too.

    <script src=”https://www.sweetcaptcha.com/api/v2/apps/csrf/38088?ver=3.1.0″ type=”text/javascript”></script>

    <script src=”//www.sweetcaptcha.com/javascripts/sclytics.js” type=”text/javascript”></script>

    <script type=”text/javascript” async=””></script>

    <script async=”async” src=”//altj.sweetcaptcha.com/adServe/banners?tid=SWTMPOP&tagid=2″ type=”text/javascript”></script>

    <script id=”rh_tag_POPUNDER_SWTMPOP” type=”text/javascript” src=”http://cdn1.clkcln.com/script/rhpop_1.1.22.js”></script>

    Same problem here, we’re waiting for plugin contributor reply.

    Plugin Contributor already replied basically pretending he doesn’t know anything. Just look for No. 7 post..

    He isn’t even man enough to admit it.

    I wasted hours trying to figure out what the issue was, and it turns out it was SweetCaptcha.

    If this is really part of their business model like I’ve been reading, it seems like it should be illegal!

    Is any legal action being taken to address this?

    I am having the same problem, and it looks to be sweetcaptcha.

    No one would do this on purpose to their own business they spent years building.

    I can’t see SweetCaptcha doing it to themselves on purpose. It does not make any sense.

    A third party must have done something to them. Unless I am missing something.

    In anycase, I disabled the plugin and it seems to have fixed the “hack”

    At least they did not get into my server or my database.

    I just read the news reports, and I guess they must have gone insane.

    What was their business model? Create a product that when people use it, they run away in horror?

    Sounds like something Umbrella Corporation from Resident Evil would do.

    Maybe the staff went on a cocaine and meth binge and this seemed like a good idea at the time.

    I can’t figure this out.

    Holy F*ck! I am removing SweetCaptcha from my sites, and it is throwing up some nasty crap.

    Not just annoying ads, but dangerous criminal pop ups that do actual damage.

    Ransom Ware? Seriously? WTF?

    The SweetCaptcha guys must have sold their biz to a shady guy for $5. That is the only thing that makes sense.

    Thank you for this information! I’ve been trying to figure out why I’ve been getting pop up ads on the first click of my website. I can’t believe SweetCaptcha would be so underhanded. That’s awful. :/

    I uninstalled SweetCaptcha and the problem is gone instantly.

    same here, I’ve spent money on a backup and countless hours on this. The guys at wordfence pointed me to this – all thanks to them, they have been amazing as their plugin was not picking it up – for obvious reasons after reading this.

    Mikk

    (@mikk-raudsepp)

    Can confirm. After deleting Sweet Captcha clktag advertisements went away. I had it going on my site couple of weeks becouse I myself use adblock.

    Yes, that is true, two of my bbpres sites have been injected with the same malicious pop up and after the removal of the sweet captacha plugin everything stopped.

    Sweet capthca decided to pass to the black hat and to the dark side of the web.

    l got crazy for more than a month now untill today.

    After reading the sucuri blog post l understood what happened.
    https://blog.sucuri.net/2015/06/sweetcaptcha-service-used-to-distribute-adware.html

    Sweet captcha is blacklisted from my wordpress sites for now and forever.

    Thank you sucuri!

    This has caused me concern and wasted time. Goodbye Sweet Captcha, you suck.

    For a long time I never knew this was happening since I use NoScript in my browser. Then one day I was using a browser without NoScript I thought I had malware on my computer and I tried all the computers in the house and I still got a popup from MusixLib. Googling MusixLib and you will see some dark stuff. It wanted me to install an addon in my browser! I then thought this can’t be the same malware in all my computers since I run a tight ship. I was then going to try loading my blog in VMware Player, but then I thought, lets deactivate the plugins folder and see what happens. Bam! No more pop up. So I tried the most suspected and sure enough I narrowed it down to Sweetcaptcha. This is unacceptable! I’m finding a new captcha plugin! Anyone no of a better one to use?

    PS. They buried the code too! I can’t find MusixLib or clktag anywhere.

    Steve

    (@stevegoering2013)

    Wasted at least 4-6 hours on this, but at least it’s solved. I will never trust those guys again. Sweet Captcha go rot in hell!!

Viewing 15 replies - 16 through 30 (of 47 total)
  • The topic ‘Sweetcapcha hacked and causing malicious popups’ is closed to new replies.