HELP! Infinity Ads Pop-Up appearing on my site... Without any authorization

Profile picture of the author kevstorrs by kevstorrs Posted: 07/09/2011
Hi all,

I have recently noticed that a pop-up appears when visiting my main website, RapIreland.com, which is served by "Infinity Ads". This happens on all pages. I have not added any code to the site for these ads, have no account with that company, and can only imagine the site was hacked and the ad code placed (site has quite high traffic).

I have tried to find and delete the code unsuccessfully. Does anyone have any advice for how I can get rid of the ads, as I have noticed a BIG increase in Bounce rate in the last few days while the ads have been served.

HELP PLEASE!

Kev
#ads #appearing #authorization #infinity #popup #site

  • Profile picture of the author Mohsin Rasool
    Mohsin Rasool
    Hi,

    Kev can you share the Site URL?
    Maybe your site was hacked and somebody put the code in there?
    Have you checked the source code and see Infinity Ads ads code added there?

    Regards,
    Mohsin
  • Profile picture of the author Vlad Romanov
    Vlad Romanov
    Originally Posted by Mohsin Rasool View Post

    Hi,

    Kev can you share the Site URL?
    Maybe your site was hacked and somebody put the code in there?
    Have you checked the source code and see Infinity Ads ads code added there?

    Regards,
    Mohsin
    Did you even read the post? He answered every single question of yours in it...

    You should check the code of the add by using the "inspect element" feature in chrome, then just go throughout ur code and use the find feature.
  • Profile picture of the author kevstorrs
    kevstorrs
    Moshin - URL is RapIreland.com ... I have been searching the individual wordpress files to see if it's hidden there but not luck yet.

    NastyDevil - thanks for the tip, will download chrome now and try that out... if the code is not in the source, or index.php is there anywhere else i should be searching?

    thanks again
  • Profile picture of the author sbucciarel
    sbucciarel
    Beautiful site. I see those popups and popunders ... they're still popping up on my computer as I type. Do you have a database backup for the site? If so, I think you could probably rid yourself of this just by restoring the database. You might ask your host to do a restore ... if your host is Hostgator, they are usually very helpful and responsive when asked to remove malware from sites hosted on them.
  • Profile picture of the author kevstorrs
    kevstorrs
    Thanks Suzanne... I use a local host and will enquire about that.

    I have inspected the element and can see the ad code.. Next question: Where on the backend of the site can I find the trigger for this code and delete it. (cannot find anything in source or wordpress php files)
  • Profile picture of the author sbucciarel
    sbucciarel
    Originally Posted by kevstorrs View Post

    Thanks Suzanne... I use a local host and will enquire about that.

    I have inspected the element and can see the ad code.. Next question: Where on the backend of the site can I find the trigger for this code and delete it. (cannot find anything in source or wordpress php files)
    The easiest way for the script kiddies to hack a site is by sql injection, so my guess is that the code is in the database. That's why I recommended a restore of the database. It's a good idea to regularly go into phpMyadmin and just export the current database. Then when something like this happens, you just delete all tables and import your backup database and it's fixed.

    If it were in any of the php files, here's how I fix that. In addition to the regular database export, I just go into cpanel > File Manager and Select All and then Compress. That compresses all your files into a zip. Download the zip and when you need it, like in the case of hacking or some malfunction, just upload it to the root and go into File Manager and extract it.

    By using both of those methods, your entire site is restored.
  • Profile picture of the author Mohsin Rasool
    Mohsin Rasool
    Originally Posted by NastyDevil View Post

    Did you even read the post? He answered every single question of yours in it...

    You should check the code of the add by using the "inspect element" feature in chrome, then just go throughout ur code and use the find feature.
    LOL yeah i did read the post!
    Do not be quick to reach conclusions my friend!
  • Profile picture of the author anthony2
    anthony2
    Originally Posted by sbucciarel View Post

    Beautiful site. I see those popups and popunders ... they're still popping up on my computer as I type. Do you have a database backup for the site? If so, I think you could probably rid yourself of this just by restoring the database. You might ask your host to do a restore ... if your host is Hostgator, they are usually very helpful and responsive when asked to remove malware from sites hosted on them.

    I agree..

    Took the words out of my mouth.
  • Profile picture of the author Mohsin Rasool
    Mohsin Rasool
    Hi Kev,

    Yeah it seems your db is infected ... Follow Suzanne and you will have it sorted soon.
    Good Luck!

    Mohsin
  • Profile picture of the author kevstorrs
    kevstorrs
    hi suzanne,

    thanks for the advice.

    will that method work now, when it would appear the database is already infected and i have never manually backed it up.

    is there a method for restoring the database to how it was say last week?

    i will definitely heed your advice for future backups, but the main task at hand now is to rid the site of these ads.

    thanks a mill everyone

    kev
  • Profile picture of the author sbucciarel
    sbucciarel
    Originally Posted by kevstorrs View Post

    hi suzanne,

    thanks for the advice.

    will that method work now, when it would appear the database is already infected and i have never manually backed it up.

    is there a method for restoring the database to how it was say last week?

    i will definitely heed your advice for future backups, but the main task at hand now is to rid the site of these ads.

    thanks a mill everyone

    kev
    No, it won't work if you don't have a database backup pre-infection. But your host should be able to restore it. Send them an email.
  • Profile picture of the author celente
    celente
    damn I am getting popunder bombed..lol

    anyone else. jeez not good.
  • Profile picture of the author NoBSGuy
    NoBSGuy
    Nice site really. If you weren`t the creator then I`d immediately change my login details for security reasons. The popups indicate that your site was probably hacked. Just search for "Infinity ads" and "popup" in the source code (and even sql db) and remove the entire popup code.
  • Profile picture of the author kevstorrs
    kevstorrs
    I found the code!

    It appears that the site was hacked, and additional code was inserted into the normal advertising code within one of the widgets. So whenever our regular ads appeared in the sidebars this triggered a pop-up and pop-under. It was a single line of code with a link, with no mention of pop-ups, and didn't stand out at all from the other coding. Needless to say it has been removed and much sterner measures put in place to protect the site in future!

    Thanks for all your help. Hopefully this thread will help others in the future who are similarly hacked.
  • Profile picture of the author Karen Blundell
    Karen Blundell
    Hi Kevstorrs,

    I'm very glad you got rid of the nasty ad code. You said you've implemented some sterner measures and that is very good.

    If I may give you additional suggestions: no matter what people say, always update to the latest version of WordPress, even if you lose a couple of plugins in the process. Plugins are easily replaced.

    also, install Secure WordPress plugin or similar, so that you can hide your version of WordPress and implement a couple of other preventative measures.
    To everyone else:
    • backup your database at least once a week using a backup plugin. (I schedule mine so that I get the backup file emailed to me once a week.)
    • Use the "Export" tool after you create new posts or pages. That way if you ever have to do a clean re-install of WordPress, you will be able to use the "Import" tool to restore all your posts, pages, and comments.

    To your success...

    Karen
  • Profile picture of the author sbucciarel
    sbucciarel
    Glad to hear that's sorted out. That was really annoying.
  • Profile picture of the author Power Solutions
    Power Solutions
    Old thread but which widget / ad was it that was "hacked"?

Related discussions

Next Topics on Trending Feed