• Resolved Sean

    (@sean-h)


    Hi there.

    I do know you don’t have control over who refers traffic to your site, in other words, you may well see plenty spammy looking links in ‘Referrers’. This I am told is click bait by bot spammers who hope site owners will click on them to see who referred traffic.

    But today a very strange looking link showed up in outbound ‘Clicks’, a link I know I didn’t post anywhere on my site. Now I believe all this stat data is grabbed from wp.com servers every time I load my dashboard and is not stored on my site or in its database, as is the case with all other sites, correct?

    Here is the link, with spaces, incase someone inadvertently clicks on it, like I did. If you know what you are doing, feel free to remove those spaces and go there:

    go . oclasrv . com / afu . php ? zoneid = 471151

    So the question is, how did that link get there? Sucuri is showing my site as harmful and is asking for $16/month to fix it, yet my site seems fine, traffic is normal and I have no log in / access problems on any browser or device.

    Here is my site: https://www.thetravellingchilli.com

    https://www.ads-software.com/plugins/jetpack/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Contributor Lisa Schuyler

    (@lschuyler)

    Hi @sean-h!

    With that link being recorded in your outgoing stats, and with that Sucuri report, I’d be suspicious too that your site has been compromised.

    I’d suggest working through this guide, just in case:
    https://codex.www.ads-software.com/FAQ_My_site_was_hacked

    Also, if you are using a back-up tool like VaultPress, it also has a security scanner built in and can you alert you to any recent file changes.

    Another possibility is someone viewing your site may have a trojan virus on their desktop or in their browser, and it altered your links in their view, and that suspicious link was recorded when they clicked a link. I’m not sure if it would be recorded though in your stats, but I’ll look into it and get back to you!

    Thread Starter Sean

    (@sean-h)

    Hi Lisa,

    Thanks for getting back to me!

    Suspicious yes, but I am not about to just hand over money for what may well be some kind of false positive / tacky marketing push. I dunno, but I think I’m calling Sucuri out on this one. At least Sucuri says Google has blacklisted my site, yet when I go directly to Google, all is ok.

    That last possibility sounds the most plausible to me. I already use Wordfence premium, the most popular WP security plugin, in other words I already pay someone to look after my site, and it shows up nothing, also VirusTotal and Google Transparency comes up green.

    I believe there was a vulnerability with Jetpack at some point, but I was under the impression it was fixed?

    Plugin Author Brandon Kraft

    (@kraftbj)

    Code Wrangler

    This could be a false positive, yes. It isn’t a vulnerability, but some folks can “spoof” a click (e.g. load your site, on their end edit the DOM to change a link, click) which would show up in your stats.

    I’ll pass the URL on to our data team so they can review it/filter as needed.

    Cheers!

    At the moment the only issue that Sucuri is identifying is that the website is blacklisted by Norton Safe Web. From our experience dealing with hacked websites, Norton Safe Web’s information doesn’t seem to be very reliable. In this case the claimed threat is SWBPL, which from what little information we could find about it, seems to be based on data they get from an unidentified third-party. You still will probably want to review the URL they have identified as containing that threat to see if there is any issue with it and then contact them about re-evaluating the website.

    I have been facing the same issue since a week.
    unknown outbound links.

    ps4ux . com/click?h=Ax722bagzrkRr4XuA7Kqrm4Vu1y70JZhqYDeEeCuyNLz9EiFWTzay4c3gxo722j6hzQu

    go . oclasrv . com / afu . php ? zoneid = 471151

    My website- scoopbbuzz.net

    But how can a jetpack record that link made by some virus desktop browsers?
    “This could be a false positive, yes. It isn’t a vulnerability, but some folks can “spoof” a click (e.g. load your site, on their end edit the DOM to change a link, click) which would show up in your stats.”

    idk,is it possible?

    If it is not a big deal, i can keep my existing hosting provide. if not, i will choose a good secure hosting provider. currently my website is on a low cost hosting provider.

    Thread Starter Sean

    (@sean-h)

    In summary, it doesn’t look like this is a problem with hosts, so I wouldn’t run away too quickly. If you see a suspicious link in your outbound clicks stats, just ignore it. As has been said, it is either a visitors browser that has been unknowingly infected, or a visitor has deliberately done it, in their own browser, in the hope that site owners would click the link, which in this case appears to be some sort of sleezy advertising/marketing site.

    • This reply was modified 8 years, 1 month ago by Sean.
    • This reply was modified 8 years, 1 month ago by Sean.
    Protoss

    (@protoss)

    I have a lot of ps4ux.com/click?h and adnetworkperformance.com/a/display.php?r=
    How to remove those? is something on my site? I scanned and is nothing found1 ??

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Unknown outbound link / click.’ is closed to new replies.