Unwanted Ads Suddently Overlaying My Images

  • Resolved goldferris

    (@goldferris)


    12 years, 4 months ago

    Hey, guys!

    So, I visited my blog today to find that the pictures are being overlayed with ads. This isn’t something I installed or anything I want, so it must be a sort of virus/hijacking of my blog. You go to any post and an ad will pop up over the bottom of the picture.

    Here’s my website so you can see it in action:

    https://www.makeupfiles.com/

    As far as I can tell, it only happens from within the posts, so click on any of the posts to see it. And, when I view the source of the ad, this is what it looks like:

    <div id="corticaFcl" style="text-align:right;width:16px;height:16px;position:absolute;top:0;right:0;display:block;z-index:999999;cursor:pointer;" onclick="javascript:hideDiv(this);">
<img src="https://srv.overlay-ad.com:8080/adserver/static/overlay/close.png">
</div>
<script type="text/javascript">
function hideDiv(obj){
obj.style.display = 'none';
	if(document.getElementById("corticaInnerDiv")){
		document.getElementById("corticaInnerDiv").style.display = 'none';
	}
};
</script>

<div id="corticaInnerDiv" style="position:absolute;top:0;left:0;height:75px;width:100%;border:1px solid #BABABA;">
<div style="background: #666666; background: -moz-linear-gradient(top, #666666 0%, #000000 100%);
background: -webkit-gradient(linear, left top, left bottom, color-stop(0%,#666666), color-stop(100%,#000000));
background: -webkit-linear-gradient(top, #666666 0%,#000000 100%);
background: -o-linear-gradient(top, #666666 0%,#000000 100%);
background: -ms-linear-gradient(top, #666666 0%,#000000 100%);
background: linear-gradient(to bottom, #666666 0%,#000000 100%);
filter: progid:DXImageTransform.Microsoft.gradient( startColorstr='#666666', endColorstr='#000000',GradientType=0 );
background-color:#333333;
height:75px; width:100%; opacity:0.8; filter:alpha(opacity=80);"></div>

<div style="border-bottom-width:0px;border-bottom-style:solid;border-bottom-color:#fff;position:absolute;left:4px;top:4px;right:4px;bottom:4px;">

<div style="text-align:center;float:left;height:49px;width:49px;padding-top:0px;"><img src="https://srv.overlay-ad.com:8080/adserver/static/images/empty/iStock_000019473221XSmall.jpg" style="width:67px;height:67px;cursor:pointer;" onclick="window.open('https://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');" /></div>

<div style="">
<div style="color:#D9D919;font-family:Verdana,Geneva,sans-serif;font-size:13px;font-weight:bold;line-height:14px;vertical-align:middle;width: 100%;position:relative;left:32px;top:0;cursor:pointer; white-space:nowrap;padding:4px 0 0 0px;cursor:pointer;" onclick="window.open('https://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');">play games on your PC</div>

<div style="font-family:Verdana,Geneva,sans-serif;font-size:13px;line-height:15px;font-weight:normal;color:#FFF;padding:2px 0 0 0px; margin-right:40px;position:relative;left:32px;top:0;white-space:normal;cursor:pointer; max-width:300px; height:32px; overflow:hidden;" onclick="window.open('https://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');">Enjoy a large variety of cool and fun games for your PC</div>

<div style="font-family:Verdana,Geneva,sans-serif;font-size:13px;line-height:12px;font-weight:normal;text-decoration:none;color:#F90;padding:0px 0 0 50px;width: 90%;position:relative;left:32px;top:0;cursor:pointer; height:20px; overflow:hidden;cursor:pointer;" onclick="window.open('https://tags.click-srv.com/xml/dclick.php?pub_id=348&aid=135&fid=4&country=&cat=0&url=aHR0cDovL3NydjcubWFyc2Fkcy5jb20vc3J2L3RhZ3MvP2dDJnB1Yl9pZD0zNDgmY3BjPTAuMDEmcDE9NCZwMj0xMzUmcDM9JnA0PSZwNT0wJnA2PWh0dHAlM0ElMkYlMkZ3d3cubWFrZXVwZmlsZXMuY29tJTJGMjAxMiUyRjA3JTJGMjQlMkZsdXNocy1uZXctZW1vdGlvbmFsLWJyaWxsaWFuY2UtbWFrZXVwLWxpbmUtaW4tYWN0aW9uJTJGJnA3PSZwOD0=');">game4free.com</div>

</div>
</div>
</div>

    I have no idea where this came from or where I can find it in my code to remove it. Anyone have any idea?

Viewing 15 replies - 1 through 15 (of 25 total)
  • Thread Starter goldferris

    (@goldferris)

    Okay…I’m starting to think this isn’t a problem with my blog and is instead a virus (or similar) connected to Firefox. I’ve now seen the same ads on other websites, and it doesn’t show up on my blog when I try it in Chrome.

    So, this isn’t a WordPress problem. But, if I find a solution, I’ll let you know anyway.

    Thread Starter goldferris

    (@goldferris)

    I couldn’t figure out what was doing it, but I reset Firefox to defaults and the problem went away. Resolved!

    I Found the same problem with my blog today ..after installing better wp security ..did you do the same ? the ads are annoying though

    Annoying situation.
    I’m having the same issue with all images inside posts and pages, also with featured images.

    In a very naive attempt to rid the site from this annoying ads i created a set of css rules in my stylesheet. I guess it’ll work for the time being

    div#corticaInnerDiv{
	display:none !important;
}
div#corticaOF0{
	display:none !important;
}
div#_STP_slsdiv{
	display:none !important;
}

    Oh, and BTW I believe this is browser-independent

    Same thing is happening on my website. Is it a virus?

    https://www.musicalertsnow.com

    I also had the same problem, so I started turning off any new extensions I installed. I found one called: Fast Save v1.1 ID: cfjjohldijabngglooemkchgjeidlhnf

    I turned this off and everything seems to be back to normal. I don’t remember installing this extension and I can find no info on it in the Chrome web store.. so a virus it must be!

    I am having this problem on my Joomla site. I believe it was an sql injection attack. I have gzipped my remote contents and am downloading now. After I analyze and fix the problem, I’ll post a fix for wordpress.

    @lazyink, the question is what flaw in our websites allows this extension to attach itself to our images?

    @jlixerkun, It’s not naive at all. Now that we’ve established this problem to be caused by a malicious Chrome extension, your css rules will hide these ads from visitors who unknowingly have the “Fast Save” extension installed. ??

    So how can we stop this @cookiect?

    for now, uninstall the offending extension from your browser; on mine it was called “Fast Save”

    But others with that extension installed will still see ads on your site so we use jlixerkun’s CSS rules to hide the ads.

    We need to place this CSS code:

    div#corticaInnerDiv{
    display:none !important;
    }
    div#corticaOF0{
    display:none !important;
    }
    div#_STP_slsdiv{
    display:none !important;
    }

    ideally, in our template header.php file; but, sometimes wordpress template authors make this hard to find. In that case, place that code in your main stylesheet.

    I just noticed it today on my site so disabled fastsave which solves it for me on Chrome. Will wait for some update from WP which fixes this without having to hack my theme. Thanks everybody for working on this.

    If this is indeed a virus, lets all list our OS and browser/version because I think it has just happend to me on a Cargo Collective site which does not use wordpress.

    Mac OSX 10.7.3
    Google Chrome 20.0.1132.57

    It looks like the culprit host is click-srv.com although I cannot find any code on my wordpress files or within the database, did an egrep on click-srv and nothing shows. That’s why I believe it may be a cookie or some javascript.

    Ok it’s not a virus, it’s not an sql injection the fact it disappeared after a reset means it is client side. To set the conversation straight it is a plugin/addon depending on what browser your on. If you on firefox remove the quick save addon if you on chrome get rid of the quick save extension.

Viewing 15 replies - 1 through 15 (of 25 total)
  • The topic ‘Unwanted Ads Suddently Overlaying My Images’ is closed to new replies.