New type of SPAM in stats

  • shadowofiris

    (@shadowofiris)


    10 years ago

    I looked at my jetpack stats this morning. They stated someone had clicked on an outgoing link. The only problem was that link should *not* exist on my site, so no one should have been clicking it. I will share the link address, however, do not click it, because I suspect it’s some type of malware:

    “acads.net/Do/PPup.php”

    Has anyone seen this before? Does anyone know what this is? As best I can tell my site is still clean.

Viewing 5 replies - 1 through 5 (of 5 total)
  • wslade

    (@wslade)

    If acads.net is your site and you didn’t add the above file, your site has been hacked. If it’s not your URL then it’s probably nothing to worry about.

    As additional info, if it is your URL, the host is running a somewhat outdated version of Nginx.

    Thread Starter shadowofiris

    (@shadowofiris)

    wslade,

    Thank you. My site is https://www.shadowofiris.com. I’ve checked the site for hidden links, hidden text, malware or whatever, and nothing has come up.

    I used a TOR browser hoping this might offer a little protection and opened up the link. It takes me through a series of redirects then ends up at “videomega.tv/”

    That is an advertisement for a video service! So this has to be some kind of SPAM.

    But how did they manage to make it show up as a link that was clicked on my page. I searched for “acads.net/Do/PPup.php” at Google, and I got about 60 results. All of these were various blogs with that link showing up as the top clicked link. Yet when I look at those blogs, none of them have a link to that page.

    Same happened to me also, It was really strange, site was working normally in desktop browser, but if it was accessed from mobile a lot of pop-ups was displayed. In my jetpack status still the following links are appearing as outgoing traffic, can anybody suggest me a fix.
    my site https://welcometonature.org

    Outgoing Clicks
    acdcadz.com/Doo/PPppup.php
    ecs1.engageya.com/gas-api/click.json?xxxxxxxxxxxx…
    acads.net/Do/PPup.php
    53.campaignism.com/WhiteLabelBidRequestHandlerServlet?xxxxxxxxxxx

    Thread Starter shadowofiris

    (@shadowofiris)

    The problem has not repeated itself with me. So far it was a one time event.

    It stood out because it was so strange.

    I’m not sure if the following is even possible, but I wonder if a person’s host computer or browser could be infected. When it loads the pages, these links appear only on *their* browser, because that’s where the infection is. The person then clicks on those links, and somehow it shows up in the stats.

    I know that I’ve had to remove annoying popup ads from my own browser at times that had been installed surreptitiously.

    It happened to me. Twice. First time it happened a few weeks ago, I clicked on the link since I didn’t remember it being on my site, but it led me to a page which tried to install malware on my computer. Then just now, I noticed an outgoing “click” that looked suspicious and unfamiliar, so I tested it on a link checker and it’s probably a malware site.

    I don’t know how these links are showing up in my Jetpack stats, but it might be the next version of baddie Jetpack tactics (the previous version being buttons-for-ws ?? ).

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘New type of SPAM in stats’ is closed to new replies.