• Little tech help? (A bleg)

    Friend of the blog Paul Kelleher has been getting a pop-up ad, shown below, when he browses to TIE and only to TIE. The problem is, we’re not (knowingly) running any ads. That’s against our policy. Strictly speaking, we could run them for free, but why would we do that?

    The obvious other questions are: Why is this happening? Is the problem on Paul’s end or TIE’s? What can be done about it?

    I will put these questions to the techs at TIE’s host. In fact, I wrote this post so I can point them to it. Meanwhile, if you have any clues, please let me and/or Paul know. We’re both on Twitter at the handles below the image. Or you can add a comment to this post or email me.

    LL bean ad

    UPDATE: Our host says everything’s fine on our end, as do some commenters. So, this is a client-side problem. See comments for more info. I’ll post page source code if anyone sends it to me. My email address is available from the mail icon next to my name in the left sidebar.

    Austin: @afrakt; Paul: @kelleher_

    • Most likely from a browser extension or something he downloaded with adware, and unrelated to your blog.

      WordPress support discusses this: http://en.forums.wordpress.com/topic/pop-up-ads-1

    • I checked the blog with securi.net and it came up clean. I tried to recreate the error and did not see the ad. I tried three different browsers and still did not see any unwanted ads. The page, http://wordpress.org/support/topic/unwanted-ads-in-self-hosted-blog, has several potential ideas with the most likely one is that Paul has an unwanted plugin in his browser.

    • I just had the same thing happen to me on this very bleg post. I can’t tell if it’s malware on my side or something server side. It looks like the ads are from vindico — an online advertising company. It looks like sometimes these script lines are getting added to the bottom of the html page, just under lines from sitemeter.com:

      (Apologies for the HTML — I’m hoping the blog is smart enough to turn it into text… if I accidentally cause more adverts on your site I’m very sorry — a preview button or markup reference could help this).

      Sometimes it’s just the vindicosuite.com url, however; the myspace one is causing the popup, but they may be related, and it sounds like neither is wanted due to your policy. (I assume the sitemeter iframe is how your techs gather blog statistics, so it’s probably innocuous). I’m running some malware programs on my computer, but this is a work PC that is kept pretty well maintained — my guess is that this is on your server’s side.

      • It looks like the code got stripped, and naturally I didn’t save it. The vindicosuite.com URL shows up every time (the myspace URL was intermittent, and that was the code that caused the video), so in google chrome, “inspect element” on the page and it’s at the bottom, hard to miss. I see that “vindicosuite” is not in the “view source” of the page, however, so perhaps it is on my side. Hmmmmm.

      • See update to post and other comments.

    • Someone writes me by email:

      It turned out to be one of those random days when I was on a lot of computers, and I did see this pop up several times. Always on Chrome browsers (firefox and IE weren’t affected when I could try them; I didn’t always have all three and I didn’t try any others), and always and only on TIE blog posts. It could be that I’m very unlucky with a single bit of malware, but if so it’s very tricky and seems to be focused only on your site (I don’t get ads like this anywhere else).

      In any case, I finally pulled a screen shot of the issue and the code. I’m all but certain that the last script tag (with the myspace.com url) is the issue. What I’m less certain of is the line before it. The myspace URL is intermittent, but the vindico url is always there (in Chrome).

      Do with this what you will — hope it helps. If you find someone who figured out what malware it is on the client side let me know so I can eradicate it from my computers. 🙂

      Myspace popup ad chrome theincidentaleconomist.com

    • Running Firefox on a Mac, going to Tools > Page Info > Media, I can select the myspacecdn.com line and block images from that site. Seems to be working so far.

    • I had the same problem recently and, after quite a bit of researching potentially vulnerable plugins and whatnot, I kept hearing about Malwarebytes’ anti-malware software. It’s free if you just get the trial version, and it found and deleted whatever adware was bundled with a recent download. No more problems! Try that. Apparently every antivirus/antimalware software will miss something it should be catching, so it’s not a sure bet, but apparently that one gets the highest ratings from computer geeks who know how to test that stuff.

    • I found this post because I was searching for the cause on another site I frequent. I am only seeing this issue on that one site (now two including this one). I just noticed you use the same sitemeter and had the admin of that site remove it sitemeter coding and the vindicosuite.com script went away.

    • I found this post investigating this same problem on a couple of my blogs and websites. I traced it back to sitemeter.com. It seems the tracking script has been modified to allow it to load an iframe that serves these ads. If you go to sitemeter.com, the video appears every time (with sound), whereas on my blogs and sites the problem appeared inconsistently and without sound.

      Anyway, I don’t know if this is a deliberate move by sitemeter or if they’ve been hacked, but either way I’ve removed the counter from all of my sites for now.

      • Robin, would you mind if I emailed you at the address you supplied with your comment? I’d like to know more about your experience with this and have some specific questions.