So Many Clicksor and Paypopups on My Blog, Is it hacked?

March 13th, 2008 | email this

Leave your comment Posted by Life is Colourful

Published in Blogging

Since last 3-4 days, not only I but all my readers are seeing these paypopup.com’s pop ups and clicksor intext advertising on my blog. Now let me tell you, this is not something I installed on my blog. These ads started appearing on the blog on it’s own since last week. Either I must have done something wrong or my blog is being hacked. I foresee more chances that I did something wrong in uploading any of the plug-ins. While uploading the last plugin, I blindly uploaded the zip in my plugin directory and I believe that’s something is causing these popups, pop unders and in-text contextual advertising. Have a look at how that forceful advertising on this blog is looking like.

Did anyone face such problem before and know how to get rid of this? This blog looks like hacked because readers are seeing pop-up on the face when they open this blog, two popunders and intext clicksor advertising. When I installed nothing out of it, there are chances that some of the recent plugins I am using might be inserting these ads through javascript.

As precautionary measures, this is what I did:

I deleted most recent plugin wplinkxl [linkxl.com's intext contextual advertising plugin]
I deleted any plugin related to textads or intext ads
I deactivated all recenly updated plugins from my wordpress blog

Unfortunately the things did not work out and I am still seeing that green bar under the text and mouse over opens the clicksor window. I also could see the pop-up from “Paypopups” thrown on my face and two pop-under windows opened on the side. I will try to fix this issue on my own or taking help from someone of you, but please bear with me till then. I really apologize for the inconvenience.

14 Responded To This Post

7106. World Directory said in March 13th, 2008

Yes i noticed that there comes a few pop-ups and that started recently on this site. must be annoying. i don’t have the magic trick though, get back to you if something comes up.

7111. Link Building said in March 14th, 2008

this is a problem i’ve heard a bit about from some friends. I think that now since you took these actions it might go back to normal, and if it doesn’t it might actually be hacked. then it get’s more complicated of course. if i find out more i’ll get back to you. i might find some helpful tips from my friends.

7119. Thiago Guerra said in March 14th, 2008

I think it is more likely that someone had access to your wordpress password and it’s editing your template. What you should first try to do is change your template. If you get no ads after changing your template you can be sure that was it. Than you should upload your template files to your server or look into the template code to see if you can find those ad codes. They must be there

7121. risoknop said in March 14th, 2008

Maybe you should try to download your public_html directory and check it with antivirus and antispyware… Might help. But it could possibly be some sneaky plugin or some javascript code you put here recently…

7138. Joe on SEO said in March 15th, 2008

Your blog looks fine now. I think you just fixed it.

7277. aparna.neil said in March 22nd, 2008

its was also coming in my blog n was due to rankwidget i removed dat n now its fine

7349. ozlady said in March 25th, 2008

Don’t use rankwidget.com - they include ads with their widget.

Remove it and it will be fine (I went through the same experience).

7762. Beth said in April 4th, 2008

I hate those pop up ads!

8058. Markk said in April 9th, 2008

I had same problem with some of my blogs. Ozlady is right, RankWidget could be the culprit. Just removed its widget and all the intext ads from Clicksor had disappeared. All this happening in the last few days. So better be careful of RankWidget.

30406. Kelly Wright said in June 21st, 2009

There’s a popular hack among evil-doers: by using brute-force they find a password to default FTP account and get access to the root of the WordPress blog. Then they replace index.php with the one that reas something like “send $20 to my paypal account and learn how I hacked this blog!”
A good hosting company will prevent such hacks, but such things still happen.

30634. Nydar said in July 24th, 2009

It’s not just your blog, or any blogs. I keep seeing these highlighted or underlined words everywhere on the internet, in game descriptions and wherever else they can show up, and when I hover over them the link pops up to some advertisement. Maybe it’s something with the new firefox update? That’s the only update I can think of that I did around the time that these started showing up. Otherwise maybe it’s just some hostile takeover of the internet itself lol

30670. cj1404 said in July 30th, 2009

Go to this page and it will explain how this is working. Your blog has not been hacked. The ISP is making money via keyword targeted advertising. The only thing you can do is disable JavaScript to stop it from working. This is an interesting form of advertising. View their website for more information.

Mr. Russ Cobb President of Inline Internet Systems, Inc.(you might know their product iHTML - http://www.ihtml.com) wrote a program in iHTML that will do the same thing, while I was in his classroom, for one of the students. It only took him 15 minutes. That shows you how good he is. He just gave the code away to all of us.

30672. cj1404 said in July 30th, 2009

LeechBlock 0.4.3
https://addons.mozilla.org/en-US/firefox/addon/4476

Developer James Anderson’s home page: http://www.proginosko.com/leechblock.html

use this url to block its functions: http://ads.clicksor.com

30673. cj1404 said in July 30th, 2009

People that use Firefox will find post #30672 useful. I installed LeechBlock and it stopped Clicksor dead in its tracks. I understand Linux users can modify /etc/hosts and just add “” http://ads.clicksor.com 0.0.0.0 “” and that will also work. You must have root privileges to modify that file. It should point the site to null and do nothing. You can also add the url to your firewall and block it that way also.

Go Back To Home Mother of All the Blog Contests | Snapbomb - New Entrant in Blog Marketing