Pop Ups on my site? What are they?

[Baysbeauty]

I received an email this morning that someone surfing ReallySmartDeals gets a pop up on my site www.baysdesigns.com on this page: http://www.baysdesigns.com/index.php...products_id=10

I do not see a pop up and do not have any pop ups. What would cause this?


========================

This is the message that was sent to me about this problem!

http://www.baysdesigns.com/index.php...products_id=10

Has a pop-up that messes up my computer everytime. The pop-up is for some kind of review. It is on Bays designs for something like that. Thank you.

The site starts to load as usual, then stops and freezes, then my computer virus program lets me know that someone attempted to hatch in.

[crazycucumber]

There are some errors when viewing your site in IE :

Code:

Webpage Script Errors

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Timestamp: Tue, 18 Nov 2008 16:06:41 UTC


Message: Object expected
Line: 289
Char: 1
Code: 0
URI: http://www.baysdesigns.com/index.php...products_id=10


Message: Object expected
Line: 289
Char: 1
Code: 0
URI: http://www.baysdesigns.com/index.php...products_id=10


Message: Object expected
Line: 289
Char: 1
Code: 0
URI: http://www.baysdesigns.com/index.php...products_id=10

I dont think there are popups on the site, the only think I can think of are that the user is infected with spyware and the popup is part of that . Some spyware / malware / trojans try to push users to alternate websites when it see's certain search terms or words

[Baysbeauty]

Thank You for the fast response.

How would I fix those errors?

And are you saying that this problem isn't me, it is the visitor?

[Baysbeauty]

I just did a View Page Info and I came across this:

==============
javascriptopupWindow('http://www.baysdesigns.com/index.php?main_page=popup_image&pID=10')


How would I fix that?

Is that causing a problem when you click on my images to inlarge them?

[crazycucumber]

After another look , I may be wrong .. looks like you may have been hacked ! open your site , and view the source code .. line 289 starts

Code:

<script>check_content()</script><script>check_content()</script><

A quick google shows this linked to an redirect / popup type hack.
I may be wrong , but email me or PM me and I have something that can protect you from this happening again . In the mean time I would download your entire site via FTP and check every file for the string starting <script>check_content()

Unless of course you know what that is . Its not just on that page its on every page so its on a file that gets included on every page like the footer or something like that.

Don't want to scare you but you need it sorted ASAP or customers will be disappearing.

Mark

[Baysbeauty]

Thank You! I have emailed you. I am in the process of making a back up of my site to my computer so that I can locate the problems.

I so thank you.

Is this a Hack??

[Baysbeauty]

I think it is fixed now. Can you take a look. The gal that installed it for me fixed it.

[crazycucumber]

looks like that code has gone .. how did it get there .. how much login info did they obtain already .. now need to close the security gaps. e-mail sent .
Good luck .

[Baysbeauty]

Hi Mark,

I just now found the original code that I deleted from the site and I have sent it to you so that you guys may better understand how and why this happened.

Hope it helps.

I just so happened to have my old backup of the site and found it in there.

Thanks so much.

[kireol]

I noticed that you use google checkout on your site. Can you please send me a link on where you downloaded that module? I'd like to add it to my cart as well. And while google does show a few solutions, since yours seems to be working, i'd like to use it.