This thread is resolved. Here is a description of the problem and solution.
Problem: In the Google Analytics dashboard, I see some strange traffic with URL parameters that seem to point to strange links.
Solution: It looks like someone or some bot visited your site URL with this parameter in the URL. I don't think it's anything to worry about in this case.
This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.
Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 8:00 – 12:00 | 8:00 – 12:00 | 8:00 – 12:00 | 8:00 – 12:00 | 8:00 – 12:00 | - | - |
| 13:00 – 17:00 | 13:00 – 17:00 | 13:00 – 17:00 | 13:00 – 17:00 | 13:00 – 17:00 | - | - |
Supporter timezone: America/New_York (GMT-04:00)
This topic contains 5 replies, has 2 voices.
Last updated by 6 years, 8 months ago.
Assisted by: Christian Cox.
Hi,
I happen to notice that one of my Views slider on my home page got hacked with a bitcoin link (please see attached) while checking for unwanted/suspicious traffic from google analytics. I traced it to my 'Promotion' Views slider that there is a hidden form with a foreign link to bitcoin. Just wondering if Types or Views has a weakness that hackers can exploit?
How do I remove this and prevent it from happening again, because once exploited they will always come back unless it is patched once and for all.
Hi, I'm not able to see the form action problem when I load your site. The action looks fine, so there must be something else going on. I'm attaching a screenshot here. Is it possible a browser extension is causing this problem on your end? Please switch to another browser like Chrome or Firefox instead of your current browser and check again. Is there any action I need to take on the homepage to replicate the problem - like tabbing into a form element, or scrolling to a certain section, etc.? Any additional information you can share?
Hi Christian,
I'm using chrome. I think you are right - could be the browser. I can replicate from my Google Analytics page (see attached). When I click the bitcoin link (hidden link), this action appears on 29 sections on the whole page where I use Views, not just <form> element but <div>, <a>, <input> as well.
I think you can replicate the issue when you copy 'n' paste the bogus bitcoin link above. So Google bot detected this link or it's a false report? Can you shed some light why and how does this happen, and why Views? Is it a heck or Google issue?
By the way, my site is SSL secured both frontend browser and backend SSH connections. Firewalls all in place as well. I have changed the WP admin login password. Let me know if you need access.
Many thanks for help.
