Why are links on my blog being click-jacked?

  • Author
    Posts
  • #1169507

    amzolt
    Member

    First, this only happens when I’m not logged into my blog and only on Firefox—not on Chrome or Explorer.

    I added links to merchants for my book on this page: https://nfaa.wordpress.com/about-our-book/

    The links for Amazon, Barnes & Noble, iPad, and Kobo (only when I’m not logged-in on Firefox) show this message:

    This Connection is Untrusted
    You have asked Firefox to connect
    securely to wordpress.redirectingat.com, but we can’t confirm that your connection is secure.
    Normally, when you try to connect securely,
    sites will present trusted identification to prove that you are
    going to the right place. However, this site’s identity can’t be verified.

    What Should I Do?

    If you usually connect to
    this site without problems, this error could mean that someone is
    trying to impersonate the site, and you shouldn’t continue.

    wordpress.redirectingat.com uses an invalid security certificate.

    The certificate is only valid for the following names:
    *.skimresources.com , skimresources.com

    (Error code: ssl_error_bad_cert_domain)

    How is this happening?

    I never signed up with skimresources.com…

    The blog I need help with is nfaa.wordpress.com.

    #1169700

    raincoaster
    Member

    Are you using affiliate links or plain text links?

    #1169704

    amzolt
    Member

    Not used to those terms…

    Here are the links:

    Amazon
    Barnes & Noble
    iPhone, iPad, or iPod touch
    Kobo

    #1169706

    amzolt
    Member

    Oops…

    Didn’t know it would render them…

    Hmmm…

    Help?

    #1169713

    rootjosh
    Staff

    Using my Macbook, I do not see the message you are reporting when I click on those links in Firefox or Safari. It just takes me right to the page on Amazon or B&N or wherever.

    #1169747

    amzolt
    Member

    Interesting, monkeybutler—just adds to my mystery…

    #1169755

    raincoaster
    Member

    I think what you might be seeing is some browser infection. We are seeing a new kind of malware that masquerades as a useful browser extension, but instead plasters sites you look at with affiliate links (and the hacker who wrote the extension gets the affiliate income). In this case it looks like the program detects links that can be for-profit links and tries to convert them into affiliate links, but your Firefox recognizes the diversion and gives you an alert.

    To check, disable ALL browser extensions. Then re-enable them one by one and check the links. If they are skimlinks again, you know which extension it is, and you can delete it entirely.

    #1169768

    amzolt
    Member

    Thanks, raincoaster, I’ll give it a try…

    #1169769

    amzolt
    Member

    One thing, though, raincoaster, why would it only happen when I’m not logged in to WordPress?

    What would make it trigger off once I’m logged in??

    #1169777

    raincoaster
    Member

    True. I’ll flag this so staff can weigh in.

    #1169778

    amzolt
    Member

    Thanks…

    #1169822

    macmanx
    Staff

    The links are working just fine for me too, I agree that this is probably some sort of malware in your browser.

    First, please make sure that your browser is up to date by visiting http://whatbrowser.org/

    If it is not, please try updating your browser or switching to a different browser.

    If it is, please try these two things:

    1. Try clearing your browser’s cache and cookies: http://en.support.wordpress.com/browser-issues/

    2. Try with all browser extensions or add-ons temporarily disabled.

    #1169823

    amzolt
    Member

    I’ve done all those things…

    #1169825

    macmanx
    Staff

    Ok then, please try a different browser, like Chrome. http://browsehappy.com/

    It is entirely possible that this is malware infecting your entire computer, so switching to a different browser may not make a difference.

    Either way, this isn’t happing on our end, so there really isn’t anything we can do.

    #1169827

    amzolt
    Member

    As I indicated at the beginning of this thread, I’ve already checked Chrome and Explorer—doesn’t happen there…

    #1169828

    macmanx
    Staff

    Ok then, I’d recommend running a virus/malware scan on your computer, or having a professional investigate it.

    The issue is not coming from us, so there really isn’t anything we can do.

    #1169829

    amzolt
    Member

    I have run scans and have real-time scanning…

    Also, discussed the issue with two local professionals…

    So, no one can help…

    Great…

    #1169832

    macmanx
    Staff

    It’s definitely not us, so at least we could eliminate that possibility.

    #1169850

    amzolt
    Member

    In an effort to work this issue out, I called skimlinks and left a message…

    I received the following email:

    Hi There,

    Thanks for reaching out.

    It appears that Skimlinks is on your blog because it is on the WordPress.com platform. WordPress retains advertising rights on your blog in exchange for providing free hosting services. You should have the option to purchase your domain and/or pay for hosting. Should you move the blog over to WordPress.org, you will then be able to determine how the blog is monetized.

    Hope this helps. Please reach out to (email redacted) with any further questions.

    Best,
    Samir

    #1169852

    justjennifer
    Moderator

    http://en.support.wordpress.com/advertising/ See the bottom of the page.

    Note: To support the service (and keep free features free), we sometimes run advertisements from partners like Google, Sharethrough and SkimLinks. We try hard to only run them in limited places. If you would like to completely eliminate ads from appearing on your blog, we offer the No-Ads Upgrade.

The topic ‘Why are links on my blog being click-jacked?’ is closed to new replies.