URL in Attention Required! page


#21

with text purpleisp.net.
other : fl=19f161
h=madsoft.ru
ip=188.165.168.*
ts=1541493609.591
visit_scheme=http
uag=Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:62.0) Gecko/20100101 Firefox/62.0
colo=CDG
spdy=off
http=http/1.1
loc=FR
tls=off
sni=off


#22

in Chrome too wget, etc too …


#23

https://codebeautify.org/source-code-viewer http://madsoft.ru/123 = in code http://purpleisp.net/frozentalented.php?more=0

Any (not my site)
https://codebeautify.org/source-code-viewer https://mfray.com/ = in code https://yorke-peninsula.net/wincreamy.php?threadid=78

=> or scripts hacked !! And it needs to be checked urgently.
Or one of the coders spins the domains
(as they are gaining weight in the search, seen by the semrush backlinks stats due to the blocking pages)
The method was chosen specifically for inserting random (for any domains) in random places links and increasing search weight.


#24

Can you check if you also get it via HTTPS?

https://madsoft.ru/123


#25


#26

Alright, you seem to go via the French PoP. Even though I’d highly doubt it, it could be there is some specific issue with that PoP. I’d open a support ticket in this case.


#27

Look: URL in Attention Required! page


for all domains = any other SEO links
in any types for hidden and other places all time


#28

RU, FR, NE, DE, TOR IPS, any VPNs -) all ips. not FR = it’s only any my servers FR


#29

Well, as I told you before I cannot reproduce this. I might be wrong but I still think you have a local issue (particularly as it is happening on HTTPS too). Contacting support is your best bet.


#30

Same via FRAnkfurt. Browser check, then Captcha. No link.


#31

Mark, the problem is not the captcha but the alleged inclusion of the HTML link.


#32

I am also seeing the link he is talking about

enter this url: http://madsoft.ru/123
now look at the source code, sometimes the link will be in line 32, 92, 75, 39:
<a href="http://purpleisp.net/frozentalented.php?more=0"></a>
<!-- <a href="http://purpleisp.net/frozentalented.php?more=0">table</a> -->

a cf-ray 4757a83a55696b7f

edit:
I tested it on my domain and I cant see this link or anything suspicious


#33

That is a different link that the one originally mentioned though.

This one I get now too, only on that page however (again, custom captcha page?).

@cloonan?


#34

Oh yeah. I searched for the other one. It’s present on line 81


#35

when googling for the domain http://purpleisp.net/ there is few malware results


#36

If it were on every captcha page I’d be definitely concerned.


#37

yap what’s weird for me that the link change its location after every refresh so I don’t think it can be custom captcha page


#38

Thats a good catch. At this point, sorry, no idea.

@cscharff @ryan @cloonan etc :smile:


#39

It’s injected on HTTPS as well.

What’s your SSL Setting? Flexible?


#40

It is.

Not sure that would matter much. That page should come straight from Cloudflare.