Why are links on my blog being click-jacked?

  • amzolt · Member ·

    First, this only happens when I’m not logged into my blog and only on Firefox—not on Chrome or Explorer.

    I added links to merchants for my book on this page: https://nfaa.wordpress.com/about-our-book/

    The links for Amazon, Barnes & Noble, iPad, and Kobo (only when I’m not logged-in on Firefox) show this message:

    This Connection is Untrusted
    You have asked Firefox to connect
    securely to wordpress.redirectingat.com, but we can’t confirm that your connection is secure.
    Normally, when you try to connect securely,
    sites will present trusted identification to prove that you are
    going to the right place. However, this site’s identity can’t be verified.

    What Should I Do?

    If you usually connect to
    this site without problems, this error could mean that someone is
    trying to impersonate the site, and you shouldn’t continue.

    wordpress.redirectingat.com uses an invalid security certificate.

    The certificate is only valid for the following names:
    *.skimresources.com , skimresources.com

    (Error code: ssl_error_bad_cert_domain)

    How is this happening?

    I never signed up with skimresources.com…

    The blog I need help with is: (visible only to logged in users)

  • raincoaster · Member ·

    Are you using affiliate links or plain text links?

  • amzolt · Member ·

    Not used to those terms…

    Here are the links:

    Amazon
    Barnes & Noble
    iPhone, iPad, or iPod touch
    Kobo

  • amzolt · Member ·

    Oops…

    Didn’t know it would render them…

    Hmmm…

    Help?

  • staff-ozmodiar · Staff ·

    Using my Macbook, I do not see the message you are reporting when I click on those links in Firefox or Safari. It just takes me right to the page on Amazon or B&N or wherever.

  • amzolt · Member ·

    Interesting, monkeybutler—just adds to my mystery…

  • raincoaster · Member ·

    I think what you might be seeing is some browser infection. We are seeing a new kind of malware that masquerades as a useful browser extension, but instead plasters sites you look at with affiliate links (and the hacker who wrote the extension gets the affiliate income). In this case it looks like the program detects links that can be for-profit links and tries to convert them into affiliate links, but your Firefox recognizes the diversion and gives you an alert.

    To check, disable ALL browser extensions. Then re-enable them one by one and check the links. If they are skimlinks again, you know which extension it is, and you can delete it entirely.

  • amzolt · Member ·

    Thanks, raincoaster, I’ll give it a try…

  • amzolt · Member ·

    One thing, though, raincoaster, why would it only happen when I’m not logged in to WordPress?

    What would make it trigger off once I’m logged in??

  • raincoaster · Member ·

    True. I’ll flag this so staff can weigh in.

  • amzolt · Member ·

    Thanks…

  • staff-blorbo · Staff ·

    The links are working just fine for me too, I agree that this is probably some sort of malware in your browser.

    First, please make sure that your browser is up to date by visiting http://whatbrowser.org/

    If it is not, please try updating your browser or switching to a different browser.

    If it is, please try these two things:

    1. Try clearing your browser’s cache and cookies: http://en.support.wordpress.com/browser-issues/

    2. Try with all browser extensions or add-ons temporarily disabled.

  • amzolt · Member ·

    I’ve done all those things…

  • staff-blorbo · Staff ·

    Ok then, please try a different browser, like Chrome. http://browsehappy.com/

    It is entirely possible that this is malware infecting your entire computer, so switching to a different browser may not make a difference.

    Either way, this isn’t happing on our end, so there really isn’t anything we can do.

  • amzolt · Member ·

    As I indicated at the beginning of this thread, I’ve already checked Chrome and Explorer—doesn’t happen there…

  • staff-blorbo · Staff ·

    Ok then, I’d recommend running a virus/malware scan on your computer, or having a professional investigate it.

    The issue is not coming from us, so there really isn’t anything we can do.

  • amzolt · Member ·

    I have run scans and have real-time scanning…

    Also, discussed the issue with two local professionals…

    So, no one can help…

    Great…

  • staff-blorbo · Staff ·

    It’s definitely not us, so at least we could eliminate that possibility.

  • amzolt · Member ·

    In an effort to work this issue out, I called skimlinks and left a message…

    I received the following email:

    Hi There,

    Thanks for reaching out.

    It appears that Skimlinks is on your blog because it is on the WordPress.com platform. WordPress retains advertising rights on your blog in exchange for providing free hosting services. You should have the option to purchase your domain and/or pay for hosting. Should you move the blog over to WordPress.org, you will then be able to determine how the blog is monetized.

    Hope this helps. Please reach out to (email visible only to moderators and staff) with any further questions.

    Best,
    Samir

  • justjennifer · Member ·

    http://en.support.wordpress.com/advertising/ See the bottom of the page.

    Note: To support the service (and keep free features free), we sometimes run advertisements from partners like Google, Sharethrough and SkimLinks. We try hard to only run them in limited places. If you would like to completely eliminate ads from appearing on your blog, we offer the No-Ads Upgrade.

1 2
  • The topic ‘Why are links on my blog being click-jacked?’ is closed to new replies.