Possible security issue: Malicious redirect on form with embedded form

  • Profile Image
    usspwdc
    Asked on January 26, 2017 at 01:17 PM

    Hello, we have a few jotforms embedded on our weebly website.  Normally everything functions perfectly, however we are having an issue where many people are getting ad popup redirects when they click a link that has a jotform on it.  Normally when this problem happens, it opens a new window with an ad for a movie site, security threat, and other things.  Is this a problem that you guys have encountered before?  It seems very strange that it only happens on pages with jotforms.  To replicate the problem, try going to http://usspwdc.org, and click the link for Water Training Registration, and sometimes with the Join/Renew link.  Thank you.  David

  • Profile Image
    liyam
    Answered on January 26, 2017 at 01:50 PM

    Hello David,

    I checked your webpage and I don't see any issues with it. No pop-ups. It looks like your computer is infected with adwares/malwares/spywares. You can remove that by installing anti spyware tools like Ad Aware, Malwarebytes, or any anti-virus applications with anti-malware tools.

    Thanks.

  • Profile Image
    usspwdc
    Answered on January 26, 2017 at 02:06 PM

    Thank you for the fast response, however... This issue happens to many people accessing our site, and only with our site, and only on pages with Jotform.  I've spent time tracing this before contacting you guys, and i contacted Weebly support first.  I would not be taking the time to leave this forum question if it were merely a virus on my pc.  We've been able to trace it to either the Weebly custom theme, or the Jotform embeds.  Since it only happens on pages with jotform, that narrows it down.  Furthermore, I cannot replicate the problem in Firefox, only Chrome.  The other users who experience the problem are using Safari and IE, I believe.  By the way, I run a full premium version of AVG on a brand new MSI workstation, I'm a developer who does daily system checks, and I don't screw around with viruses.  This problem is most certainly tied to the website.

  • Profile Image
    liyam
    Answered on January 26, 2017 at 02:25 PM

    Thanks for your response. 

    Have you tried viewing your form on stand alone (directly viewing the form via its URL e.g. https://form.jotform.com/form/70188966367169)? That might shed light to filter out if you're getting ads for visiting JotForm. You can also review the code of your template to see if there is something there which calls a source from somewhere suspicious.

    As of yet, there are no reports similar to what you have mentioned. But if in case we find anything we'll let you know.

    Thanks.

  • Profile Image
    usspwdc
    Answered on January 26, 2017 at 02:45 PM

    You are correct, we did lots of testing on the form during production, using the source link.  It wasn't until embedding in the Weebly site did the problem occur.  That's one reason I'm having so much trouble figuring it out.  The Weebly site worked fine before, and the Jotforms work fine, it's combining the two that create the problem.  So if anyone has any insight into this fluke, hopefully they will share here on this thread.  Thank you again for trying.

  • Profile Image
    Mike
    Answered on January 26, 2017 at 06:04 PM

    I believe that the issue is not related to JotForm. This is most likely that some ad/malware script is being loaded by your website at some point.

    I was not able to reproduce the error when checking your page on Mac, but I was able to randomly reproduce it when checking on Windows via https://www.browserstack.com. However, according to my tests the malicious redirect could be reproduced on your non-jotform pages, I was able to reproduce it by clicking Home and Gallery links too (Load website > Home, Load website > Gallery).

    At this point we do not get similar reports from other JotForm users, but we will monitor the situation and investigate it more deeply if we see any more instances.

  • Profile Image
    wesince2013
    Answered on January 27, 2017 at 01:55 AM

    Hello, I just got the same problem from 2 days ago. Pages embedded with Jotform redirect user to other pages. I've checked with my server group and they found no malware on my site. The problem should be in Jotform. 

     

    My site is wesince2013.com. Please also take a look.

     

    Thanks,

    Chris

  • Profile Image
    wesince2013
    Answered on January 27, 2017 at 02:21 AM

    I tried to use the source form but not embedded url. It worked and I will keep an eye on this problem. Please do something on this. This is a serious security issue.