AdService Redirects Are Detected By GTMetrix

GTmetrix report shows redirects are being added to the site from sync.upravel.com links but not sure where these are setup.

  • Adam Czajczyk
    • Support Gorilla

    Hello Bevan

    I hope you’re well today and thank you for contacting us!

    I checked the site and GTMetrix was right – the site was trying to load/redirect to some “ads”. It wasn’t something that you could possibly add to the site though but rather a “nasty” code in the theme.

    I didn’t say “malicious” because from what I could see it’s only purpose was to actually server some ads and spammy “seo” links (hidden by the way) without your knowledge along with some extensive site usage stats to some Russian servers. Fortunately though, I didn’t see any code that could potentially try to infect users computer or “hack” the site (like e.g. gain unauthorized access to it). But better keep a close eye on the site as I cannot promise that I didn’t miss anything.

    The code that I’m talking about was being loaded “silently” with a single line added to the “header.php” file of the parent them of your current site theme and it was loading additional scripts well hidden insite /assets/images/cache folder of the theme. I didn’t find any other occurrences of that and any other code that would look malicious.

    I cleaned it up (hopefully entirely) and it seems this is no longer happening – Sucuri scan doesn’t report any infection on site, I don’t see traces of the code in site’s source code and GTMetrix is no longer reporting these redirects.

    As for how did it get to the site – I must say I’m not sure but it doesn’t look like an “infection” but rather like something placed in the theme “on purpose”. I’m not familiar with the theme that you’re using but if it wasn’t installed from original source but rather purchased/downloaded from some “3rd-party” site it would explain such code as it’s, unfortunately, common practice on such sites.

    If you do have access to the most up to date theme from an original, legitimate source, I’d strongly recommend installing it from there to make sure it’s clean and safe.

    However, if it is fully original theme from original source, it might be a good idea to actually consider replacing it with some other, well known and well rated popular theme instead.

    Best regards,

    Adam

  • Bevan
    • Site Builder, Child of Zeus

    Thanks for your help here, the theme was bought from Themeforest but the developer uploaded an update that is completely new. Meaning it’s like a new theme that replaced mine, I bought mine thinking I’d get lifetime updates but the developer says that my version won’t get updated with the new one and I’m left with this. I complained to Themeforest but didn’t get far.

    Anyway, I probably need to replace the whole thing but there’s a lot of custom addons so it’d be hard.

    I also still see all the redirects in GTMetrix are you able to recheck fo me?

  • Predrag Dubajic
    • Support

    Hi Bevan,

    It looks like there’s again some links being injected to your site and it’s causing the redirects, which is showing reports in both GTMetrix and Sucuri site scan.

    Do you have a backup of your site before this has started happening so you can restore to that and see if it removes all the suspicious code?

    I see that your theme is currently on version 3.2.2 while the latest version is 6.0 based on the Themeforest page, have you tried installing the latest version?

    I also did a Defender scan and there are some suspicious file reported in there.

    I would suggest that you start with restoring to a backup that didn’t had issues with redirects, then update your theme to latest version and after that run another scan with Defender and GTMetrix to see if there are still any reports left.

    Let us know how it goes.

    Best regards,

    Predrag

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.