Support

October 17, 2022 at 2:34 am

Hi there,

I had a look over your site and in short, it looks like your site has been compromised.

There is a secure.js file being loaded from another site which is adding an iframe to the page and running a .PHP file from within your site. That’s not normal behaviour and it is likely what is causing the above. The iFrame moves in and out of focus as the pointer interacts with elements on your site, basically, it’s a hidden element that ‘moves’ in the way when you click.

With a little CSS tweaking this is what I see:

https://monosnap.com/file/a9llqKBFGOQ7WQW1k5aCAD308JYqfO

The red arrow on the top left is where my most was (doesn’t show on my screenshots) and as I move the mouse around that box/element follows waiting for me to click it.

You can spot this on the EE form submissions because that is where you are trying to interact with the site but it’s the iFrame causing the problem.

Your host may provide an option to ‘clean’ your site when infected, or you could try the folks at Securi.

October 28, 2022 at 4:44 am

Just to note, if the theme is where the files were present then updating it would have replaced the entire theme so would have removed those but may not have fixed whatever vulnerability allowed for this (although at the same time may well have done).

Basically, just be vigilant and keep an eye on the site to confirm it doesn’t happen again. If whatever vulnerability caused it is still there you will likely run into this (or something similar) again.