I've had this issue for about 4 months. When I first access my website www.757sc.com on a browser, upon the first click on my homepage, a tab opens that is usually an ad or the ramsom type of site directing you to call the number to unlock. I initially thought it was my computer or browser, but this is an issue in Chrome, Mozilla, and IE. I accessed it via my phone (safari) same issue. I tried my home computer and laptop, same issue. So it appears to not be a device issue. I called Shopify support and the said they can not replicate. The very concerning this was somebody I buy products from accessed my site, and said they had the same issue. I am still doing strong business, but am wondering if I am losing business from this? Or if it is happening to customers. Any ideas what in the world I can do to stop or fix this? I have so much time and money in this site that I don't want to lose all that time and effort. Thanks for your help.
Wow, 4 months is a very long time. I can see the issue you're talking about but it's not on all pages.
Here's what I can establish from a quick peek:
Pick an effected page in Admin and view HTML in the RTE (rich text editor). What do you see?
Same problem with me and my website stylishportal.com
1st Time I contacted support they failed me and literally stopped replying.
2nd Time They at least tried but refused to do some work and told me to just change my theme. Which yes, it worked but at my cost. I've been paying Shopify for years, thinking their platform is safe, among other things like knowledgeable and helpful support.
Copypasta of part of the chat:
Lisa B: Okay so given the issue is no longer happening on a fresh theme that you tested on, it would suggest there that the issue is related into the theme that you were using. Because that theme is very customised I had my themes team take a look. They have advised that the best step here is to no longer use that theme version where it was happening.
Lisa B: The reason they are advising back is because when they took a look at the code that there is a high jacker virus stemming from the custom code in the theme. They aren't able to directly identify the cause and thats due to the theme being too customised. So your best step forward is to use a fresh new theme for your online store
I hope this helps yall!
So, this has been very helpful to my investigation into malicious click redirection.
My shopify homepage is what i've noticed get's redirected most often. I went to the home page and "view source" on chrome and this is what i'm getting. As you can see there are quite a few scripts, but i'm not sure which one is causing the problem. Any ideas?