Who or what is affected by this security alert Websites that use the sweetCAPTCHA service

How do we resolve this issue? Remove SweetCAPTCHA or other services with confirmed malware issues. If you are a website viewer, ignore links or popups that may appear after using the sweetCAPTCHA service. Do not download anything from the links and ignore the pop-up messages. Update malware prevention software.

SweetCATPCHA is a service that uses images instead of distorted characters to make sure that someone is a person instead of robot. Although SweetCAPTCHA is found on many website platforms including thousands of WordPress installations. There have been recent reports of the following graphic appearing where sweetCAPTCHA has been in use:

False image alert

Inspection of the sweetCAPTCHA code revealed Javascript that loaded the banner. Unfortunately, this code was not added maliciously, but with intent from the developers of sweetCAPTCHA. The addition of this code is covered in their Terms of Use

5.2 You acknowledge that within the sweetCAPTCHA service and/or sweetCAPTCHA API, There might be included 3rd party content which will be displayed for the purpose of user interaction. This content might include but will not be limited to ads, banners, links, search engine input fields and etc.

Malicious clktag in JavaScript

Recent investigation of the sweetCAPTCHA code has found the use of clktags which lead to popups, and several links that could install malware and viruses onto your computer. If you do see those links, make sure to ignore and never download anything from them.

Other Malicious Scripts

If you do use other services like sweetCAPTCHA, make sure to closely read through their Terms of Use, and review the operation of the service over a period of a time. There are definitely other malicious scripts in services both intentional and unintentional. Common services like extensions, add-ons, and plug-ins include sliders, site meters, etc. If you select a product for use on your website, make sure to check the community to see if other users have reported any problems always keep a close eye on your website to make sure that nothing unexpected is occurring.

This issue is restricted to website owners, it's also a problem for website viewers. Malicious scripts can be hidden in advertising in websites. Always make sure to practice safe web browsing habits. If you use reputable malware scanners, make sure to keep them up-to-date.

What do I do for sweetCAPTCHA or other malware issues?

  • Use a different service and/or remove sweetCAPTCHA - at least until they remove the services and amend their Terms of Use
  • Carefully review services you purchase for your website
  • Make sure to review the terms of use
For more information, please see this SucuriBlog post.
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Did you find this article helpful?

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Need More Help?

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.