[HELP] Spam/Ads injected in Bubble page

One of my Bubble pages is showing errors on Google Search Console, and when I open the crawled page, I see tons of links that are being injected into the page for random websites about money, porn, etc.
I have only used plugins from Bubble’s directory, but it seems like it’s prone to hacking.
I am attaching a screenshot of what it looks like in the search console. So far, it seems to be localized to only that page.
When I download the page and read the HTML source, none of those links are showing. However, they are showing in Google’s console parsing.
Anyone else had a similar issue before?

Reminds me of this post. It looked like it was malware on the user’s computer.

Thanks for your reply, but I don’t think that is the issue.
I can only see those URLs when the page is scanned through Google Search Console, but they don’t show locally on my machine when I inspect the page or download it.

I’m not a cyber security expert, but common sense tells me it’s one of three things:

  1. Bubble has malware (very unlikely)
  2. You are using a 3rd party plugin that has or is malware (possible)
  3. Your PC has malware (but if the spam links are on what Google crawled, then I can’t see them being injected by your PC locally)

So I’m guessing it’s #2. And regarding the below…

3rd party (not Bubble developed) plugins from the plugin library aren’t vetted or monitored for quality by Bubble, so it’s buyer beware.

Or if you really think it’s a Bubble issue, then email support.

That is also my suspicion: a 3rd party plugin causing a vulnerability.

Let us know what you find. I’m thinking you should be able to find the injected code in google devtools and that might give you some clues on which plugin is causing the issue, if that is the issue.

Well, have you run the app in preview without plugins?


1 Like

This topic was automatically closed after 70 days. New replies are no longer allowed.