[SOLUTION] CKEditor svc.spellchecker.net Spellchecker in Drupal Causes Malware Warning

drupal ckeditor warning This morning, a client noticed a malware warning from Google Chrome when they tried to edit an article in Drupal. It turned out to be a domain (svc.spellchecker.net) from CKEditor (a WYSIWYG editor) was the cause. After some digging around, here are 2 ways to disable CKEditor spell checker from running. Both methods solved the malware warning from Chrome for Drupal 6:

Method 1:

1. Go to /admin/settings/ckeditor
2. Select the profile that you use or go through all of them if you wish:
3. Click on “Advanced options”
4. Set Spell checker: No
5. Click Save
6. Clear cache just in case

Method 2:

1. Go to /admin/settings/ckeditor
2. Select the profile that you use or go through all of them if you wish:
3. Click on “Advanced options”
4. Add “config.scayt_autoStartup = false;” without quotes to “Custom javascript configuration” section
5. Click Save
6. Clear cache just in case

Based on the Chrome warning, spellchecker.net has been notified of the malware warning. Hopefully, there is a fix sooner rather than later so we can enable the spell checker for CKEditor once again.

Author
Ian Lee
Work from home dad, marketer and photographer. Fallen in love with basketball all over again as I coach my daughter's team.

4 thoughts on “[SOLUTION] CKEditor svc.spellchecker.net Spellchecker in Drupal Causes Malware Warning”

  1. This issue did just crop up for us today as well as it seems svc.spellchecker.net just made Google’s security list.

    One note to the above, we are using CKeditor through the WYSIWG Drupal module and as such i do not have the /admin/settings/ckeditor options. I instead added config.scayt_autoStartup = false; to /sites/all/libraries/ckeditor/config.js.

    This did not remedy the problem as the svc.spellchecker.net reference was still in the file /sites/all/libraries/ckeditor/ckeditor.js and Google was obviously seeing it there. I removed (slightly changed) the URL there and it seems to have remedied the warning message.

    Reply
  2. @jv, that is interesting. We are also using CKeditor through a module and /admin/settings/ckeditor is definitely available. Could it be a permission issue for you or maybe different modules = different setups?

    Nonetheless, thanks for chiming in and sharing some good info for others with the same issue.

    Reply
  3. On October 20, 2011 http://www.spellchecker.net was reported as malware by Google due to embedding third-party content. While using Hosted SpellCheckAsYouType (SCAYT) and WebSpellChecker (WSC) services you could see a warning message about malware from web browser – Chrome or Firefox. WebSpellChecker.net team has resolved the issue immediately and Google approved the fix. Starting from October 21, 2011 http://www.spellchecker.net is not reported as malware.

    We would like to assure you that the WebSpellChecker.net software itself has been working properly; it’s only the part of the website http://www.spellchecker.net including free services pages was affected. We apologize for any inconvenience it may have caused you or your users.

    Your users and you would not receive any warning messages if the application were upgraded to the latest version. The instruction how to update the version can be found here http://www.webspellchecker.net/blog/?p=909

    We apologize for any inconvenience it may have caused you or your users.

    WebSpellChecker.net Team

    Reply
  4. @WebSpellChecker.net, thanks for chiming in to let us know that the malware issue has been resolved. That’s good news. Can you also provide more information on how Drupal users can perform the upgrade of your spell checker?

    Reply

Leave a Comment