If its blocking access to the site, it is being triggered by the IPS component's "Active Response". There are a few options.
1) Your site really is compromised, clean it. :)
2) It's a false positive, identify the source, then go into your IPS policy and set the signature for that detection to do nothing.
In the IPS policy, go to exceptions add that sig, tell it to allow (optionally log)
3) Turn off "active response" so it no longer blocks the site (still have to live with the popups and site might still be compromised)
4) Turn off IPS completely, because all the above are way too much work, I don't care if im compromised or not and I'm lazy :)
EDIT: 2a) Add an exclusion for that IP to the IPS policy, probably a slightly more secure way than ignoring that sig altogether.