1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Something happened to my website, what exactly?

Discussion in 'Black Hat SEO' started by Quazpolter, Jan 23, 2012.

  1. Quazpolter

    Quazpolter Junior Member

    Joined:
    Dec 29, 2011
    Messages:
    114
    Likes Received:
    23
    <HTML>
    <HEAD>
    <TITLE>404 Not Found</TITLE>
    </HEAD>
    <BODY>
    <H1>Not Found</H1>
    The requested document was not found on this server.
    <P>
    <HR>
    <ADDRESS>
    Web Server at j-query.org
    </ADDRESS>
    </BODY>
    </HTML>



    i can read the blog posts fine but this is at the top of the page source, what happened? it was fine a few hours ago, I changed nothing.
     
  2. Quazpolter

    Quazpolter Junior Member

    Joined:
    Dec 29, 2011
    Messages:
    114
    Likes Received:
    23
    i found this

    wpmu DOT org/beware-fake-jquery-calls-in-wordpress-plugins-from-the-repo/

    it says that j-query.org is fake

    Did I download a theme with malicious code in it and get hacked?
     
  3. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    999
    You didn't get hacked, but you did install a rogue plugin or theme and it is injecting that (now non-existent) fake jquery library.

    Disable your plugins one by one till you find the culprit code. Check your theme too. Once you find out what is responsible either find a suitable alternative, or remove the malicious curl function from the php.
     
  4. Seo Lover

    Seo Lover Jr. Executive VIP Jr. VIP Premium Member

    Joined:
    Jan 30, 2011
    Messages:
    5,698
    Likes Received:
    4,127
    Gender:
    Male
    Occupation:
    Hanging Around Interwebs !
    Location:
    <-----------------Sin City
    Thats a theme issue or might be plugin issue
    Whatever you have newly installed delete it
    through FTP and your site will be up again
     
  5. Quazpolter

    Quazpolter Junior Member

    Joined:
    Dec 29, 2011
    Messages:
    114
    Likes Received:
    23
    It seems it is the theme, how do I go about finding the malicious code and removing it? Anything to look out for? What file would it be in?

    Sorry, I'm a complete noob.

    exploit scanner found this

    wp-content/themes/thesis_182/lib/scripts/jscolor/jscolor.js:78
    Often used to execute malicious code eval('prop='+m[3])
    wp-content/plugins/pretty-link/includes/jquery/js/jquery-1.3.2.min.js:12
    Often used to execute malicious code .src,async:false,dataType:"script"})}else{o.globalEval(F.text||F.textContent||F.innerHTML||"")}if(F.pa
    wp-content/plugins/pretty-link/includes/jquery/js/jquery-1.3.2.min.js:19
    Often used to execute malicious code )}if(typeof I==="string"){if(H=="script"){o.globalEval(I)}if(H=="json"){I=l["eval"]("("+I+")")}}return
    wp-content/plugins/pretty-link/includes/jquery/js/jquery-ui-1.7.1.custom.min.js:122
    Often used to execute malicious code s=inlineSettings||{};try{inlineSettings[attrName]=eval(attrValue)}catch(err){inlineSettings[attrName]=
    wp-content/plugins/pretty-link/includes/version-2-kvasir/js/json/json2.js:444
    Often used to execute malicious code j = eval('(' + text + ')');
    wp-content/plugins/exitsplash/files/lightbox/jquery.lightbox.min.js:17
    Often used to execute malicious code eval(function(p,a,c,k,e,r){e=function(c){return(c<a?
    wp-content/plugins/exitsplash/files/jquery-1.5.2.min.js:16
    Often used to execute malicious code x({url:b.src,async:!1,dataType:"script"}):d.globalEval(b.text||b.textContent||b.innerHTML||""),b.parentNode&&b.parentNode.removeChild(b)}functi [line truncated]
    wp-content/plugins/exitsplash/colorpicker/js/jquery.js:552
    Often used to execute malicious code jQuery.globalEval( elem.text || elem.textContent || elem.innerHTM
    wp-content/plugins/exitsplash/colorpicker/js/jquery.js:3721
    Often used to execute malicious code jQuery.globalEval( data );

    Eval( was highlited. Both are "nulled" things that I downloaded
     
    Last edited: Jan 23, 2012
  6. anonapersons

    anonapersons Newbie

    Joined:
    Dec 18, 2011
    Messages:
    26
    Likes Received:
    2
    can you still login to admin panel?
     
  7. Quazpolter

    Quazpolter Junior Member

    Joined:
    Dec 29, 2011
    Messages:
    114
    Likes Received:
    23
    yes, trying to find a file that contains j-query, but what if it is encrypted?
     
  8. Quazpolter

    Quazpolter Junior Member

    Joined:
    Dec 29, 2011
    Messages:
    114
    Likes Received:
    23
    found it and deleted it
     
  9. ezines

    ezines Power Member

    Joined:
    Jan 3, 2011
    Messages:
    712
    Likes Received:
    216
    Occupation:
    Online/Offline
    Location:
    Somewhere On Earth
    Last edited: Feb 2, 2012