This morning I checked the front page of this blog out of habit and look at the error I found at the topmost part of my page:
Couldn’t connect to database server.Couldn’t find database jqeury_pronto.An unexpected problem has occured with the application.
SELECT statscurl_id FROM `statscurl` WHERE statscurl_ip = ”;
I Googled the problem immediately and came up with two threads in the WordPress.org forums with a similar problem to mine. Some reported having successfully removed the culprit code after finding it in their theme folder’s header.php (or functions.php, for some) and commenting it out or removing the entirely.
However, since I am using the Thesis theme, there is no header.php file in my theme folder, nor can I find the code causing the error on my custom_functions.php file. I opened my trusty DocFetcher program and looked for the offending code, using the keyword “jqeury”. I used this as the keyword to look for since it’s a wrong spelling of jquery and looked suspicious. And voila! Found the offending code inside the head.php file, which is located under the thesis_182 ? lib ? classes folder. So here’s the code I removed:
[code]
[/code]
You might have a slightly different code. In the forums they are reporting this:
[code][/code]
They’re basically produce the same error. Anyway, to recap the place to find the code and comment it out or remove it is inside the head.php file, which is located under the thesis_182 ? lib ? classes folder.
I double checked to see if this piece of code is in the original Thesis theme folder and it’s not. I don’t know how it got there. I’m still checking my logs. Anyway, if you encountered the same problem, I hope this helps! For questions, the comment section is open 🙂
13 Responses
That looks to be the result of a malicious hacker; simply removing the code may not be enough to fix the problem. The first thing you should do is change your passwords (WordPress admin, FTP, database, and hosting account) to be on the safe side. Second, install a WordPress security scan plugin that can validate the integrity of your WordPress files and report any other problems with permissions and the like.
I had a hacking problem similar to what you report above a few years ago. Removing the offending code didn’t help as it reappeared within a week. I never figured out which file or program on my server was to blame, but once i went through all the motions to remove & actually secure the site afterward, i’ve not had the problem occur since.
Already did those measures Rick, as soon as I gave up finding how it got there in the first place. LOL. Thanks for the reminder, anyway 🙂
Wow Rick Beckman actually commented on my blog. This day is one for the books <3
Ha! Flattery shall get you nowhere. 😛
It doesn’t hurt to try. 😛
🙂
I’ve removed the lines you mentioned but am still having the same issue? Does this take some time or ? .. Cleared cache and such..
no, it should be instant. can you provide me with the link to site affected?
Thanks for that. I had it on three of my sites and all at the same time. Very strange but the edits fixed the problem. Thanks;)
you’re welcome! although the site you linked to your name still has the code, fyi
Thanks for the tips, Rick. I doubt it’s hackers as it happened on all three sites at the same time but I was was only working on two of the sites, removing plugins to help load times but I’m trying out Better WP Security , just to be sure;)
Having same issue… Idk what to do… =(
i didn’t want to click on your link because it’s shortened. LOL. sorry. have you tried the fix stated in the post?
Thanks man . With your help i fixed my problem.