|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
 |
|
|||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
|
Thread Tools |
05-19-2008, 09:51 AM
|
#1 |
|
(felis madjewicus)
Industry Role:
Join Date: Jul 2006
Location: In Mom & Dad's Basement
Posts: 20,368
|
javascript loader in footer.php of free wordpress theme?
my antivirus randomly spiut up a warning on a free wordpress theme i download a while back stating that it contained some type of JS downloader agent. This is the theme here...
http://www.wpthemesfree.com/view.php?theme_id=1787 Anyone able to look at that and tell what it is trying to do? warning to the peoples Code:
<?php $_F=__FILE__;$_X='Pz48ZDR2IDRkPSJmMjJ0NXIiPg0KPHA+IDxici8+DQogICAgPGI+PD9waHAgYmwyZzRuZjIoJ24xbTUnKTsgPz48L2I+DQogICAgZDVzNGduNWQgYnkgPDEgaHI1Zj0iaHR0cDovL3d3dy5uNXQtdDVjLTJubDRuNS5jMm0iPk5FVC1URUM8LzE+IDJmIDwxIGhyNWY9Imh0dHA6Ly93d3cuMXJ0NGs1bHY1cno1NGNobjRzLm41dC10NWMuYjR6Ij5BcnQ0azVsdjVyejU0Y2huNHM8LzE+Lg0KTTFkNSBmcjU1IGJ5OiANCjwxIGhyNWY9Imh0dHA6Ly93d3cuMWwyNXY1cjEtcHIyZDNrdDUuMXQiPjxzdHIybmc+QWwyNSBWNXIxPC9zdHIybmc+PC8xPiAxbmQgPDEgaHI1Zj0iaHR0cDovL3d3dy5rcjVkNHQuYjR6Ij48c3RyMm5nPlIxdDVua3I1ZDR0PC9zdHIybmc+PC8xPi4NCiA8L3A+DQo8L2Q0dj4NCjwvZDR2Pg0KDQo8P3BocCBkMl8xY3Q0Mm4oJ3dwX2YyMnQ1cicpOyA/Pg0KDQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>
|
|
|
|
05-19-2008, 11:15 AM
|
#2 |
|
(felis madjewicus)
Industry Role:
Join Date: Jul 2006
Location: In Mom & Dad's Basement
Posts: 20,368
|
bumping...
the cat is curious |
|
|
|
|
05-19-2008, 11:21 AM
|
#3 | |
|
Outside looking in.
Industry Role:
Join Date: Feb 2005
Location: To Hell You Ride
Posts: 14,243
|
A lot of free WP themes contain bad stuff these days. You don't need to hack servers to get a hold of WP blogs any more. Even the WP Themes page on wordpress.net contains a warning as more people have infected sites.
Quote:
__________________
|
|
|
|
|
|
05-19-2008, 11:38 AM
|
#4 |
|
FBOP Class Of 2013
Industry Role:
Join Date: Jan 2004
Location: bumfuck, ky
Posts: 35,562
|
looks like a typical encoded footer code
|
|
|
|
|
05-19-2008, 11:39 AM
|
#5 |
|
FBOP Class Of 2013
Industry Role:
Join Date: Jan 2004
Location: bumfuck, ky
Posts: 35,562
|
let me guess, you are seeing it in JUST the view code area, and not actually when you view the source of the page on the web?
if so, that is a footer that has been encoded so you don't remove the sponsored links nothing malicious |
|
|
|
|
05-19-2008, 11:41 AM
|
#6 | |
|
FBOP Class Of 2013
Industry Role:
Join Date: Jan 2004
Location: bumfuck, ky
Posts: 35,562
|
Quote:
can you show me examples? the great thing about getting them wordpress.net is that thousands of people a day grab them from there too, and if ANYONE tried anything evil, it would be removed and the user banned in minutes |
|
|
|
|
|
05-19-2008, 12:14 PM
|
#7 | |
|
Outside looking in.
Industry Role:
Join Date: Feb 2005
Location: To Hell You Ride
Posts: 14,243
|
Quote:
http://digg.com/security/WARNING_Wor...licious_ code
__________________
|
|
|
|
|
