GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   javascript loader in footer.php of free wordpress theme? (https://gfy.com/showthread.php?t=829344)

Angry Jew Cat - Banned for Life 05-19-2008 09:51 AM
javascript loader in footer.php of free wordpress theme?
 
my antivirus randomly spiut up a warning on a free wordpress theme i download a while back stating that it contained some type of JS downloader agent. This is the theme here...

http://www.wpthemesfree.com/view.php?theme_id=1787

Anyone able to look at that and tell what it is trying to do?

warning to the peoples

Code:
<?php $_F=__FILE__;$_X='Pz48ZDR2IDRkPSJmMjJ0NXIiPg0KPHA+IDxici8+DQogICAgPGI+PD9waHAgYmwyZzRuZjIoJ24xbTUnKTsgPz48L2I+DQogICAgZDVzNGduNWQgYnkgPDEgaHI1Zj0iaHR0cDovL3d3dy5uNXQtdDVjLTJubDRuNS5jMm0iPk5FVC1URUM8LzE+IDJmIDwxIGhyNWY9Imh0dHA6Ly93d3cuMXJ0NGs1bHY1cno1NGNobjRzLm41dC10NWMuYjR6Ij5BcnQ0azVsdjVyejU0Y2huNHM8LzE+Lg0KTTFkNSBmcjU1IGJ5OiANCjwxIGhyNWY9Imh0dHA6Ly93d3cuMWwyNXY1cjEtcHIyZDNrdDUuMXQiPjxzdHIybmc+QWwyNSBWNXIxPC9zdHIybmc+PC8xPiAxbmQgPDEgaHI1Zj0iaHR0cDovL3d3dy5rcjVkNHQuYjR6Ij48c3RyMm5nPlIxdDVua3I1ZDR0PC9zdHIybmc+PC8xPi4NCiA8L3A+DQo8L2Q0dj4NCjwvZDR2Pg0KDQo8P3BocCBkMl8xY3Q0Mm4oJ3dwX2YyMnQ1cicpOyA/Pg0KDQo8L2IyZHk+DQo8L2h0bWw+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

Angry Jew Cat - Banned for Life 05-19-2008 11:15 AM
bumping...

the cat is curious

DateDoc 05-19-2008 11:21 AM
A lot of free WP themes contain bad stuff these days. You don't need to hack servers to get a hold of WP blogs any more. Even the WP Themes page on wordpress.net contains a warning as more people have infected sites.

Quote:
There will also be moderation and review so that we can scan themes for XSS problems, malicious code, spam links, and other ways that people have been distributing malware themes.

Jace 05-19-2008 11:38 AM
looks like a typical encoded footer code

Jace 05-19-2008 11:39 AM
let me guess, you are seeing it in JUST the view code area, and not actually when you view the source of the page on the web?

if so, that is a footer that has been encoded so you don't remove the sponsored links

nothing malicious

Jace 05-19-2008 11:41 AM
Quote:
Originally Posted by DateDoc (Post 14207016)
A lot of free WP themes contain bad stuff these days. You don't need to hack servers to get a hold of WP blogs any more. Even the WP Themes page on wordpress.net contains a warning as more people have infected sites.
I have been installing 5-10 blogs a day, using all free themes, and not one single wordpress theme has ever had anything malicious in it

can you show me examples?

the great thing about getting them wordpress.net is that thousands of people a day grab them from there too, and if ANYONE tried anything evil, it would be removed and the user banned in minutes

DateDoc 05-19-2008 12:14 PM
Quote:
Originally Posted by Jace (Post 14207151)
I have been installing 5-10 blogs a day, using all free themes, and not one single wordpress theme has ever had anything malicious in it

can you show me examples?

the great thing about getting them wordpress.net is that thousands of people a day grab them from there too, and if ANYONE tried anything evil, it would be removed and the user banned in minutes
http://5thirtyone.com/archives/870
http://digg.com/security/WARNING_Wor...licious_ code


All times are GMT -7. The time now is 05:28 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123