9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

Hidden Code in functions.php

by WayneU
7 replies
Hi guys...
I purchased a WSO here the other day...
I was looking in the functions.php file to make some changes to wp template.

It seemed strange that this file was rather larger than normal in lenth.

Its 2684 lines deep... but only has about 100 lines of code...

aA whole bunch of stuff was pushed way down this page...
I did a comparison between this file and another functions file.

The code pushed way down deep seems to need looking into, by an expert programmer. Maybe its nothing but then maybe its something else...
the code is attached in funtions.txt file... just change to php again
Can someone look into this and advise please...

Regards
Wayne
#code #functionsphp #hidden
  • Profile picture of the author johnnyN
    yep, looks like it adds a whole bunch of links to the footer most of them go to a site called livejasmin.com

    these links only appear to search robots. So it is a stealth way to get backlinks.

    you can see these links if you imitate googlebot, go to this page enter the url for your site that has that plugin.
    View a Web Page as 'Googlebot'
    {{ DiscussionBoard.errors[4573699].message }}
    • Profile picture of the author Tashi Mortier
      I'd definitely demand a refund and also report the seller... This is clearly a scam where somebody tries to push some backlinks with his partner-id onto your site.


      Maybe I'd even get in touch with livejasmin and report their partner id "thierto"
      Signature

      Want to read my personal blog? Tashi Mortier

      {{ DiscussionBoard.errors[4584312].message }}
      • Profile picture of the author emdubl
        Ha. Nice catch. Pretty sneaky and something that probably a very small % of people would even think to look at...
        Signature
        how i make money online

        private investigator training
        {{ DiscussionBoard.errors[4585033].message }}
        • Profile picture of the author mojojuju
          Wow. It's pretty sneaky how they're only showing their links when the user agent is Googlebot, msnbot, or Slurp. So basically, they're showing these links only to crawlers so they'll get some link juice.

          I'd get a refund and expose these people for their shenanigans.

          I couldn't paste the code here because the forum choked on it, but here's a screenshot of it in case anybody is interested in seeing the sneaky stuff that's being done....



          Originally Posted by WayneU View Post

          Maybe its nothing but then maybe its something else...
          No. It's not nothing.

          What that code is doing is called search engine cloaking (showing different content to search engines than to visitors) and having it on your site might get you in some trouble with Google and others.

          I'd recommend that you bring this up in the WSO thread. It would be interesting to read his response.
          Signature

          :)

          {{ DiscussionBoard.errors[4585365].message }}
  • Profile picture of the author imarketstuff
    definitely a "great" catch.. shady stuff indeed.

    if you don't mind, please post the WSO link that you purchased.

    peace
    Signature
    I MARKET STUFF

    {{ DiscussionBoard.errors[4585628].message }}
  • Profile picture of the author WayneU
    Hi Guys, sorry about my lateness to respond.

    The WSO is still running here...

    It is a package of 25 Health Niche Sites. Everyone of the functions.php are infected with the livejasmin code...

    Below is the link... I can't post the proper link becuase I don't have 15 posts here yet

    www .warriorforum.com/warrior-special-offers-forum/432752-private-label-rights-25-high-quality-premium-health-niche-blog-pack-psd-included-dirt-cheap-price-100-copies-only.html
    {{ DiscussionBoard.errors[4652296].message }}
  • Profile picture of the author puckrobin
    This looks like an infection as a result of "timthumb vulnerability". If the theme uses an old version of timthumb.php, you should update the php file and clean the website. Uninstalling the theme may not help, because wordpress core files are usually infected too.

    Details can be found by searching "timthumb vulnerability".

    Attached you can find a scanning tool for timthumb. You can use it for Wordpress as well as non-WP websites. Simple upload the two files to your root directory and run tim-scan.php

    Edit: Oh, it seems I cannot attach a file and include links to the post :confused: You can download it from by searching Internet.
    {{ DiscussionBoard.errors[4659660].message }}

Trending Topics