Hidden Code in functions.php

by 7 replies
9
Hi guys...
I purchased a WSO here the other day...
I was looking in the functions.php file to make some changes to wp template.

It seemed strange that this file was rather larger than normal in lenth.

Its 2684 lines deep... but only has about 100 lines of code...

aA whole bunch of stuff was pushed way down this page...
I did a comparison between this file and another functions file.

The code pushed way down deep seems to need looking into, by an expert programmer. Maybe its nothing but then maybe its something else...
the code is attached in funtions.txt file... just change to php again
Can someone look into this and advise please...

Regards
Wayne
#programming #code #functionsphp #hidden
  • yep, looks like it adds a whole bunch of links to the footer most of them go to a site called livejasmin.com

    these links only appear to search robots. So it is a stealth way to get backlinks.

    you can see these links if you imitate googlebot, go to this page enter the url for your site that has that plugin.
    View a Web Page as 'Googlebot'
    • [1] reply
    • I'd definitely demand a refund and also report the seller... This is clearly a scam where somebody tries to push some backlinks with his partner-id onto your site.


      Maybe I'd even get in touch with livejasmin and report their partner id "thierto"
      • [1] reply
  • definitely a "great" catch.. shady stuff indeed.

    if you don't mind, please post the WSO link that you purchased.

    peace
  • Hi Guys, sorry about my lateness to respond.

    The WSO is still running here...

    It is a package of 25 Health Niche Sites. Everyone of the functions.php are infected with the livejasmin code...

    Below is the link... I can't post the proper link becuase I don't have 15 posts here yet

    www .warriorforum.com/warrior-special-offers-forum/432752-private-label-rights-25-high-quality-premium-health-niche-blog-pack-psd-included-dirt-cheap-price-100-copies-only.html
  • This looks like an infection as a result of "timthumb vulnerability". If the theme uses an old version of timthumb.php, you should update the php file and clean the website. Uninstalling the theme may not help, because wordpress core files are usually infected too.

    Details can be found by searching "timthumb vulnerability".

    Attached you can find a scanning tool for timthumb. You can use it for Wordpress as well as non-WP websites. Simple upload the two files to your root directory and run tim-scan.php

    Edit: Oh, it seems I cannot attach a file and include links to the post :confused: You can download it from by searching Internet.
Join the discussion

Next Topics on Trending Feed