Just found out about base64_decode

by 19 replies
22
Just saw a video about this, that this usually is a bit of coding hidden in free themes. I have no idea what the code does (usually backlinks, if I understood correctly), only that it is/can be malicious. Now, if I have this coding in my themes I just change the theme, but can this damage my rankings or anything like that? Can this coding and what ever it's being used for be used for something that can hurt my site over time and even after I change the theme? I even found a lot of this coding in the Twenty Ten theme (I use the TAC plugin), and below I see the coding in plain text, and it's probably close to a hundred links hidden in the header. I mean, the theme made by the WP team is THE worst one. What's up with that? "Buy Cheap caverta", "Levitra Cupons" and "Buy Cheap Viagra" doesn't have a lot to do with WP, now does it.. :rolleyes:

With this many links pointing to shady sites - am I wrong to assume that this can affect my ranking?
#programming #base64decode #found
  • The default theme from WP does not include any spammy links, you got something else going on but it's def NOT from WP themselves.
  • Well, it's a brand new site and the Twenty Ten theme is what you get when you first install WP, is it not?
  • I highly doubt the wordpress team would be embedding hidden links into the theme, especially linking to viagra. The more likely reasons is there is a malicious plugin or third party theme - I would look into that first.
  • most probably a hacker got into your site or something, or maybe you are referring to theme backup code which is base64...
  • Linking to shady sites is not a good idea.

    I don't believe Wordpress themselves will ever put up secret links to Viagra sites in their default themes.

    You should install wordpress default theme again and make sure to get it directly from wordpress.
    • [1] reply
    • The site is so new it was indexed like 2 days ago. And I wouldn't be seing shady links if it was the backup code.

      My server is down. I will install the Twenty Ten over again when it's up and running and see if the problem is still there in the new download.
  • Nonsense. The Twenty Ten theme doesn't contain any such shenanigans.
    • [1] reply
    • Oh, I must be lying just to get your attention then.
      • [1] reply
  • Do you see these links in your actual template files? or is this just looking at 'view source code' through your browser?
  • The TAC is "translating" the code into these links, but for most of the themes it doesn't translate it into anything, the plugin just reads the coding as encrypted. I guess some of it is bad and some is not(?). Anyway, I emailed my hosting provider, I'll let you know what they say when they get back to me.
  • Base64 isn't necessarily malicious.
    It's legitimate coding, though it can be used for crap.
    • [ 1 ] Thanks
  • If it's on all your sites then its your hosting that got hacked. I've seen it before.
    One client on a shared server is out of date on security, others pay for it.

    Scan your sites
    Sucuri SiteCheck - Free Website Malware Scanner
    • [ 1 ] Thanks
    • [1] reply
    • Do I avoid this problem if I get a dedicated hosting?

      Found malware on one of my sites with the tool you linked too. I guess most of the coding isn't bad, but some of it obviously is. I have no idea how to fix it, though. Better google..

      Edit: Came across websitedefender.com. This is supposed to keep my sites safe, and as far as I can see it's safe too. Worth a try?
      • [1] reply
  • Often times a theme/plugin will get infected with malicious code. To hide the source from naive programmers the hacker will usually encode the source code using base64_encode and eval its contents. There is usually no need to encode any source code at all. The function base64_encode is usually used when you're dealing with binary data.

    If you think your web server is infected with a virus I created a script that scans your entire web-server for specific signatures (like the base64_encode).
  • I've found out what the coding says and that it belongs to a company in London, UK. I got an apology from the, and they said that they would "clean up" my site after themselves. Funny, can't remember to have given them access. But then again, I didn't do so when they hacked me either.

    I emailed them back, with no reply as of yet.

    I wanna make their life miserable. Any good tips on how to do so? I have links to several of their websites, so I can do a lot of damage if I hire one of my hacker friends..
    • [1] reply
    • I am left with a lot of questions. However, I wouldnt ask that last part if I were you, you're talking about a crime.
Join the discussion

Next Topics on Trending Feed

  • 22

    Just found out about base64_decode

    Just saw a video about this, that this usually is a bit of coding hidden in free themes. I have no idea what the code does (usually backlinks, if I understood correctly), only that it is/can be malicious. Now, if I have this coding in my themes I just change the theme, but can this damage my rankings or anything like that? Can this coding and what ever it's being used for be used for something that can hurt my site over time and even after I change the theme? I even found a lot of this coding in the Twenty Ten theme (I use the TAC plugin), and below I see the coding in plain text, and it's probably close to a hundred links hidden in the header. I mean, the theme made by the WP team is THE worst one. What's up with that? "Buy Cheap caverta", "Levitra Cupons" and "Buy Cheap Viagra" doesn't have a lot to do with WP, now does it.. :rolleyes: With this many links pointing to shady sites - am I wrong to assume that this can affect my ranking?