Blue Zinfandel theme injection

  • Resolved stulegmo

    (@stulegmo)


    15 years, 3 months ago

    Hello All,
    Recently I got an annoying viagra link displayed in the Home of a blog I manage. To put it short, I’ve discovered that the culprit was the theme I was using, Blue Zinfadel, that has been tampered with base64coded commands to link a viagra site.

    To get rid of the problem – AFAIK – in heaeder.php do remove this
    <link rel="Shortcut Icon" href="<?php require_once("theme_licence.php"); eval(base64_decode($f1));
    and in r_sidebar.php this one
    <?php require_once(“theme_licence.php”); if(!function_exists("get_credits")) { eval(base64_decode($f1)); } if ( function_exists('dynamic_sidebar') && dynamic_sidebar(2) ) : else : ?>

    Honestly, I don’t remember from where I downloaded the theme (that, BTW, worked fine for months until a week ago). Since, obviously, I have no doubt of the theme’s author good faith, my guesses are that somebody realized a Blue Zinfandel tampered and unauthorized version, or that my blog has been specifically attacked.

    Anyway, the problem now is (hopefully) gone, and I just wanted to share the workaround.

  • The topic ‘Blue Zinfandel theme injection’ is closed to new replies.