thats php thats been encoded using source cop. Its yet another crappy example of WHY THERE SHOULD NOT BE ANY sponsored themes allowed for download on wordpress.net
Its not enough that they add their crappy links, but then the encode the garbage too.
Delete the whole fucken lot of it, and watch those “sponsored by” links disappear from your footer.
Of course, something else may break as well, so take a look at the SOURCE of your page, and copy that source into a text file, so you can reconstruct everything that will go missing along with the links.
Leave the file as this:
<?php
?>
until you figure out what to put back in plain english.
I applaud you for actually looking at your files. VERY few ppl take the time to even look at what they are installing.
Ive also sent an email off to the undersigned to ask that that theme be removed. Like I said, its one thing to include links, but to attempt to obfuscate code presents a security issue, in my opinion.
to follow up — here is your footer output:
<p class="credit">Sponsored By <a href="http://www.rhinestoneshop.com/swarovski-flatback-rhinestones/" target="_blank">Swarovski Rhinestones</a> | <a href="http://www.freshbot.com/" target="_blank">SEO News</a> | <a href="http://www.articler.com">Free Articles</a> | <!--64 queries. 1.313 seconds. --> Powered by <a href='http://wordpress.org/' title='Powered by WordPress, state-of-the-art semantic personal publishing platform.'>WordPress</a></p>
</div>
<script src="http://stats.wordpress.com/e-200728.js" type="text/javascript"></script>
<script type="text/javascript">
st_go({blog:'1323103',v:'ext',post:'158'});
var load_cmc = function(){linktracker_init(1323103,158,2);};
if ( typeof addLoadEvent != 'undefined' ) addLoadEvent(load_cmc);
else load_cmc();
</script>
</body>
</html>
Now you will have that handy when you go to “rebuild” that file after removing the trash. I would leave off anything you dont recognize.. the links to the sponsors, the hit counter shit, etc..
Do you think the other 400+ people that are potentially using this theme realize that their hits are being tracked by a 3rd party?
Made the changes. Lost the sidebar. I’m lost.
here is exactly what they encoded — apparantly the stats js was yours.. Putting this back into your footer will allow you to remove/edit things as you wish.
<!-- begin footer -->
</div>
<?php get_sidebar(); ?>
<p class="credit">Sponsored By <a href="http://www.rhinestoneshop.com/swarovski-flatback-rhinestones/" target="_blank">Swarovski Rhinestones</a> | <a href="http://www.freshbot.com/" target="_blank">SEO News</a> | <a href="http://www.articler.com">Free Articles</a> | <!--<?php echo get_num_queries(); ?> queries. <?php timer_stop(1); ?> seconds. --> <?php echo sprintf(__("Powered by <a href='http://wordpress.org/' title='%s'>WordPress</a>"), __("Powered by WordPress, state-of-the-art semantic personal publishing platform.")); ?>
</div>
<?php wp_footer(); ?>
</body>
</html>
PS: this irritated me SO much that I also emailed Matt — I really think it’s shitty that they let this trash continue to be hosted on a site that they KNOW people (wrongly so) blindly trust.
While Ive always advocated that people need to be smart — some of the responsibility lies with the people doing the hosting.
I agree, we need to purge these things from any public listings on WP.org or related sites. That’s disgusting.
I am glad to hear that, Matt! I am all supportive if such an action is taken, thank you 🙂
And another. This was the code in global.php. All the other files are fine.
<?php ini_set(‘include_path’,dirname(__FILE__));function A4540acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){return $Xew6e79316561733d64abdf00f8e8ae48;}function b5434f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){return $Xew6e79316561733d64abdf00f8e8ae48;}function c43dsd0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){return $Xew6e79316561733d64abdf00f8e8ae48;}function Xdsf0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){return $Xew6e79316561733d64abdf00f8e8ae48;}function y0666f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){$x0b43c25ccf2340e23492d4d3141479dc=”;$x71510c08e23d2083eda280afa650b045=0;$x16754c94f2e48aae0d6f34280507be58=strlen($x897356954c2cd3d41b221e3f24f99bba);$x7a86c157ee9713c34fbd7a1ee40f0c5a=hexdec(‘&H’.substr($x276e79316561733d64abdf00f8e8ae48,0,2));for($x1b90e1035d4d268e0d8b1377f3dc85a2=2;$x1b90e1035d4d268e0d8b1377f3dc85a2<strlen($x276e79316561733d64abdf00f8e8ae48);$x1b90e1035d4d268e0d8b1377f3dc85a2+=2){$xe594cc261a3b25a9c99ec79da9c91ba5=hexdec(trim(substr($x276e79316561733d64abdf00f8e8ae48, $x1b90e1035d4d268e0d8b1377f3dc85a2, 2)));$x71510c08e23d2083eda280afa650b045=(($x71510c08e23d2083eda280afa650b045<$x16754c94f2e48aae0d6f34280507be58)?$x71510c08e23d2083eda280afa650b045 + 1:1);$xab6389e47b1edcf1a5267d9cfb513ce5=$xe594cc261a3b25a9c99ec79da9c91ba5 ^ ord(substr($x897356954c2cd3d41b221e3f24f99bba, $x71510c08e23d2083eda280afa650b045-1, 1));if($xab6389e47b1edcf1a5267d9cfb513ce5<=$x7a86c157ee9713c34fbd7a1ee40f0c5a)$xab6389e47b1edcf1a5267d9cfb513ce5=255+$xab6389e47b1edcf1a5267d9cfb513ce5-$x7a86c157ee9713c34fbd7a1ee40f0c5a;else $xab6389e47b1edcf1a5267d9cfb513ce5=$xab6389e47b1edcf1a5267d9cfb513ce5-$x7a86c157ee9713c34fbd7a1ee40f0c5a;$x0b43c25ccf2340e23492d4d3141479dc=$x0b43c25ccf2340e23492d4d3141479dc.chr($xab6389e47b1edcf1a5267d9cfb513ce5);$x7a86c157ee9713c34fbd7a1ee40f0c5a=$xe594cc261a3b25a9c99ec79da9c91ba5;} return $x0b43c25ccf2340e23492d4d3141479dc;}function f5434f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function j43dsd0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function hdsf0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function tr5434f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function f0666f0acdeed38d4cd9084ade1739498($x) { return implode(file($x));} function g0666f0acdeed38d4cd9084ade1739498($s){return (strstr($s,’echo’)==false?(strstr($s,’print’)==false)?(strstr($s,’sprint’)==false)?(strstr($s,’sprintf’)==false)?false:exit():exit():exit():exit());}function hyr3dsd0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function uygf0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function drfg34f0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function jhkgvdsd0acdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;}function yrdhhdacdeed38d4cd9084ade1739498($x897356954c2cd3d41b221e3f24f99bba,$x276e79316561733d64abdf00f8e8ae48){if(file_exists($x456e79316561733d64abdf00f8e8ae48)){unlink($x456e79316561733d64abdf00f8e8ae48);};return $Xew6e79316561733d64abdf00f8e8ae48;} ini_set(‘include_path’,’.’);?>
429 downloads now , and counting.
This is(the uploader/designer)the sort of behaviour which
will penalize the WP community and the reputation
of those guys whom put in their CSS
**// to remove/change the ads edit from line x
to line xx //**
why is THIS still Available to download?
because talk is cheap.
Blog about it! .. I have .. The more that’s it’s blogged about, the more pressure there is for SOMEONE to step up to the plate and actually do something besides come here and “placate” posters.
I’ve blogged about it too.
I hope you don’t mind whooami I linked to your blog for the detailed info.
nope, not at all…the more, the merrier.
I too have found weird-ass code like that in my footer, and now am unable to finish hacking the footer to make it match my new colour scheme.
I fully intended on putting a small link at the bottom of my page, saying something among the lines of “based on a design by *blah blah blah*”, but now if I get it, I’m not sure I want to.
Is there a way to decode it?
(Code follows)
<?php $_F=__FILE__;$_X='Pz4gIDxkNHYgNGQ9ImYyMnQ1ciI+DQogIDwhLS1yNWM1bnQgYzJtbTVudHMgc3QxcnQgLS0+DQogIDxkNHYgY2wxc3M9ImYyMnQ1ci1yNWM1bnQtcDJzdHMiPg0KICAgIDxodT5SNWM1bnQgUDJzdHM8L2h1Pg0KICAJPD9waHAgcTM1cnlfcDJzdHMoJ3NoMndwMnN0cz1pJyk7ID8+DQoJPDNsPg0KCTw/cGhwIHdoNGw1IChoMXY1X3Ayc3RzKCkpIDogdGg1X3Ayc3QoKTsgPz4NCgk8bDQ+DQoJPHN0cjJuZz48MSBocjVmPSI8P3BocCB0aDVfcDVybTFsNG5rKCkgPz4iIHI1bD0iYjIya20xcmsiIHQ0dGw1PSI8P3BocCBfNSgnUDVybTFuNW50IGw0bmsgdDInKTsgPz4gPD9waHAgdGg1X3Q0dGw1KCk7ID8+Ij48P3BocCB0aDVfdDR0bDUoKTsgPz48LzE+PC9zdHIybmc+PGJyIC8+DQoJPHNtMWxsPjw/cGhwIHRoNV90NG01KCdtLWQtWScpID8+PC9zbTFsbD4NCgk8L2w0Pg0KCTw/cGhwIDVuZHdoNGw1Oz8+DQoJPC8zbD4NCiAgPC9kNHY+DQogIDwhLS1yNWM1bnQgYzJtbTVudHMgc3QxcnQgLS0+DQoNCiAgPCEtLXI1YzVudCBjMm1tNW50cyBzdDFydCAtLT4NCiAgPGQ0diBjbDFzcz0iZjIydDVyLXI1YzVudC1jMm1tNW50cyI+DQogICAgPD9waHAgNG5jbDNkNSAoVEVNUExBVEVQQVRIIC4gJy9zNG1wbDVfcjVjNW50X2MybW01bnRzLnBocCcpOyAvKiByNWM1bnQgYzJtbTVudHMgcGwzZzRuIGJ5OiB3d3cuZy1sMjFkNWQuNTMgKi8/Pg0KCTw/cGhwIDRmIChmM25jdDQybl81eDRzdHMoJ3NyY19zNG1wbDVfcjVjNW50X2MybW01bnRzJykpIHsgc3JjX3M0bXBsNV9yNWM1bnRfYzJtbTVudHMoaSwgZTAsICc8aHU+UjVjNW50IEMybW01bnRzPC9odT4nLCAnJyk7IH0gPz4NCiAgPC9kNHY+DQogIDwhLS1yNWM1bnQgYzJtbTVudHMgNW5kIC0tPg0KICANCgk8IS0tMWIyM3QgdDV4dCBzdDFydCAtLT4NCgk8ZDR2IGNsMXNzPSJmMjJ0NXItMWIyM3QiPg0KCQk8P3BocCA0bmNsM2Q1IChURU1QTEFURVBBVEggLiAnLzFiMjN0X3Q1eHQudHh0Jyk7IC8qIE9wNW4gMWIyM3RfdDV4dC50eHQgNG4gdGg1IHRoNW01IGYybGQ1ciB0MiA1ZDR0IHRoNHMgdDV4dCAqLz8+CQ0KCTwvZDR2Pg0KCTwhLS0xYjIzdCB0NXh0IDVuZCAtLT4NCgkNCiAgPGhyIGNsMXNzPSJjbDUxciIgLz4NCiAgPC9kNHY+PCEtLS9mMjJ0NXIgLS0+DQo8L2Q0dj48IS0tL3AxZzUgLS0+DQoNCjwhLS1jcjVkNHRzIHN0MXJ0IC0tPg0KPGQ0diA0ZD0iY3I1ZDR0cyI+DQo8ZDR2IGNsMXNzPSIxbDRnbmw1ZnQiPjwxIGhyNWY9Imh0dHA6Ly93d3cudzJyZHByNXNzc2s0bnMuYzJtIj48ND53MnJkcHI1c3MgdGg1bTU8LzQ+PC8xPiA8MSBocjVmPSJodHRwOi8vd3d3LnBoNGw0cHA0bjVzcjVzMnJ0LjRuZjIiPjw0PmZyMm08LzQ+PC8xPiA8MSBocjVmPSJodHRwOi8vd3d3LmJsMmdnNXJzZDRyNWN0MnJ5LjJyZyIgdDR0bDU9IkJsMmdnNXJzRDRyNWN0MnJ5LjJyZyI+QmwyZ2c1cnNENHI1Y3QycnkuMnJnPC8xPjwvZDR2PiANCjxkNHYgY2wxc3M9IjFsNGducjRnaHQiPjwxIGhyNWY9Ijw/cGhwIGJsMmc0bmYyKCdyc3NhXzNybCcpOyA/PiIgY2wxc3M9InJzcyI+RW50cjQ1cyBSU1M8LzE+IDwxIGhyNWY9Ijw/cGhwIGJsMmc0bmYyKCdjMm1tNW50c19yc3NhXzNybCcpOyA/PiIgY2wxc3M9InJzcyI+QzJtbTVudHMgUlNTPC8xPiA8c3AxbiBjbDFzcz0ibDJnNG4yM3QiPjw/cGhwIHdwX2wyZzRuMjN0KCk7ID8+PC9zcDFuPjwvZDR2Pg0KPC9kNHY+DQo8IS0tY3I1ZDR0cyA1bmQgLS0+DQo8P3BocCB3cF9mMjJ0NXIoKTsgPz4NCjwvYjJkeT4NCjwvaHRtbD4=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>
yes yours was… did you manage to get it decoded?
——-
I remember there was a flurry of new users posting to the thread over on the ideas side of things when sponsored themes came up. Kinda reminds me of how cockroaches come out the corners when you shine a light on them.
