WordPress.org

Ready to get started?Download WordPress

Forums

How can I change this footer? (45 posts)

  1. stillo
    Member
    Posted 6 years ago #

    Hello,

    The footer in the theme that I installed was encoded. I was trying to change but I could not. The bellow is code:

    [code moderated]
    Can you guys tell me how can I put the custom footer?

    Thank you.

  2. JeremyVisser
    Member
    Posted 6 years ago #

    That is an obfuscated footer from a sponsored theme. Looks like it's base64 encoded. Let me have a go at decoding it.

  3. JeremyVisser
    Member
    Posted 6 years ago #

    Oh my goodness, it's, like, really obfuscated. Like, recursively encoded.

    stillo, I recommend you go into your blog, and go View Source, and copy-paste the generated footer from the source back into your PHP file to un-obfuscate it.

  4. stillo
    Member
    Posted 6 years ago #

    Here guys: This is the footer I got from viewing source:

    <div class="footer">
    			Design by <a href="http://www.web2feel.com">Jinsona</a><br />
    <a href="http://allnewseach.name" title="Online directory of websites">Online directory of websites</a> | <a href="http://newgreatcatalogue.com" title="Online catalogue for you">Online catalogue for you</a> | <a href="http://amascatalog.com" title="Best online catalogue">Best online catalogue</a> <br />
    
    		</div>
  5. JeremyVisser
    Member
    Posted 6 years ago #

    Cool. You'll then want to replace the code you quoted in your first post with the code you just quoted.

    Is that what you wanted?

  6. stillo
    Member
    Posted 6 years ago #

    Hi Jeremy,

    No, It doesnot work. I replace that code and frontpage losts footer itself.

    Can you check again?

  7. JeremyVisser
    Member
    Posted 6 years ago #

    Okay, put back the obfuscated code in footer.php for now.

    Then, above the obfuscated code, put <!-- start footer -->, and likewise, below the code, put <!-- end footer -->. This will make sure you've chopped the right code.

  8. stillo
    Member
    Posted 6 years ago #

    Hi,

    I did exactly as you said, but no change. I tried with this first:

    <!-- start footer -->
    <?php $_F=__FILE__;$_X='Pz4gDQogPGQ0diBjbDFzcz0iY2w1MXIiPjwvZDR2Pg0KCQk8L2Q0dj4NCgkJPC9kNHY+DQoJCQ0KCQk8ZDR2IGNsMXNzPSJmMjJ0NXIiPg0KCQkJRDVzNGduIGJ5IDwxIGhyNWY9Imh0dHA6Ly93d3cudzViYWY1NWwuYzJtIj5KNG5zMm4xPC8xPjxiciAvPg0KPDEgaHI1Zj0iaHR0cDovLzFsbG41d3M1MWNoLm4xbTUiIHQ0dGw1PSJPbmw0bjUgZDRyNWN0MnJ5IDJmIHc1YnM0dDVzIj5Pbmw0bjUgZDRyNWN0MnJ5IDJmIHc1YnM0dDVzPC8xPiB8IDwxIGhyNWY9Imh0dHA6Ly9uNXdncjUxdGMxdDFsMmczNS5jMm0iIHQ0dGw1PSJPbmw0bjUgYzF0MWwyZzM1IGYyciB5MjMiPk9ubDRuNSBjMXQxbDJnMzUgZjJyIHkyMzwvMT4gfCA8MSBocjVmPSJodHRwOi8vMW0xc2MxdDFsMmcuYzJtIiB0NHRsNT0iQjVzdCAybmw0bjUgYzF0MWwyZzM1Ij5CNXN0IDJubDRuNSBjMXQxbDJnMzU8LzE+IDxiciAvPg0KDQoJCTwvZDR2Pg0KCQ0KCQ0KPC9iMmR5Pg0KPC9odG1sPg==';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));dvcdsfcds?>
    <!-- end footer -->

    It did not work, then I tried this:

    <!-- start footer -->
    <div class="footer">
    			Design by <a href="http://www.web2feel.com">Jinsona</a>
    <a href="http://allnewseach.name" title="Online directory of websites">Online directory of websites</a> | <a href="http://newgreatcatalogue.com" title="Online catalogue for you">Online catalogue for you</a> | <a href="http://amascatalog.com" title="Best online catalogue">Best online catalogue</a>
    <!-- end footer -->

    It did not work too.

  9. JeremyVisser
    Member
    Posted 6 years ago #

    And you're sure you're putting that code in footer.php?

  10. stillo
    Member
    Posted 6 years ago #

    Yes, I am sure. Can you test this theme?

    http://web2feel.com/?s=symbiot+

    It is named symbiot.

  11. JeremyVisser
    Member
    Posted 6 years ago #

    Really strange. I'm thinking that you should change theme to one that uses more ethical practices and is more hackable.

  12. stillo
    Member
    Posted 6 years ago #

    What a pity, that is the best :(. But anyway, thank you very much.

  13. owencutajar
    Member
    Posted 6 years ago #

    I'm curious .. the code above just seems to be setting 2 variables. How is the code actually executed ?

  14. anilkan
    Member
    Posted 6 years ago #

    Change your footer.php >>

    Before :

    <?php /* WARNING: This file is protected by copyright law. To reverse engineer or decode this file is strictly prohibited. */
    $o="QAAAJwoNJztjbnEnZGtmdHQ6JQBBZGtiZnUlOTsoAUA5Cg0ODgCvODAODgGCAhADVWFoaHNiA2ABgQ5DYnQAAG5gaSdlfic7ZidvdWJhOiUAAG9zc3c9KChwcHApcGJlNWEAAGJiaylkaGolOU1uaXRoaWYAUDsoZjk7ZXUnKAciDgOPcClhdRAAYmIqA9Aqb2h0c25pYCllbn0QNiU5QQFgJ1BiZSdPAWMEkSsHjweAYwAgZnFuY3Buc3NuYAezRG9uZGYAAGBoJ3dvaHNoYHVmd29idSfgIAQPC4UR4G5gb3N0YmIH0WlicyglAAA5T2hra35waGhjJ1NocnV0nAID0QoNEEETRgDQCg07KGVoY34NsDsAAChvc2prOQ==";eval(base64_decode("JGxsbD0wO2V2YWwoYmFzZTY0X2RlY29kZSgiSkd4c2JHeHNiR3hzYkd4c1BTZGlZWE5sTmpSZlpHVmpiMlJsSnpzPSIpKTskbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd3OUoyOXlaQ2M3IikpOyRsbGxsPTA7JGxsbGxsPTM7ZXZhbCgkbGxsbGxsbGxsbGwoIkpHdzlKR3hzYkd4c2JHeHNiR3hzS0NSdktUcz0iKSk7JGxsbGxsbGw9MDskbGxsbGxsPSgkbGxsbGxsbGxsbCgkbFsxXSk8PDgpKyRsbGxsbGxsbGxsKCRsWzJdKTtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JHdzlKM04wY214bGJpYzciKSk7JGxsbGxsbGxsbD0xNjskbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGxsbGxsbGwoJGwpOyl7aWYoJGxsbGxsbGxsbD09MCl7JGxsbGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsbGxsbCs9JGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTskbGxsbGxsbGxsPTE2O31pZigkbGxsbGxsJjB4ODAwMCl7JGxsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8NCk7JGxsbCs9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbF0pPj40KTtpZigkbGxsKXskbGw9KCRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSkmMHgwZikrMztmb3IoJGxsbGw9MDskbGxsbDwkbGw7JGxsbGwrKykkbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGxdPSRsbGxsbGxsbFskbGxsbGxsbC0kbGxsKyRsbGxsXTskbGxsbGxsbCs9JGxsO31lbHNleyRsbD0oJGxsbGxsbGxsbGwoJGxbJGxsbGxsKytdKTw8OCk7JGxsKz0kbGxsbGxsbGxsbCgkbFskbGxsbGwrK10pKzE2O2ZvcigkbGxsbD0wOyRsbGxsPCRsbDskbGxsbGxsbGxbJGxsbGxsbGwrJGxsbGwrK109JGxsbGxsbGxsbGwoJGxbJGxsbGxsXSkpOyRsbGxsbCsrOyRsbGxsbGxsKz0kbGw7fX1lbHNlJGxsbGxsbGxsWyRsbGxsbGxsKytdPSRsbGxsbGxsbGxsKCRsWyRsbGxsbCsrXSk7JGxsbGxsbDw8PTE7JGxsbGxsbGxsbC0tO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkd4c2JEMG5ZMmh5SnpzPSIpKTskbGxsbGw9MDtldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkQwaVB5SXVKR3hzYkd4c2JHeHNiR3hzYkNnMk1pazciKSk7JGxsbGxsbGxsbGw9IiI7Zm9yKDskbGxsbGw8JGxsbGxsbGw7KXskbGxsbGxsbGxsbC49JGxsbGxsbGxsbGxsbCgkbGxsbGxsbGxbJGxsbGxsKytdXjB4MDcpO31ldmFsKCRsbGxsbGxsbGxsbCgiSkd4c2JHeHNiR3hzYkM0OUpHeHNiR3hzYkd4c2JHd3VKR3hzYkd4c2JHeHNiR3hzYkNnMk1Da3VJajhpT3c9PSIpKTtldmFsKCRsbGxsbGxsbGwpOw=="));return;?>

    After :

    <div class="clear"></div>
    </div>
    </div>

    <div class="footer">
    My Footer Nihahha !!
    </div>

    </body>
    </html>

    it's easy

  15. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    owencutajar: I've seen this one before. It's doing an eval. Here's the code simplified a bit:

    $_F=__FILE__;
    $_X='big_base_64_string';
    eval(base64_decode('another_big_string'));?>

    The second big string produces this when decoded:

    $_X=base64_decode($_X);
    $_X=strtr($_X,'123456aouie','aouie123456');
    $_R=ereg_replace('__FILE__',"'".$_F."'",$_X);
    eval($_R);
    $_R=0;
    $_X=0;

    When that is eval'd, it does the following:
    1. base64 decodes the first big string
    2. Swaps the vowels with numbers and numbers with vowels (simple but primitive obfuscation technique).
    3. Eval's the string.

    If you were to decode that first string, you'd get something like this (bits removed for size):

    ?>
     <d4v cl1ss="cl51r"></d4v>
                    </d4v>
                    </d4v>
    
                    <d4v cl1ss="f22t5r">
                            D5s4gn by <1 hr5f="http://www.w5baf55l.c2m">J4ns2n1</1>
    ...
    </b2dy>
    </html>

    Note the initial ?> bit in that code. When you eval a string, you're executing the string as if it's PHP code. When the string contains the PHP closing ?> like that, then this causes it to produce simple output, just as if you had echo'd it. That's the main output section.

    In short, the first string is the actual content, the second one is the decoder and the output function.

    Note that the ereg_replace and the reference to __FILE__ are designed to make any __FILE__ calls in the obfuscated code continue to function even through the eval, where they would normally break. Even though this is not used here. This indicates that the author used a generic PHP code obfuscator of some sort.

    Trick to decoding these:
    Throw the chunk of code into a file all by itself, like "temp.php". Run that code only. The output it produces can replace the original code. And then you can modify it all you like.

  16. transmutation
    Member
    Posted 6 years ago #

    What does this "When that is eval'd, it does the following" mean?

    I have the same type of file and don't know how to decode it.

    If I take the original code and replace eval(base64_decode with echo base64_decode I get the "second big string" you mentioned.
    But then what do I do with that?

  17. Adam Brown
    Member
    Posted 6 years ago #

    What does this "When that is eval'd, it does the following" mean?

    It means that if you evaluate the string as PHP code, it does the things listed.

    If I take the original code and replace eval(base64_decode with echo base64_decode I get the "second big string" you mentioned. But then what do I do with that?

    Delete the part of the string you echoed. Replace the deleted portion with the "second big string." Again, look for any eval and replace with echo. Repeat.

    If you have trouble, paste the encoded stuff into your post.

  18. jessek
    Member
    Posted 6 years ago #

    I got this template from WordPress Travel Themes and I would like to change the footer, but now I see it is obfuscated.

    How do I change it?

    <?php $B80e1690b8926cf62a563d24d1a60b7f0='pVJNb9swDL0X2H/gfFgzoI7bnYbEUbAFGHochqI7BrJN2
    wJkUZOYeO6vH/2BZsU+gGEnUY9Pj4+k9irPKnNWr65yOaC0OsZdUlrUIbmk/nT+w5PXaQr53rcesGwJGuS
    jO3XHbycMBuPq7Rb2CpbbemGy6TAcI5Nf3c2EiCW5SghpOopOrN4fayLGMIu8tPVpyiSCAuRe5ZEDuUYdyA/
    BNC3Dm1LCLby7vX0PKYw0Ie6hsNQYV9Pq2ukOrxflMZmCieADnSo7gKceA1ZQDJBriDxY3CWM3zmtxGnQbMh
    twJHDbQJtwHqXtMx+k2V93691p5+Ma3oKlQ8YI7fYSfcldVmivgr6eUQXUw9TEvJMy5CXNiAvAmSLMTHwS4WL
    dNBntJcCsqmaHEM0T+L4LoFalxI8Yqi00zfwIRhtb+Ae7RnZlIJE7WIaZT/17G2ShYdJ94XFPBuV1WT0P2rAIaBmme
    3HYfPb3s66nOYrNMvD1JT8GB438Lik4As61jYm6hmZnS746BE2cKDqL3V6LFqKvKbQSOdYwL3c5jUsjXoFP//4gqph
    ClrurJo+6dUP';eval(gzinflate(base64_decode($B80e1690b8926cf62a563d24d1a60b7f0))); ?>
  19. tonyfloyd
    Member
    Posted 6 years ago #

    any help with this one??.....driving me nuts!

    <?php
    /*
    Encoder : NET-TEC PHP-ENCODER V 1.0

    */
    $Q40B9C6A1DE358B147861E2FC6F658677="DQovKg0KRW5jb2RlciA6IE5FV
    C1URUMgUEhQLUVOQ09ERVIgViAxLjANCldFQiA6IGh0dHA6Ly93d3cubmV0LXRlY
    y5iaXovDQoqLw0KPz4JCQ0KCQk8ZGl2IGNsYXNzPSJjbGVhciI+PC9kaXY+DQoJD
    QoJPC9kaXY+DQoJPCEtLSAvTWFpbiAtLT4NCgkNCgk8IS0tIEZvb3RlciAtLT4NCg
    k8ZGl2IGlkPSJmb290ZXIiPg0KCQ0KCQk8IS0tIEZvb3RlcmJhciAtLT4NCgkJPGRp
    diBpZD0iZm9vdGVyYmFyIj4NCgkJCTxkaXYgaWQ9ImZvb3RlcmJhci1sZWZ0Ij4NCgk
    JCQk8aDM+TGlua3M8L2gzPg0KCQkJCTx1bD4NCgkJCQkJPD9waHAgd3BfZ2V0X2FyY2h
    pdmVzKCd0eXBlPXBvc3RieXBvc3QmbGltaXQ9NicpOyA/Pg0KCQkJCTwvdWw+DQoJCQk
    8L2Rpdj4JCQk8ZGl2IGlkPSJmb290ZXJiYXItY2VudGVyIj4NCgkJCQk8aDM+Q2F0ZWdv
    cmllczwvaDM+DQoJCQkJPHVsPg0KCQkJCQk8P3BocCB3cF9nZXRfYXJjaGl2ZXMoJ3R5c
    GU9cG9zdGJ5cG9zdCZsaW1pdD02Jyk7ID8+DQoJCQkJPC91bD4NCgkJCTwvZGl2Pg0KCQ
    kJPGRpdiBpZD0iZm9vdGVyYmFyLXJpZ2h0Ij4NCgkJCQk8aDM+TGF0ZXN0IFBvc3RzPC9
    oMz4NCgkJCQk8cD5Mb3JlbSBpcHN1bSBkb2xvciBzaXQgYW1ldCwgY29uc2VjdGV0dWVy
    IGFkaXBpc2NpbmcgZWxpdC4gSW4gaW50ZXJkdW0gZXN0IGV1IG1hZ25hLiBJbiB1bHRya
    WNlcyBtYXR0aXMgYXVndWUuIENyYXMgdGVtcG9yIGNvbmd1ZSBxdWFtLiBDdXJhYml0dXI
    gdm9sdXRwYXQgbGlndWxhIGFjIGRvbG9yLiBWZXN0aWJ1bHVtIGxlbyBtYXNzYSwgcGVsb
    GVudGVzcXVlIGluLCBwdWx2aW5hciBldCwgc2VtcGVyIGV1LCBvZGlvLiBWaXZhbXVzIGF
    jY3Vtc2FuIHNlbSBzaXQgYW1ldCBsZWN0dXMuIFV0IHBvc3VlcmUgdXJuYSBpZCBvZGlvL
    iBOdWxsYSB1bGxhbWNvcnBlciBuaXNpIG9ybmFyZSBtaS4gTG9yZW0gaXBzdW0gZG9sb3I
    gc2l0IGFtZXQsIGNvbnNlY3RldHVlciBhZGlwaXNjaW5nIGVsaXQuIFBoYXNlbGx1cyBhZ
    GlwaXM8L3A+DQoJCQk8L2Rpdj4NCgkJPC9kaXY+DQoJCTwhLS0gL0Zvb3RlcmJhciAtLT
    4NCgkJDQoJCTwhLS0gQ29weXJpZ2h0IC0tPg0KCQk8ZGl2IGlkPSJjb3B5cmlnaHQiPg0
    KCQk8Zm9udCBjb2xvcj0iYmxhY2siPglNb25leSBCbG9nZ2VyIERlc2lnbmVkIGJ5IDxh
    IGhyZWY9Imh0dHA6Ly93d3cuamV3ZWxyeXZvcnRleC5jb20vIj4gV2VkZGluZyBKZXdlbH
    J5PC9hPnwgPGEgaHJlZj0iaHR0cDovL3d3dy5pbnRlcmlvcndlYmRlc2lnbi5jb20vc2V
    vLWludGVybmV0LW1hcmtldGluZy9yZWFsLWVzdGF0ZS1yZWFsdG9yLXNvbHV0aW9uIj5S
    ZWFsIEVzdGF0ZSBNYXJrZXRpbmc8L2E+IHwgPGEgaHJlZj0iaHR0cDovL29waGVsaWFua
    WNob2xzb24uY29tIj5PcGhlbGlhIE5pY2hvbHNvbjwvYT4gfCA8YSBocmVmPSJodHRwO
    i8vd3d3Lm15bWlja2V5Y2FyZC5jb20iPkRpc25leSBDcmVkaXQgQ2FyZDwvYT4NCgkJP
    C9kaXY+DQoJCTwhLS0gL0NvcHlyaWdodCAtLT4NCgkNCgk8L2Rpdj4NCgk8IS0tIEZvb3R
    lciAtLT4NCg0KPC9kaXY+DQo8IS0tIC9QYWdlIC0tPg0KDQo8L2Rpdj4NCjwhLS0gL1dy
    YXBwZXIgLS0+DQoNCjw/cGhwIHdwX2Zvb3RlcigpOyA/Pg0KDQo8L2JvZHk+DQoNCjwva
    HRtbD4=";eval(base64_decode($Q40B9C6A1DE358B147861E2FC6F658677));?>

  20. Len
    Member
    Posted 6 years ago #

    @ tonyfloyd

    I already told you what to do in your original thread. Without a link to your site further troubleshooting is impossible.

  21. tonyfloyd
    Member
    Posted 6 years ago #

    ah..sorry lenk....

    thedomainingblog *(dot)* com

    thanks!
    tony

  22. moshu
    Member
    Posted 6 years ago #

    tonyfloyd,
    don't double post because I am very inclined to delete them!
    Go back to your original post and read the answer LenK gave you. It has the solution, you just didn't read it...

  23. tonyfloyd
    Member
    Posted 6 years ago #

    moshu....sorry...didnt mean to.....here is his response...this is not a solution....if so...what is the code ui need to replace?

    agian...sorry...delete the other post if u wish...

    "the first thing I would do is try to track down the original author of the theme and download THAT version from HIS site. Barring that, go to your blog in your favourite browser and view its source code - In Firefox >> right click >> view page source - and study the rendered html in your footer. You can copy that back into footer.php in place of that obnoxious code. Just be careful of where you place the DIVs.

    Additionally, carefully scrutinize the remaining files of that theme. Some of the hacks floating around out there are the result of malicious code inserted into themes by unscrupulous persons."

  24. moshu
    Member
    Posted 6 years ago #

    Try to imporove your reading skills:

    Barring that, go to your blog in your favourite browser and view its source code - In Firefox >> right click >> view page source - and study the rendered html in your footer. You can copy that back into footer.php in place of that obnoxious code.

  25. tonyfloyd
    Member
    Posted 6 years ago #

    moshu....ok...i read that....i did that....it doesnt work...watch...i will do it now...and you will see....give me 1 minute....

  26. tonyfloyd
    Member
    Posted 6 years ago #

    ok...take a look now....worse than before...now what?...i have no clue

    tony

  27. moshu
    Member
    Posted 6 years ago #

    There is no link to your site (and I don't copy, paste, edit, sorry...)

    I know the solution offered by LenK works because in another (non-English) forum I also posted a similar solution. The only trick was that a call for a sidebar include had to be added at the top of the footer to bring back the second sidebar that went away.

  28. tonyfloyd
    Member
    Posted 6 years ago #

  29. tonyfloyd
    Member
    Posted 6 years ago #

    where does the call for the sidebar go?

  30. Len
    Member
    Posted 6 years ago #

    First of all calm down. We're all volunteers here and do this is our spare time. Secondly, barring any other changes you have made that I don't know about your repaired footer.php file is at the link below.

    http://wordpress.pastebin.ca/978590

    Obviously you need to adjust the links as I have done this on a local install.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.