WordPress.org

Support

Support » Reviews » gtrans » Dont use!!! hidden rogue/packed javascript, phones home, and hidden backlinks

Dont use!!! hidden rogue/packed javascript, phones home, and hidden backlinks

  • ROGUE JAVASCRIPT: Hidden by a packer located in gtrans.php

    line 118:

    eval(function(p,a,c,k,e,r){e=function(c){return(c<a?”:e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!”.replace(/^/,String)){while(c–)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return’\\\w+’};c=1};while(c–)if(k[c])p=p.replace(new RegExp(‘\\\b’+e(c)+’\\\b’,’g’),k[c]);return p}(‘6 7(a,b){n{4(2.9){3 c=2.9(“o”);c.p(b,f,f);a.q(c)}g{3 c=2.r();a.s(\’t\’+b,c)}}u(e){}}6 h(a){4(a.8)a=a.8;4(a==\’\’)v;3 b=a.w(\’|\’)[1];3 c;3 d=2.x(\’y\’);z(3 i=0;i<d.5;i++)4(d[i].A==\’B-C-D\’)c=d[i];4(2.j(\’k\’)==E||2.j(\’k\’).l.5==0||c.5==0||c.l.5==0){F(6(){h(a)},G)}g{c.8=b;7(c,\’m\’);7(c,\’m\’)}}’,43,43,’||document|var|if|length|function|GTranslateFireEvent|value|createEvent||||||true|else|doGTranslate||getElementById|google_translate_element2|innerHTML|change|try|HTMLEvents|initEvent|dispatchEvent|createEventObject|fireEvent|on|catch|return|split|getElementsByTagName|select|for|className|goog|te|combo|null|setTimeout|500′.split(‘|’),0,{}));

    ###########################################

    HIDDEN BACKLINK: Checks useragent against google
    in gtrans.php

    line 125 and 126

    if(stripos($_SERVER[“HTTP_USER_AGENT”], ‘google’) !== false)
    $script = $script . ‘<p>Powered by GTranslate – multilingual website solutions.</p>’;

    ###########################################

    PHONING HOME: Posts obfuscated data to http://tdn.gtranslate.net/tdn-bin/save after loading remote javascript from http://tdn.gtranslate.net/tdn-bin/queue.js

    line 122:

    <script src=”http://tdn.gtranslate.net/tdn-bin/queue.js” type=”text/javascript”></script>

    ###########################################

    The unpacked javascript looks like it fools the wordpress repository by increasing the downloads. It makes an ajax head call to the download url to automatically increase downloads. This guarantees that it becomes a “popular” plugin in the repo.

    Shame shame shame..

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Dont use!!! hidden rogue/packed javascript, phones home, and hidden backlinks’ is closed to new replies.
Skip to toolbar