Is this malicious code? (3 posts)

  1. JenniferSF
    Posted 4 years ago #


    I downloaded a great theme, but footer.php looks suspicious. Can anyone figure out what this code does? Entire footer.php file:

    <?php $_F=__FILE__;$_X='Pz48aHIgLz4NCjxkNHYgNGQ9ImYyMnQ1ciI+DQoJPHA+DQoJCUMycHlyNGdodCAmIzZlOTsgYTAwNyA8MSBocjVmPSI8P3BocCBibDJnNG5mMignM3JsJyk7ID8+Ij48P3BocCBibDJnNG5mMignbjFtNScpOyA/PjwvMT4uIEQ1czRnbjVkIGJ5IDogDQoJCTwxIGhyNWY9Imh0dHA6Ly93d3cuYnIxbjRjMS5jMm0vaDJzdDRuZy5odG1sIj5CcjFuNGMxIFc1YiBIMnN0NG5nPC8xPiAuTTFkNSBGcjU1IEJ5IA0KCQk8MSBocjVmPSJodHRwOi8vd3d3Lncydy1nMmxkLXByNGM1LWw0c3QuYzJtIj5XT1cgRzJsZDwvMT4gfCANCgkJPDEgaHI1Zj0iaHR0cDovL3d3dy5oMm01aDJzdC5jMm0uYnIiPlI1ZzRzdHIyIGQ1IGQybTRuNDI8LzE+IHwgDQoJCTwxIGhyNWY9Imh0dHA6Ly93d3cuZjFyMXcxeWYzcm40dDNyNS5jMi4zay9zaDJwL3NoMnAucGhwP2M2PUluZDIyciYxbXA7Y2E9RDRuNG5nJWEwUzV0cyI+DQoJCUQ0bjRuZyBSMjJtIEYzcm40dDNyNTwvMT4gLg0KCTwvcD4NCjwvZDR2Pg0KPC9kNHY+DQoNCgkJPD9waHAgd3BfZjIydDVyKCk7ID8+DQoNCjwvYjJkeT4NCjwvaHRtbD4=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));?>

  2. Jacob N. Breetvelt
    Posted 4 years ago #

    This might be code to prevent you from making modifications. Is it a commercial theme?

    Avoid this types of themes as they do not belong in an open source environment.

  3. Rev. Voodoo
    Volunteer Moderator
    Posted 4 years ago #

    Yes, often shady themes have their own spammy links built into the footer

    They then encode the footer so you can remove their links

    Often these themes have checking functions built into the functions.php or elsewhere which cause the theme to malfunction if you try to edit the theme

    As @opajaap stated, avoid themes like this. If they are hiding links, and doing other shady things, how are you to know what else is going on in that theme if you are not good at reading all the code.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.