Support » Plugins » Hacks » Is this malicious code?

  • Hi!

    I downloaded a great theme, but footer.php looks suspicious. Can anyone figure out what this code does? Entire footer.php file:

    <?php $_F=__FILE__;$_X=’Pz48aHIgLz4NCjxkNHYgNGQ9ImYyMnQ1ciI+DQoJPHA+DQoJCUMycHlyNGdodCAmIzZlOTsgYTAwNyA8MSBocjVmPSI8P3BocCBibDJnNG5mMignM3JsJyk7ID8+Ij48P3BocCBibDJnNG5mMignbjFtNScpOyA/PjwvMT4uIEQ1czRnbjVkIGJ5IDogDQoJCTwxIGhyNWY9Imh0dHA6Ly93d3cuYnIxbjRjMS5jMm0vaDJzdDRuZy5odG1sIj5CcjFuNGMxIFc1YiBIMnN0NG5nPC8xPiAuTTFkNSBGcjU1IEJ5IA0KCQk8MSBocjVmPSJodHRwOi8vd3d3Lncydy1nMmxkLXByNGM1LWw0c3QuYzJtIj5XT1cgRzJsZDwvMT4gfCANCgkJPDEgaHI1Zj0iaHR0cDovL3d3dy5oMm01aDJzdC5jMm0uYnIiPlI1ZzRzdHIyIGQ1IGQybTRuNDI8LzE+IHwgDQoJCTwxIGhyNWY9Imh0dHA6Ly93d3cuZjFyMXcxeWYzcm40dDNyNS5jMi4zay9zaDJwL3NoMnAucGhwP2M2PUluZDIyciYxbXA7Y2E9RDRuNG5nJWEwUzV0cyI+DQoJCUQ0bjRuZyBSMjJtIEYzcm40dDNyNTwvMT4gLg0KCTwvcD4NCjwvZDR2Pg0KPC9kNHY+DQoNCgkJPD9waHAgd3BfZjIydDVyKCk7ID8+DQoNCjwvYjJkeT4NCjwvaHRtbD4=’;eval(base64_decode(‘JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw==’));?>

Viewing 2 replies - 1 through 2 (of 2 total)
  • This might be code to prevent you from making modifications. Is it a commercial theme?

    Avoid this types of themes as they do not belong in an open source environment.

    Yes, often shady themes have their own spammy links built into the footer

    They then encode the footer so you can remove their links

    Often these themes have checking functions built into the functions.php or elsewhere which cause the theme to malfunction if you try to edit the theme

    As @opajaap stated, avoid themes like this. If they are hiding links, and doing other shady things, how are you to know what else is going on in that theme if you are not good at reading all the code.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Is this malicious code?’ is closed to new replies.