Results 1 to 7 of 7

Thread: Wordpress Obfuscated Code. Need to Remove It.

  1. #1
    rome9t9's Avatar
    rome9t9 is offline No Longer Loves SEO
    Join Date
    Mar 2009
    Location
    If I tell you, I would have to kill you.
    Posts
    614
    Blog Entries
    4
    Thanks
    168
    Thanked 105 Times in 77 Posts

    Wordpress Obfuscated Code. Need to Remove It.

    Ok guys I downloaded this awesome theme from skinpress and they have obfuscated code in their header.php and functions.php.

    NOT in the footer.php. The footer has sponsored links.

    I don't mind the sponsored links but I want the code on my site clean.

    The code is in rot13 which I decoded. The obfuscated code in header.php calls the obfuscated code in functions.php to ensures that the footer link are intact.

    I think it notifies the theme owner/sponsor if any site removes the footer link. I want these codes to begone from my site.

    But when I remove them, they break the entire theme. How can I remove them??

    Obfuscated codes:

    Header.php

    PHP Code:
    <?php eval(str_rot13('shapgvba purpx_s_sbbgre(){vs(!(shapgvba_rkvfgf("purpx_sbbgre")&&shapgvba_rkvfgf("purpx_urnqre"))){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}purpx_s_sbbgre();'));eval(str_rot13('shapgvba purpx_shapgvbaf(){vs(!svyr_rkvfgf(qveanzr(__SVYR__)."/shapgvbaf.cuc")){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}purpx_shapgvbaf();')); ?>
    Functions.php
    PHP Code:
    eval(str_rot13('shapgvba purpx_sbbgre(){$y=\'<o><n uers="uggc://jjj.fxvacerff.pbz/">Serr Jbeqcerff Gurzrf</n></o> Qrfvtarq ol <o><n uers="uggc://jjj.npgvirgenvy.pbz/">Rznvy Znexrgvat</n></o> naq <o><n uers="uggc://jjj.npnqrzvpnqivfbewbof.pbz/">Nqivfbe Wbof</n></o>\';$s=qveanzr(__SVYR__).\'/sbbgre.cuc\';$sq=sbcra($s,\'e\');$p=sernq($sq,svyrfvmr($s));spybfr($sq);vs(fgecbf($p,$y)==0){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}purpx_sbbgre();')); eval(str_rot13('shapgvba purpx_urnqre(){vs(!(shapgvba_rkvfgf("purpx_shapgvbaf")&&shapgvba_rkvfgf("purpx_s_sbbgre"))){rpub(\'Guvf gurzr vf eryrnfrq haqre perngvir pbzzbaf yvprapr, nyy yvaxf va gur sbbgre fubhyq erznva vagnpg\');qvr;}}')); 


    Decoded:


    Header.php

    PHP Code:
    <?php eval(str_rot13('function check_f_footer(){if(!(function_exists("check_footer")&&function_exists("check_header"))){echo(\'This theme is released under creative commons licence, all links in the footer should remain intact\');
    die;
    }}check_f_footer();
    '
    ));
    riny(fge_ebg13('function check_functions(){if(!file_exists(dirname(__FILE__)."/functions.php")){echo(\'This theme is released under creative commons licence, all links in the footer should remain intact\');
    die;
    }}check_functions();
    '
    ));
    ?>
    Functions.php
    PHP Code:
    <?php eval(str_rot13('function check_footer(){$l=\'<b><a href="http://www.skinpress.com/">Free Wordpress Themes</a></b> Designed by <b><a href="http://www.activetrail.com/">Email Marketing</a></b> and <b><a href="http://www.academicadvisorjobs.com/">Advisor Jobs</a></b>\';
    $f=dirname(__FILE__).\'/footer.php\';
    $fd=fopen($f,\'r\');
    $c=fread($fd,filesize($f));
    fclose($fd);
    if(strpos($c,$l)==0){echo(\'This theme is released under creative commons licence, all links in the footer should remain intact\');
    die;
    }}check_footer();
    '
    )); 
    riny(fge_ebg13('function check_header(){if(!(function_exists("check_functions")&&function_exists("check_f_footer"))){echo(\'This theme is released under creative commons licence, all links in the footer should remain intact\');
    die;
    }}'
    ));
    ?>
    In case they cannot be removed, are they safe?? Skinpress.com is a trustworthy site btw.
    Last edited by rome9t9; 14 December, 2010 at 16:48 PM.

  2. #2
    iowadawg's Avatar
    iowadawg is offline Free Cell Champion
    Join Date
    May 2010
    Location
    Not in Texas
    Posts
    2,122
    Blog Entries
    4
    Thanks
    170
    Thanked 362 Times in 311 Posts
    There is no reason to have such code in header and body, etc.
    Usually means that either links are added to your wordpress unknowingly, or there will be visitors going to sites unknown to you from your wordpress.

    Trustworthy site or not, I would not use any theme that has stuff like this.

  3. Thanked by:

    Sami4u (14 December, 2010)

  4. #3
    bhartzer is offline Net Builder
    Join Date
    Dec 2008
    Posts
    502
    Thanks
    53
    Thanked 135 Times in 101 Posts
    Trustworthy site or not, I would not use any theme that has stuff like this.
    I totally agree, no reason to have code in there like that.
    Need links? Try AuthorLinks where you can buy or sell links based on Authorship and Klout score. Check out my blog or like me on Facebook.

  5. #4
    TopDogger's Avatar
    TopDogger is offline Über Hund
    Join Date
    Jan 2009
    Location
    Hellfire, AZ
    Posts
    3,087
    Thanks
    348
    Thanked 916 Times in 700 Posts
    There are lots of good reasons to remove obfuscated code--or refuse to use themes with encoded sections.

    Read this article and check out the links to the supporting articles.

    Malware Found in WordPress Theme – Protect Yourself Now � Lorelle on WordPress
    "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin


  6. Thanked by:

    rome9t9 (15 December, 2010), Sami4u (14 December, 2010)

  7. #5
    rome9t9's Avatar
    rome9t9 is offline No Longer Loves SEO
    Join Date
    Mar 2009
    Location
    If I tell you, I would have to kill you.
    Posts
    614
    Blog Entries
    4
    Thanks
    168
    Thanked 105 Times in 77 Posts
    I finally managed to remove the code..but found another good theme that doesnt obfuscated codes in functions.php, only in the footer.php which I removed.

    There aren't many great looking themes in the wordpress.org theme index, so I have to look elsewhere for some great themes.

    Thanks TopDogger for the link. Installed the Theme-Check plugin for my site.

  8. #6
    Andy101's Avatar
    Andy101 is offline Code Otaku
    Join Date
    Aug 2009
    Location
    Kanazawa
    Posts
    1,285
    Thanks
    175
    Thanked 306 Times in 233 Posts
    They seemed to have done this to ensure that their attribution links remained intact but it had the effect of the entire theme being deleted!

  9. #7
    jackcr is offline Unknown Net Builder
    Join Date
    Jul 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Hello everybody, nice to be here, I need some help please

    I understand the reason to put some code in some themes, but I don't like see waht I don't understand.

    So, I have a "encripted" code in the footer.php in one theme I have and has no problems if you dont change the links of the author (that's ok) but the footer is a mess and don't like it.
    Maybe somebody can help me with this new (to me) encription mode.

    Lets see, I leave the content of the footer.php here and maybe somebody knows how decript this mess. Thanks for any help

    Code:
    */$OOO000000=urldecode('fg6sbehpra4co_tnd');$OOO0000O0=$OOO000000{4}.$OOO000000{9}.$OOO000000{3}.$OOO000000{5};$OOO0000O0.=$OOO000000{2}.$OOO000000{10}.$OOO000000{13}.$OOO000000{16};$OOO0000O0.=$OOO0000O0{3}.$OOO000000{11}.$OOO000000{12}.$OOO0000O0{7}.$OOO000000{5};$OOO000O00=$OOO000000{0}.$OOO000000{12}.$OOO000000{7}.$OOO000000{5}.$OOO000000{15};$O0O000O00=$OOO000000{0}.$OOO000000{1}.$OOO000000{5}.$OOO000000{14};$O0O000O0O=$O0O000O00.$OOO000000{11};$O0O000O00=$O0O000O00.$OOO000000{3};$O0O00OO00=$OOO000000{0}.$OOO000000{8}.$OOO000000{5}.$OOO000000{9}.$OOO000000{16};$OOO00000O=$OOO000000{3}.$OOO000000{14}.$OOO000000{8}.$OOO000000{14}.$OOO000000{8};$OOO0O0O00=__FILE__;$OO00O0000=0x36c;eval($OOO0000O0('JE8wMDBPME8wMD0kT09PMDAwTzAwKCRPT08wTzBPMDAsJ3JiJyk7JE8wTzAwT08wMCgkTzAwME8wTzAwLDB4NGY4KTskT08wME8wME8wPSRPT08wMDAwTzAoJE9PTzAwMDAwTygkTzBPMDBPTzAwKCRPMDAwTzBPMDAsMHgxN2MpLCdFbnRlcnlvdXdraFJIWUtOV09VVEFhQmJDY0RkRmZHZ0lpSmpMbE1tUHBRcVNzVnZYeFp6MDEyMzQ1Njc4OSsvPScsJ0FCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU2Nzg5Ky8nKSk7ZXZhbCgkT08wME8wME8wKTs='));return;?>~Dkr9NHenNHenNHe1zfukgFMaXdoyjcUImb19oUAxyb18mRtwmwJ4LT09NHr8XTzEXRJwmwJXLT09NHeEXHr8XhtONT08XHeEXHr8Pkr8XTzEXT08XHtILTzEXHr8XTzEXRtONTzEXTzEXHeEpRtfydmOlFmlvfbfqDykwBAsKa09aaryiWMkeC0OLOMcuc0lpUMpHdr1sAunOFaYzamcCGyp6HerZHzW1YjF4KUSvNUFSk0ytW0OyOLfwUApRTr1KT1nOAlYAaacbBylDCBkjcoaMc2ipDMsSdB5vFuyZF3O1fmf4GbPXHTwzYeA2YzI5hZ8mhULpK2cjdo9zcUILTzEXHr8XTzEXhTslfMyShtONTzEXTzEXTzEpKX==tjslC2ivwtFYtjXvcol2NjXiRU0IR2YvdmOldmWIRU0+eWPYtjXvcol2NjXiRU0IR2YvdmOiDB5lFJEsRT4YtI0hNoOpfJnpce0JCM90fo9swj4YtI0hNoOpfJnjdoyzFz0JDB5VcbwJNI0heWPkkzspcJEPwtyMfB5jfolvdl9lGolzfuHPk2O5dMysDBYgF2lLcBkiFJFpwux8wBO5dMysDBYgF2lLcBkiFJIJOM9vfoaZwJLIhUE6woaVcolMK2ajDo8IkX0htW0hNt9LDbC+eWPYtjXvcol2NjXiRU0IR2kvfuOvdUEsRT4YtI0heWPYtjxLDbCIDBW9wMcvd3OlFJw+eWPYtjxLDbCIC2xiF3H9wMlVdMaZwj4YtI0heWPYtILYtJF7koYvFuLINUnmcbOgd3n0DB9Vhtf3d3kLFuklF3YJdolVc19MdoaMftFpK2ajDo8IkX0hNuE+kzslC2ivwtOjd3n5K2ajDo8IkzXvCT48R3E+eWP8Fe5rcbYpc25lctnJGUE8CUnPFMaMNUkPfuOXKJ8vf3f3RMyjfol2cbflCMOpFJ5jd20Jwuklde0Jco9Md2xSd3FJNLyjfol2cUnbcBwIOolZcBY0d3k5Nt9iNjXvFe4YtI0heWPYtjXvcol2NI0hNt9LDbC+NtrsRUEvcM9vfoaZwt0sNI0hNt9LDbC+NtrsRUEvC29VfoypdMaZFZEsRT4YtI0heWPYtjxzC3kpFuWIfulXcT0Jfoa4ft9QCbciF2YZDbn0wj4IW3aMd24VdM93htL7weXvF2YZDbn0NI0heWPmK3fXb2cvd3OlFJIpK2ajDo8IkX0hNt9Jd2O5NI0heWPYtI0hNt9Pfo1SNJF7tjS=alVnRPIq

Similar Threads

  1. Replies: 0
    Last Post: 29 March, 2011, 13:21 PM
  2. Replies: 13
    Last Post: 11 September, 2010, 22:26 PM
  3. Remove Category plugin ?
    By SonnyCooL in forum Wordpress
    Replies: 3
    Last Post: 19 January, 2010, 02:19 AM
  4. 2 Guest Welcome Messages. Remove One?
    By Arlind in forum Announcements and Suggestions
    Replies: 1
    Last Post: 12 August, 2009, 06:29 AM
  5. remove all spaces from string [vb]
    By ghadeer in forum Programming
    Replies: 5
    Last Post: 9 May, 2009, 06:08 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •