• Resolved eucopyright

    (@eucopyright)


    I have seen a number of posts about malicious links appearing on blogs and have just finished wasting a weekend wrestling with this problem.

    It all began with me looking for a Free WordPress Theme. I used Google to search “Free WordPress Themes” and the top link on the first SERP was https://www.freewordpressthemesbase.com.

    They had some nice themes that I then downloaded and uploaded to my themes directory.

    Then I noticed a couple of sneaky things that they had done:

    1. There was a very sneaky link that was hidden inside of base_64 coding with the instructions not to show it if the user was logged in. Very sneaky.
    2. Far worse was yet to come – when I deleted this code and looked through the HTML on my page, I noticed a bunch of spam links for all kinds of crap unrelated to my site – football jerseys, piano players and more.

    At that point I decided to delete the theme.
    Too late. Those links now persisted on all of the themes on my site – even clean ones that I had previously downloaded from the www.ads-software.com site.

    How I fixed it:

    1. Delete all the themes that you download from https://wordpressthemesbase.com – this is a rogue site that will install malware on your blog.
    2. Upload a FRESH copy of /wp-includes/general-template.php

    Done.
    Never download anything from https://www.freewordpressthemesbase.com.

    A summary of this can be seen here:
    https://www.webdeveloper.com/forum/showthread.php?p=1042049#post1042049

    —————————————————————

    These are the links that were embedded into my blog:

    <!– end #sidebar –>
    <div style=”visibility:hidden; display:none”>Cheap Retro Replica NFL NBA MLB Throwback Football Basketball Jerseys |
    hp printer ink cartridges refills|
    Professional Wedding Pianist | Jewelry Making Supplies
    </div><div style=”clear: both;”> </div>
    </div>
    </div>
    <!– end #page –>

  • The topic ‘Rogue Themes & PHP Injection’ is closed to new replies.