1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

help with virus in wp theme

Discussion in 'WordPress' started by bosanci28, Aug 3, 2012.

  1. #1
    i installed a theme and after few days i am starting to get some notification from my esset security software about a virus in my wp theme

    if i erase the theme from my ftp and leave the original that come with the install all is fine,

    also i installed this plugin: Timthumb Scanner plugin

    and after doing the scan with that theme in my ftp /wp theme directory it told me that:

    Status Version Filename Full Path
    Vulnerable 1.08 thumb.php /home/bos/public_html/rom/wp-content/themes/themename/thumb.php

    so here is the code from that thumb.php as i look and the only think i see suspicios is somewhere bellow there is a line there

    
     // the relative paths below are useful if timthumb is moved outside of document root
            // specifically if installed in wordpress themes like mimbo pro:
            // /wp-content/themes/mimbopro/scripts/timthumb.php
            $paths = array(
    
    Code (markup):
    image,and that is not my ip:

    [​IMG]

    here is the full code:

    
    <?php
    /*
            TimThumb script created by Tim McDaniels and Darren Hoyt with tweaks by Ben Gillbanks
            http://code.google.com/p/timthumb/
    
            MIT License: http://www.opensource.org/licenses/mit-license.php
    
            Paramters
            ---------
            w: width
            h: height
            zc: zoom crop (0 or 1)
            q: quality (default is 75 and max is 100)
           
            HTML example: <img src="/scripts/timthumb.php?src=/images/whatever.jpg&w=150&h=200&zc=1" alt="" />
    */
    
    /*
    $sizeLimits = array(
            "100x100",
            "150x150",
    );
    */
    
    define("CACHE_SIZE", 200);              // number of files to store before clearing cache
    define("CACHE_CLEAR", 5);               // maximum number of files to delete on each cache clear
    define("VERSION", "1.08");              // version number (to force a cache refresh
    
    $imageFilters = array(
            "1" => array(IMG_FILTER_NEGATE, 0),
            "2" => array(IMG_FILTER_GRAYSCALE, 0),
            "3" => array(IMG_FILTER_BRIGHTNESS, 1),
            "4" => array(IMG_FILTER_CONTRAST, 1),
            "5" => array(IMG_FILTER_COLORIZE, 4),
            "6" => array(IMG_FILTER_EDGEDETECT, 0),
            "7" => array(IMG_FILTER_EMBOSS, 0),
            "8" => array(IMG_FILTER_GAUSSIAN_BLUR, 0),
            "9" => array(IMG_FILTER_SELECTIVE_BLUR, 0),
            "10" => array(IMG_FILTER_MEAN_REMOVAL, 0),
            "11" => array(IMG_FILTER_SMOOTH, 0),
    );
    
    // sort out image source
    $src = get_request("src", "");
    if($src == "" || strlen($src) <= 3) {
            displayError("no image specified");
    }
    // clean params before use
    $src = cleanSource($src);
    
    // last modified time (for caching)
    $lastModified = filemtime($src);
    
    // get properties
    $new_width              = preg_replace("/[^0-9]+/", "", get_request("w", 0));
    $new_height    			= preg_replace("/[^0-9]+/", "", get_request("h", 0));
    $zoom_crop              = preg_replace("/[^0-9]+/", "", get_request("zc", 1));
    $quality                = preg_replace("/[^0-9]+/", "", get_request("q", 80));
    $filters                = get_request("f", "");
    
    if ($new_width == 0 && $new_height == 0) {
            $new_width = 100;
            $new_height = 100;
    }
    
    // set path to cache directory (default is ./cache)
    // this can be changed to a different location
    $cache_dir = './cache';
    
    // get mime type of src
    $mime_type = mime_type($src);
    
    // check to see if this image is in the cache already
    check_cache( $cache_dir, $mime_type );
    
    // if not in cache then clear some space and generate a new file
    cleanCache();
    
    ini_set('memory_limit', "30M");
    
    // make sure that the src is gif/jpg/png
    if(!valid_src_mime_type($mime_type)) {
            displayError("Invalid src mime type: " .$mime_type);
    }
    
    // check to see if GD function exist
    if(!function_exists('imagecreatetruecolor')) {
            displayError("GD Library Error: imagecreatetruecolor does not exist");
    }
    
    if(strlen($src) && file_exists($src)) {
    
            // open the existing image
            $image = open_image($mime_type, $src);
            if($image === false) {
                    displayError('Unable to open image : ' . $src);
            }
    
            // Get original width and height
            $width = imagesx($image);
            $height = imagesy($image);
           
            // don't allow new width or height to be greater than the original
            if( $new_width > $width ) {
                    $new_width = $width;
            }
            if( $new_height > $height ) {
                    $new_height = $height;
            }
    
            // generate new w/h if not provided
            if( $new_width && !$new_height ) {
                   
                    $new_height = $height * ( $new_width / $width );
                   
            } elseif($new_height && !$new_width) {
                   
                    $new_width = $width * ( $new_height / $height );
                   
            } elseif(!$new_width && !$new_height) {
                   
                    $new_width = $width;
                    $new_height = $height;
                   
            }
           
            // create a new true color image
            $canvas = imagecreatetruecolor( $new_width, $new_height );
            imagealphablending($canvas, false);
            // Create a new transparent color for image
            $color = imagecolorallocatealpha($canvas, 0, 0, 0, 127);
            // Completely fill the background of the new image with allocated color.
            imagefill($canvas, 0, 0, $color);
            // Restore transparency blending
            imagesavealpha($canvas, true);
    
            if( $zoom_crop ) {
    
                    $src_x = $src_y = 0;
                    $src_w = $width;
                    $src_h = $height;
    
                    $cmp_x = $width  / $new_width;
                    $cmp_y = $height / $new_height;
    
                    // calculate x or y coordinate and width or height of source
    
                    if ( $cmp_x > $cmp_y ) {
    
                            $src_w = round( ( $width / $cmp_x * $cmp_y ) );
                            $src_x = round( ( $width - ( $width / $cmp_x * $cmp_y ) ) / 2 );
    
                    } elseif ( $cmp_y > $cmp_x ) {
    
                            $src_h = round( ( $height / $cmp_y * $cmp_x ) );
                            $src_y = round( ( $height - ( $height / $cmp_y * $cmp_x ) ) / 2 );
    
                    }
                   
                    imagecopyresampled( $canvas, $image, 0, 0, $src_x, $src_y, $new_width, $new_height, $src_w, $src_h );
    
            } else {
    
                    // copy and resize part of an image with resampling
                    imagecopyresampled( $canvas, $image, 0, 0, 0, 0, $new_width, $new_height, $width, $height );
    
            }
           
            if ($filters != "") {
                    // apply filters to image
                    $filterList = explode("|", $filters);
                    foreach($filterList as $fl) {
                            $filterSettings = explode(",", $fl);
                            if(isset($imageFilters[$filterSettings[0]])) {
                           
                                    for($i = 0; $i < 4; $i ++) {
                                            if(!isset($filterSettings[$i])) {
                                                    $filterSettings[$i] = null;
                                            }
                                    }
                                   
                                    switch($imageFilters[$filterSettings[0]][1]) {
                                   
                                            case 1:
                                           
                                                    imagefilter($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1]);
                                                    break;
                                           
                                            case 2:
                                           
                                                    imagefilter($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2]);
                                                    break;
                                           
                                            case 3:
                                           
                                                    imagefilter($canvas, $imageFilters[$filterSettings[0]][0], $filterSettings[1], $filterSettings[2], $filterSettings[3]);
                                                    break;
                                           
                                            default:
                                           
                                                    imagefilter($canvas, $imageFilters[$filterSettings[0]][0]);
                                                    break;
                                                   
                                    }
                            }
                    }
            }
           
            // output image to browser based on mime type
            show_image($mime_type, $canvas, $cache_dir);
           
            // remove image from memory
            imagedestroy($canvas);
           
    } else {
    
    
            if(strlen($src)) {
                    displayError("image " . $src . " not found");
            } else {
                    displayError("no source specified");
            }
           
    }
    
    /**
     *
     */
    function show_image($mime_type, $image_resized, $cache_dir) {
    
            global $quality;
    
            // check to see if we can write to the cache directory
            $is_writable = 0;
            $cache_file_name = $cache_dir . '/' . get_cache_file();
    
            if(touch($cache_file_name)) {
                   
                    // give 666 permissions so that the developer
                    // can overwrite web server user
                    chmod($cache_file_name, 0666);
                    $is_writable = 1;
                   
            } else {
                   
                    $cache_file_name = NULL;
                    header('Content-type: ' . $mime_type);
                   
            }
    
            $quality = floor($quality * 0.09);
    
            imagepng($image_resized, $cache_file_name, $quality);
           
            if($is_writable) {
                    show_cache_file($cache_dir, $mime_type);
            }
    
            imagedestroy($image_resized);
           
            displayError("error showing image");
    
    }
    
    /**
     *
     */
    function get_request( $property, $default = 0 ) {
           
            if( isset($_REQUEST[$property]) ) {
           
                    return $_REQUEST[$property];
                   
            } else {
           
                    return $default;
                   
            }
           
    }
    
    /**
     *
     */
    function open_image($mime_type, $src) {
    
            if(stristr($mime_type, 'gif')) {
           
                    $image = imagecreatefromgif($src);
                   
            } elseif(stristr($mime_type, 'jpeg')) {
           
                    @ini_set('gd.jpeg_ignore_warning', 1);
                    $image = imagecreatefromjpeg($src);
                   
            } elseif( stristr($mime_type, 'png')) {
           
                    $image = imagecreatefrompng($src);
                   
            }
           
            return $image;
    
    }
    
    /**
     * clean out old files from the cache
     * you can change the number of files to store and to delete per loop in the defines at the top of the code
     */
    function cleanCache() {
    
            $files = glob("cache/*", GLOB_BRACE);
           
            $yesterday = time() - (24 * 60 * 60);
           
            if (count($files) > 0) {
                   
                    usort($files, "filemtime_compare");
                    $i = 0;
                   
                    if (count($files) > CACHE_SIZE) {
                           
                            foreach ($files as $file) {
                                   
                                    $i ++;
                                   
                                    if ($i >= CACHE_CLEAR) {
                                            return;
                                    }
                                   
                                    if (filemtime($file) > $yesterday) {
                                            return;
                                    }
                                   
                                    unlink($file);
                                   
                            }
                           
                    }
                   
            }
    
    }
    
    /**
     * compare the file time of two files
     */
    function filemtime_compare($a, $b) {
    
            return filemtime($a) - filemtime($b);
           
    }
    
    /**
     * determine the file mime type
     */
    function mime_type($file) {
    
            if (stristr(PHP_OS, 'WIN')) {
                    $os = 'WIN';
            } else {
                    $os = PHP_OS;
            }
    
            $mime_type = '';
    
            if (function_exists('mime_content_type')) {
                    $mime_type = mime_content_type($file);
            }
           
            // use PECL fileinfo to determine mime type
            if (!valid_src_mime_type($mime_type)) {
                    if (function_exists('finfo_open')) {
                            $finfo = finfo_open(FILEINFO_MIME);
                            $mime_type = finfo_file($finfo, $file);
                            finfo_close($finfo);
                    }
            }
    
            // try to determine mime type by using unix file command
            // this should not be executed on windows
        if (!valid_src_mime_type($mime_type) && $os != "WIN") {
                    if (preg_match("/FREEBSD|LINUX/", $os)) {
                            $mime_type = trim(@shell_exec('file -bi "' . $file . '"'));
                    }
            }
    
            // use file's extension to determine mime type
            if (!valid_src_mime_type($mime_type)) {
    
                    // set defaults
                    $mime_type = 'image/png';
                    // file details
                    $fileDetails = pathinfo($file);
                    $ext = strtolower($fileDetails["extension"]);
                    // mime types
                    $types = array(
                            'jpg'  => 'image/jpeg',
                            'jpeg' => 'image/jpeg',
                            'png'  => 'image/png',
                            'gif'  => 'image/gif'
                    );
                   
                    if (strlen($ext) && strlen($types[$ext])) {
                            $mime_type = $types[$ext];
                    }
                   
            }
           
            return $mime_type;
    
    }
    
    /**
     *
     */
    function valid_src_mime_type($mime_type) {
    
    
            if (preg_match("/jpg|jpeg|gif|png/i", $mime_type)) {
                    return true;
            }
           
            return false;
    
    }
    
    /**
     *
     */
    function check_cache($cache_dir, $mime_type) {
    
            // make sure cache dir exists
            if (!file_exists($cache_dir)) {
                    // give 777 permissions so that developer can overwrite
                    // files created by web server user
                    mkdir($cache_dir);
                    chmod($cache_dir, 0777);
            }
    
            show_cache_file($cache_dir, $mime_type);
    
    }
    
    /**
     *
     */
    function show_cache_file($cache_dir) {
    
            $cache_file = $cache_dir . '/' . get_cache_file();
    
            if (file_exists($cache_file)) {
           
                    $gmdate_mod = gmdate("D, d M Y H:i:s", filemtime($cache_file));
                   
                    if(! strstr($gmdate_mod, "GMT")) {
                            $gmdate_mod .= " GMT";
                    }
                   
                    if (isset($_SERVER["HTTP_IF_MODIFIED_SINCE"])) {
                   
                            // check for updates
                            $if_modified_since = preg_replace("/;.*$/", "", $_SERVER["HTTP_IF_MODIFIED_SINCE"]);
                           
                            if ($if_modified_since == $gmdate_mod) {
                                    header("HTTP/1.1 304 Not Modified");
                                    exit;
                            }
    
                    }
                   
                    $fileSize = filesize($cache_file);
                   
                    // send headers then display image
                    header("Content-Type: image/png");
                    header("Accept-Ranges: bytes");
                    header("Last-Modified: " . $gmdate_mod);
                    header("Content-Length: " . $fileSize);
                    header("Cache-Control: max-age=9999, must-revalidate");
                    header("Expires: " . $gmdate_mod);
                   
                    readfile($cache_file);
                   
                    exit;
    
            }
           
    }
    
    /**
     *
     */
    function get_cache_file() {
    
            global $lastModified;
            static $cache_file;
           
            if(!$cache_file) {
                    $cachename = $_SERVER['QUERY_STRING'] . VERSION . $lastModified;
                    $cache_file = md5($cachename) . '.png';
            }
           
            return $cache_file;
    
    }
    
    /**
     * check to if the url is valid or not
     */
    function valid_extension ($ext) {
    
            if (preg_match("/jpg|jpeg|png|gif/i", $ext)) {
                    return TRUE;
            } else {
                    return FALSE;
            }
           
    }
    
    /**
     * tidy up the image source url
     */
    function cleanSource($src) {
    
            // remove slash from start of string
            if(strpos($src, "/") == 0) {
                    $src = substr($src, -(strlen($src) - 1));
            }
    
            // remove http/ https/ ftp
            $src = preg_replace("/^((ht|f)tp(s|):\/\/)/i", "", $src);
            // remove domain name from the source url
            $host = $_SERVER["HTTP_HOST"];
            $src = str_replace($host, "", $src);
            $host = str_replace("www.", "", $host);
            $src = str_replace($host, "", $src);
    
            // don't allow users the ability to use '../'
            // in order to gain access to files below document root
    
            // src should be specified relative to document root like:
            // src=images/img.jpg or src=/images/img.jpg
            // not like:
            // src=../images/img.jpg
            $src = preg_replace("/\.\.+\//", "", $src);
    
            //print_r($_SERVER);
           
            // get path to image on file system
    		 $src = get_document_root($src);    
    		 
            return $src;
    
    }
    
    /**
     *
     */
    function get_document_root ($src) {
    
            // check for unix servers
            if(@file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $src)) {
                    return $_SERVER['DOCUMENT_ROOT'] . '/' . $src;
            }
    		$blog_id = $_REQUEST['bid']; 
    		$src = str_replace("/files/", "/wp-content/blogs.dir/$blog_id/files/", $src);
    		 if(@file_exists($src)) {
                 return $src;
            }
    		
    		$src_arr = explode('/',$src);
    		for($i=0;$i<count($src_arr);$i++)
    		{
    			if($src_arr[$i]=='wp-content')
    			{
    				unset($src_arr[$i-1]);
    				break;
    			}			
    		}
    		$str = implode('/',$src_arr);
    	
    		  if(@file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $str)) {
    			 return $_SERVER['DOCUMENT_ROOT'] . '/' . $str;
    		}
    		
    		$src_arr = explode('/',$src);
    		unset($src_arr[0]);
    		unset($src_arr[2]);
    		$str = implode('/',$src_arr);
    		  if(@file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $str)) {
                 return $_SERVER['DOCUMENT_ROOT'] . '/' . $str;
            }
    		
    		 $src_arr = explode('/',$src);
    		unset($src_arr[0]);
    		unset($src_arr[1]);
    		$str = implode('/',$src_arr);
    		 if(@file_exists($_SERVER['DOCUMENT_ROOT'] . '/' . $str)) {
                    return $_SERVER['DOCUMENT_ROOT'] . '/' . $str;
            }
            // the relative paths below are useful if timthumb is moved outside of document root
            // specifically if installed in wordpress themes like mimbo pro:
            // /wp-content/themes/mimbopro/scripts/timthumb.php
            $paths = array(
                    ".",
                    "..",
                    "../..",
                    "../../..",
                    "../../../..",
                    "../../../../.."
            );
           
            foreach($paths as $path) {
                    if(@file_exists($path . '/' . $src)) {
                            return $path . '/' . $src;
                    }
            }
           
            // special check for microsoft servers
            if(!isset($_SERVER['DOCUMENT_ROOT'])) {
            $path = str_replace("/", "\\", $_SERVER['ORIG_PATH_INFO']);
            $path = str_replace($path, "", $_SERVER['SCRIPT_FILENAME']);
           
            if( @file_exists( $path . '/' . $src ) ) {
                    return $path . '/' . $src;
            }
            }      
          	
    		$src_arr = explode('/',$src);
    		unset($src_arr[0]);
    		unset($src_arr[1]);
    		 $src = implode('/',$src_arr);
    		  $paths = array(
                    ".",
                    "..",
                    "../..",
                    "../../..",
                    "../../../..",
                    "../../../../.."
            );
           
            foreach($paths as $path) {
                    if(@file_exists($path . '/' . $src)) {
                            return $path . '/' . $src;
                    }
            }
            displayError('file not found ' . $src);
    
    }
    
    /**
     * generic error message
     */
    function displayError($errorString = '') {
    
            header('HTTP/1.1 400 Bad Request');
            die($errorString);
           
    }
    ?>
    
    Code (markup):
    any help will appreciate!!

    thanks
     
    bosanci28, Aug 3, 2012 IP
  2. hmansfield

    hmansfield Guest

    Messages:
    7,904
    Likes Received:
    298
    Best Answers:
    0
    Trophy Points:
    280
    #2
    hmansfield, Aug 3, 2012 IP
  3. bosanci28

    bosanci28 Well-Known Member

    Messages:
    857
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    105
    #3
    well , i got someone to find for me a city theme,and he installed geoplaces theme,witch i found out the theme is a paid theme,so i dont know exactly where he got it from,but i know
    the theme is geoplaces 4 ,and is paid ,so i guess he downloaded from somewhere,anyway,i may have to buy it,is not cheap...100$...hmmm,

    can trust anyone this days....
     
    bosanci28, Aug 3, 2012 IP
  4. hmansfield

    hmansfield Guest

    Messages:
    7,904
    Likes Received:
    298
    Best Answers:
    0
    Trophy Points:
    280
    #4
    Yeah, that sucks. Never trust a theme that is supposed to be paid, and someone claims they can get it for free. Don't take themes from people you don't know. Or trust any downloads, shareware, P2P or other file sharing sites that claim free premium themes. You may as well just let them put the virus directly on your server and cut out the middle man.

    If you buy a theme, just buy it from the source.
     
    hmansfield, Aug 3, 2012 IP
  5. bosanci28

    bosanci28 Well-Known Member

    Messages:
    857
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    105
    #5
    you right...i may have to buy it,i guess,will see if that will be worth 100$ per 1 domain!...price here
    still looking for other city themes,maybe not free,i have a domain like mycity.com and i wanted to make it for local business ,events,and more,and try to charge for listing on main page to
    earn some income...anyway,thank you for your info.
     
    bosanci28, Aug 3, 2012 IP
  6. die2mrw007

    die2mrw007 Member

    Messages:
    30
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    36
    #6
    Just update the timthumb.php file with the latest :)
     
    die2mrw007, Aug 7, 2012 IP