1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

wordpress footer safety?

Discussion in 'PHP' started by deemainer, Jul 21, 2010.

  1. #1
    Hi All

    I have a nice theme im using that was free.However the footer is encoded. I hope its just pulling links (that what it seems) But would like to check as ive just had a site hacked by someone calls himself bin laden(left a page for everyone to see)

    Would somone mind decoding this please...would be interested to see the php and i cant seem to get it to decode(i only know the basics).

    Your time appreciated....thanks Heres the footer.
    <!--code below-->


    <?php
    /* please do not edit this part thank you */
    eval(gzinflate(base64_decode('DZQ3soRaEkSXM/8HBtCNjLHQotEanAm0umjN6uc55ZSTUedklWcK/qnfdqxAupf/ZOlWEtj/ijKfivKf//BFIq6br9S95+CBO1g857mdf+nv81rhkAzFsJIkxA/iU/x+NAL9Kuiz9CmyWJSKnN9+46H16d7D7WDIpqrZ4j7mA94xGoFPHfSxVcXuI9YZ+XGDAdZli58MjSXb3eHip3x9HKxCnO0UzOIy85A3IGKT97JTtXI9KUuuGMkh1thmt8/CnjUaAhNng07MkBDR4PHNpyPgTm8xJ6rYqcZV40THIySLC3xfplZuN7/lRYb3p6R5eNaWAj/TO9kcM3ohK6Cct7tBAnsroMpP91TQe+KThW2zrNICIjTXjcQQk4++UezAfKEDBNJMKYuxsH7yZdxGXW3zztfWzW1rxj+ik35uQX+N5ZiDT5PO+su1g/uDO07QPnKvpbzLn2Phaph3UFHCkAdmBfOo8U3jxVFfsurKldNBdSNTIyjFcaIOFpdkxPpT1B6yII2bRQblH3J/5lL6LFR8VecNIVFDo2kvN6HqxihsWlQYYWf3zHixnbsvkvYRAqjmzKb1qeyDKSrNj8dyXF/pZjJGDhzoJwCXcz5RZpgkjRWVT2gGPG9jSucFatKv4DpCdZEWbuIXruC3NctFQdpyfgc3ZUq1+lOJ7pfxTASK4l3deEwmCwAiWaR0jZqfFFY9bZt8EgYQ6olEDnC/Ju6LCy0g1rskuxIkqpduw5poPymyyil4OLsZH9J1HCSRBaeuZXI8XEXtpzGbosZfhKu8eAFqJELsSOAb3i+ylHOcoazD1clNZetGgFZxcw5pYWJlhBPoaoc0nRpkLmVFpgHW7/XEn8bFHU0EojmMujYPgso+s8B6Lf2YFoLnrfdgXNJ843uAHgaMsox1hHYT1p8kjDV4fFzPfzT6uzt5MaVj30qNTM2wIZjAyRViJ3NhKEa9ng64ZmvRGYHatks+51oZ93+zdvb2x6tP5PJthbNZjtwmFjrovCkcm2D6Pb5F/Uap36AulbofHzugo0axKSIK5DjT3elvw/GCUVz9KNRSHwsZ2xlNTCUh1GXuFCZkwASvkEgHQ6ftA4qGnQh5ICbhcKFP4hi1i9MdId5L1l/rOkYcvnwR9treRKLYlZFMMEfV/AN9Q52wkD/l+qhGvruQdcHzIpuYBzNVio8cp7N/RiRa6pdGgsExUniLkJSG4dlLqZhaON84+xcw0UGY35bQO1Kz6ZijKvNz5ZUNuPdUJTQH/vWq7hfx3znTK6XzOz2DCLub1sezWroVCO6uiOUUizSB79hNVDs0oLnk8MFa/eX7wdo+aIRFNQ7Gw3aTRZbHbGfW8X266z+k13Nc6EAo7Zp6fn/XDKrRBm9ZepU5ZyhuOQdSrBUOWZn451rFXjefavhFAzQMJgq1rTlTTrjPXEWJ22ImAff+YXMjXyEaBab6qToxUqphb9T5Vmtq9HaHLOvGRW9Vn+8cdgoW/ktsme67rHAu2spRJum7Hvb5MIVpfZC08EOgvogrv22NUvag6AC6daNes5puyl9AHLtmxqZGDw0kaPURLS9P9v08Knwaehfjxj8h2XWLVK99JW/lwK/5K4F5nEj26ubCHFQgfhTb9qtvJlzf03k60qEQyibwL5f8HLzFjRsvAyJObFyQJ11qKTPK596rQDaAdaT8bKWzSkfM0rjUkRSUEYlPUDG3gt13IpHmt1KKfjEalt0mGJBrObfGGgyED2EPVNV4mlJv1FLuvMluoCUaCFK/ceadKixyP0auL1QDmxgFZB9TOUDGJM+ffOReum+V6/2nm7EpRwQAnQxxCJ4/mHUuEwEPeLkFvPm2oK0jTtWgDHJ23ixv/P0U6pYlEvZbAcuYNusLBy73eB11hPPdPk52267hVumyECZFWcthYC2GCVe+zgFHjiyFmGc26QjjPFyNldxE1ndUy+AxoS6K8pdjPWPwAgoaOvws5G+5d+LD5L7aF3godJeiTcMEdQLVOqcVfXXr9uVzXGIFQ61pduLC4Ojjwqyb70N+WqJjDPgZHzxh4TXixB7BygXbjewiQ62fuN7drUiWhmsPNCmF6d7SbPND0irBlWiOWldw1hA2t6SPV9rlY1sPQiooXOkD1WcZevf1aPKb2oXz3wm8wzq+bWJFhwSd8ekQ+DV65bc9H2WoAc5b6NN1CNmVOXKT2l9bUTtAQGyUaEd6ZWZnkPrJ//rEIdWbssQTRrwwQEHRQsxXEwpmlBlj4/9Ensk+ZuSpRul3kTz5B3/niP1SU4DV3I/zpRAD4QPLlFwQ5zRClm0wam6Wz/E8i4ghPPQLg86oJUqgLeDvnHywi91eDvZExXBnJWBFvMexlt34h3i7J4Pt1kmCBiF6dx+GDX9ieckiKZUI6qyD5nV8dhDkPmmxb9UZM46z0z47aEiPcqmekkn1mDY5ZPrBfgoqc6eRR+1oBjuEHTGqT4XosIjU0YoksooEHpLl2vvUHdy0ulrykzcjjZpD3EkJ5UkcMU/qxjoPBFN14Ka7VbKpjr/ck54mLN76jVo+OYLAlUob3QlR074RlArG1US5/UNrJsQxuM16AW5lVkV6/nqPswpj5KkU8kIOz9ZF1rvjUcSOw2zTHXr7UFK6F63FB6fCY6f6Svz31lB0eW4xqnuwS8PIpXwwtt5Oi0Hw+6MK58qarsplmfR4mVud3Ge3vHqRYeIeKELnqUz70DAM0fjfhL/fE6as//z777///T8=')));
    ?>
     
    deemainer, Jul 21, 2010 IP
  2. ashishhbti

    ashishhbti Peon

    Messages:
    67
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #2
    its encoded text..may be they have used this to show a link in the footer or something like this..

    You can try just simply removing this code..

    Add you own custom footer..
     
    ashishhbti, Jul 21, 2010 IP
  3. mcfox

    mcfox Wind Maker

    Messages:
    7,526
    Likes Received:
    716
    Best Answers:
    0
    Trophy Points:
    360
  4. Rainulf

    Rainulf Active Member

    Messages:
    373
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    85
    #4
    lol the guy encoded this at least 20 times.. This is easy to decode. Just take off the eval command and keep echoing it until you see the decoded version. Here, I did it for you:
    
    include("footer_content.php"); 
    echo ' <div class="copyright"> <div class="onethousand_wrap"> <span class="left" style="margin-left:9px;">&copy; '; $zenverse_global_blogsince = get_option("zenverse_global_blogsince"); 
    if ($zenverse_global_blogsince == date("Y")) { echo date("Y"); } 
    else { echo $zenverse_global_blogsince.' - '.date("Y"); } 
    
    echo ' '.get_bloginfo('name').'</span> <span class="right" style="margin-right:9px;">Powered by <a href="http://wordpress.org/">Wordpress</a></span> <div class="clear"></div> </div><!--/onethousand_wrap--> </div><!--/copyright-->'; 
    echo '<div style="background-image:url('.get_bloginfo("template_directory").'/images/floral.gif);height:52px;"></div> <div id="footcopy" style="background-image:url('.get_bloginfo('template_directory').'/images/footer_copy.gif);height:23px;display:block;color:#dddddd;text-align:center;padding-top:10px;"> <div class="onethousand_wrap"> <a style="color:#dddddd;" id="thethemepageurl" href="http://zenverse.net/crossblock-wordpress-theme/">CrossBlock</a>  designed by <a href="http://deltamanual.com" title="manual download">DeltaManual.Com</a>  &nbsp;<span style="font-family:tahoma;color:#cccccc">|</span>&nbsp; In conjunction with <a href="http://webhosting.reviewitonline.net">Web Hosting</a>  &nbsp;&nbsp;<span style="font-family:tahoma;color:#cccccc">|</span>&nbsp;&nbsp; <a href="http://www.omnis.com/webhosting.php">Web Hosting</a>  &nbsp;&nbsp;<span style="font-family:tahoma;color:#cccccc">|</span>&nbsp;&nbsp; <a href="http://www.phone-number-trace.com">Reverse phone</a> </div> </div>'; $zenverse_global_google_analytics = get_option("zenverse_global_google_analytics"); 
    if ($zenverse_global_google_analytics != "") { echo stripslashes($zenverse_global_google_analytics); } 
    wp_footer(); 
    echo '</body> </html>';
    
    PHP:
    Now you can take off his copyright and put your own. ;)
     
    Rainulf, Jul 21, 2010 IP
    deemainer likes this.
  5. deemainer

    deemainer Active Member

    Messages:
    351
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    78
    #5
    thank you Rainulf. Much appreciated.Rep added. Just out of interest... Can you encode multiple times then?
     
    deemainer, Jul 21, 2010 IP
  6. Rainulf

    Rainulf Active Member

    Messages:
    373
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    85
    #6
    Yeah, of course you can, but if you keep encoding an encoded string, it's gonna be longer. And the more times you encode it, the more times you'll need decode it in order to run - meaning it will have longer time to load.
     
    Rainulf, Jul 21, 2010 IP
  7. dacash

    dacash Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Can you explain what you mean by "Keep echoing" ?
     
    dacash, Jul 21, 2010 IP
  8. Rainulf

    Rainulf Active Member

    Messages:
    373
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    85
    #8
    I meant echo. Like this
    
    echo gzinflate(base64_decode('blablablablabla...... '));
    
    PHP:
     
    Rainulf, Jul 21, 2010 IP
  9. dacash

    dacash Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Ok simple, i was looking for the hard thing in a simple thing. hehe Thanks
     
    dacash, Jul 22, 2010 IP
  10. gruniona

    gruniona Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    i tried to change the code of the footer, but any change i realize, always block the page :(

    what can i do?

    thank you very much!
     
    gruniona, Jun 3, 2011 IP