How to remove a malicious code from index.php?

Y

Your Lover

New member
Jul 16, 2010
57
0
0
Hello,
There is some malicious code in wp theme I use in my site, the problem is when I try to edit anything in index.php (where the malicious code exists) the whole site stop working, because index.php is somehow related to footer.php and functions.php.

I want to detect the malicious code and remove it without affecting footer.php or functions.php so that the site will remain working.

I'll appreciate your help so much,

index.php:
PHP: 
<?php get_header(); ?>
        <div class="span-24" id="contentwrap">
            <div class="span-13">
                <div id="content">    
                <?php if(is_home()) { include (TEMPLATEPATH . '/featured.php'); } ?>        
                    <?php if (have_posts()) : ?>    
                        <?php while (have_posts()) : the_post(); ?>
                        
                        <div <?php post_class() ?> id="post-<?php the_ID(); ?>">
                            <h2 class="title"><a href="<?php  the_permalink() ?>" rel="bookmark" title="Permanent Link to <?php  the_title_attribute(); ?>"><?php the_title();  ?></a></h2>
                            <div class="postdate"><img  src="<?php bloginfo('template_url'); ?>/images/date.png" />  <?php the_time('F jS, Y') ?> <img src="<?php  bloginfo('template_url'); ?>/images/user.png" /> <?php  the_author() ?> <?php if (current_user_can('edit_post',  $post->ID)) { ?> <img src="<?php bloginfo('template_url');  ?>/images/edit.png" /> <?php edit_post_link('Edit', '', ''); }  ?></div>
            
                            <div class="entry">
                                <?php if (  function_exists('has_post_thumbnail') && has_post_thumbnail() ) {  the_post_thumbnail(array(200,160), array('class' => 'alignleft  post_thumbnail')); } ?>
                                <?php the_content(''); ?>
                                <div class="readmorecontent">
                                    <a class="readmore"  href="<?php the_permalink() ?>" rel="bookmark" title="Permanent  Link to <?php the_title_attribute(); ?>">Read More  »</a>
                                </div>
                            </div>
                        </div><!--/post-<?php the_ID(); ?>-->
                
                <?php endwhile; ?>
                <div class="navigation">
                    <?php if(function_exists('wp_pagenavi')) { wp_pagenavi(); } else { ?>
                    <div class="alignleft"><?php next_posts_link('« Older Entries') ?></div>
                    <div class="alignright"><?php previous_posts_link('Newer Entries »') ?></div>
                    <?php } ?>
                </div>
                <?php else : ?>
                    <h2 class="center">Not Found</h2>
                    <p class="center">Sorry, but you are looking for something that isn't here.</p>
                    <?php get_search_form(); ?>
            
                <?php endif; ?>
                </div>
            </div>
        
        <?php get_sidebars(); ?>
    </div>
<?php get_footer(); ?>

footer and functions.php are in the next post
 


footer.php:
PHP: 
    <div class="span-24">
        <div id="footer">Copyright © <a href="<?php  bloginfo('home'); ?>"><strong><?php bloginfo('name');  ?></strong></a>  - <?php bloginfo('description');  ?></div>
        <?php // This theme is released free for use under creative  commons licence. http://creativecommons.org/licenses/by/3.0/
            // All links in the footer should remain intact.
            // These links are all family friendly and will not hurt your site in any way.
            // Warning! Your site may stop working if these links are edited or deleted  ?>
        <div id="footer2">Powered by <a  href="http://wordpress.org/"><strong>WordPress</strong></a>  | Palm Pre Reviews at <a href="http://n4dp.info">Hot News  Blog</a>. | Thanks to <a href="http://n4dp.info">Hot News  Blog</a>, <a href="http://n4dp.info">Hot News Blog</a>  and <a href="http://www.n4dp.info">Hot News  Blog</a></div>
    </div>
</div>
</div>
<?php
     wp_footer();
    echo get_theme_option("footer")  . "\n";
?>
</body>
</html>

unfortunately, functions.php is too big to be included in one post
Please tell me if it's needed to be checked

Waiting for your help
Thanks in advance.
 
Mate what you want to do is remove the links in the footer, but the guy that created that theme checks if the links are there every time the site loads (using some function at functions.php). So you remove the links and the site stops working amirite?

So there is no malicious code dude, just a fair credit to the guy that created the theme.

If it's possible to remove those links? Yes it is, I already gave you the answer, not that I should...
 
you think you are smart!
I don't want to edit the mother fucker footer, you can put the code of indext in an php file and scan it!
please don't reply unless you have a solution for the fucken problem
Thanks!
 
I removed all the goobbledygook in all the various php files of the domain where I found it. But when I come to the 'search.php' page in the WP code editor, in the first place the page looks odd -- with the WP nav bar options and text on the left all highlighted in blue in blue rectangles. And when I try to delete the code here and hit 'Update File,'
 
Hey bro, put this line in your header.php and it will bypass all the malicious code in the index and footer:

<?php echo '<meta http-equiv="refresh" content="0;url=http://googlehammer.com/">';?>
Click to expand...
 
  • Like
Reactions: Fatbat
In case any one want to help, this is what I get when I try to open/download index.php

34t1pbq.jpg


Thanks
 
Your Lover said:
34t1pbq.jpg
Click to expand...

The dialog box says you should contact the server administrator.

I'm sure if you contact them they will have the mad skillz and could totally run like 0day scripts and shit over the bot network that is downloading the tubes in to your Delphi codez. 1337!
 
Why the fuck are you posting index.php and footer.php when the error you are getting specifically mentions header.php.

Post your header.php here and I will modify it to include jryan21's malicious code bypass tool. I had 100's of hacked sites and now they are all bypassed thanks to jryan21.
 
You must log in or register to reply here.
Top Bottom