最近发现一个主题网站叫mapgress.com,主题功能很不错,无论是前台外观还是后台功能都不输给收费主题,应客户的要求拿来三个主题开始做定制化。开始做的时候就发现了,这个网站主题的footer代码不可以更改!无论是删除全部链接,还是添加自己的链接都不行!

检查了一下functions.php,发现在文件最后有一大段用base64加密的php代码!就是这段代码搞的鬼,在网上搜了下相关的帖子,有人将这段代码解密,解密结果如下

if (!empty($_REQUEST["theme_credit"])) {

    theme_usage_message();
    exit();
}

function theme_usage_message() {



    if (empty($_REQUEST["theme_credit"])) {



        $theme_credit_false = get_bloginfo("url") . "/index.php?theme_credit=false";



        echo "<meta http-equiv=\"refresh\" content=\"0;url=$theme_credit_false\">";
        exit();
    } else {



        $rk_url = get_bloginfo('template_directory');

        $homepage = get_bloginfo('home');

        echo ("<div style=\"width:800px; margin:auto; padding:15px; text-align:center; background-color:#FFFFFF; border:5px solid #FF0000; color:#000000\">");

        echo ("<div><img src=\"$rk_url/images/error.jpg\" alt=\"Error\" /></div>");

        echo ("<div style=\"font-size:36px;\"><b>Opps..You Have Modified The Footer Links..</b></div>");

        echo ("<div style=\"font-size:15px;\"><b>This Theme Is Released Free For Use Under Creative Commons Licence. All Links In The Footer Must Remain Intact AS IS. These Links Are All Family Friendly And Will Not Hurt Your Site In Any Way. Please Appreciate These Supporters Effort In Providing You This Great Theme For Free.</b></div>");

        echo ("<div style=\"font-size:16px; padding-top:20px;\"><b>Please Follow These Steps To Restore The Footer: <ol><li>Please open the default folder, you'll find footer.php inside</li><li>Copy &amp; paste it to overwrite the current footer.php you've modified.</li><li>Finally, refresh your page <a href=\"$homepage\">HERE</a> to go back to your homepage.</li></ol></b></div></div>");
    }
}

function check_theme_footer() {

    $l = '<a href="http://www.magpress.com" title="WordPress Theme" target="_blank">WordPress Theme</a> By MagPress<br /><span class="credit">Thanks To <a href="http://nhshospitaljobs.com" title="NHS Hospital Jobs" target="_blank">NHS Hospital Jobs</a> | <a href="http://nhsnursetraining.com" title="NHS Nurse Training" target="_blank">NHS Nurse Training</a> | <a href="http://nhsjobslondon.com" title="NHS Jobs London" target="_blank">NHS Jobs London</a>';

    $f = dirname(__file__) . "/footer.php";

    $fd = fopen($f, "r");

    $c = fread($fd, filesize($f));

    fclose($fd);
    if (strpos($c, $l) == 0) {

        theme_usage_message();

        die;
    }
}

check_theme_footer();

if (!function_exists('get_sidebar')) {

    function get_sidebar() {

        check_theme_header();

        get_sidebar();
    }

}

function check_theme_header() {

    if (!(function_exists("functions_file_exists") && function_exists("theme_footer_v"))) {

        theme_usage_message();

        die;
    }
}

function functions_file_exists() {

    if (!file_exists(dirname(__file__) . "/functions.php") || !function_exists("theme_usage_message")) {

        theme_usage_message();

        die;
    }
}

add_action('wp_head', 'check_theme_header');

add_action('wp_head', 'functions_file_exists');

如果仅仅将这些代码删除会造成网页变成空白,经试验只要删除下面这句代码即可

check_theme_footer();

还好不是攻击性的代码,假设免费主题里用base64隐藏了一段恶意代码,或许会盗窃你服务器的信息,或许会攻击访问你网站的人,这将是多么可怕的事情!这就提醒我们安装免费主题一定要提高警惕,先检查一下主题里有没有藏脏东西!对于wordpress我们可以安装一个名叫TAC (Theme Authenticity Checker)插件来检测被隐藏的代码。插件安装后在外观选项卡下就可以找到TAC,它会告诉你你的主题里是否有经过加密的代码,是否有固定链接等等信息。

容易出问题的免费主题多是私人制作的主题,知名网站发布的免费主题出问题的概率不高。

下载免费主题,先在本地安装调试,千万不要轻易传到自己的服务器上激活使用,确保主题文件干净再使用。这里有一篇关于免费主题隐藏恶意代码的文章,大家可以参考下,说的很在理。

Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else

 

 

16条留言

  1. 问一下,最近网站好像被插入恶意代码了,但是源文件里没有发现,该怎样处理呢?

    1. 不一定在wordpress的源文件里,目录下有没有多文件?
      建议安装病毒扫描插件,把检测到的可疑文件删除或修复
      https://wordpress.org/plugins/gotmls

      删除后在用http://sitecheck.sucuri.net/确认是否有病毒

  2. 2Static Link(s) Found… 用TAC检查出这个怎么办?显示Theme OK!

    1. 如果想移除,做个全文件夹搜索,找出来删掉。不然就不管它,一般都是主题作者链接。

  3. 可不可以帮我破解个主题哦

    1. 删除check_theme_footer()管用的,我发了一份改好的到你邮箱

      1. 非常感谢 博主的热情帮助 真是非常感谢 祝你 新年快了
        我在chinaz的base64解码后 复制了一份footer.php 改了名字 加了个footers.php 然后在functions.php 里面吧$f = dirname(__file__) . “/footer.php”;

        这段代码 中的footer.php 重定向到footers.php 。。也能使用。 嘿嘿。。。。
        灰常感谢博主 新年快了

  4. 那怎么办?你能帮我改改吗?

  5. 为什么我无法删除,删除这段代码网页就空白!求助!

    这是解密后的代码,该怎么删呢?
    function theme_usage_message() {
    global $themename, $shortname;
    $rk_url = get_bloginfo(‘template_directory’);
    echo (“”);
    echo (“”);
    echo (“Opps..You Have Modified The Footer Links..This Theme Is Deactivated!“);
    echo (“This Theme Is Released Free For Use Under Creative Commons Licence. All Links In The Footer Must Remain Intact AS IS. Please Appreciate These Supporters Effort In Providing You This Great Theme For Free.“);
    echo (“Please Follow These Steps To Restore The Footer:Please redownload $themename Theme directly on our website.Copy & paste all default files and folders into the theme folder via http://FTP.Finally, refresh your page to go back to your homepage.”);}
    function check_theme_footer() {
    $l = ‘Expedia WordPress Theme By iContact CouponAmazon Coupon Codes | General Web Directory | Max Workouts‘;
    $f = dirname(__file__) . “/footer.php”;
    $fd = fopen($f, “r”);
    $c = fread($fd, filesize($f));
    fclose($fd); if (strpos($c, $l) == 0) {
    theme_usage_message(); die; }}
    function check_theme_header() {
    if (!(function_exists(“functions_file_exists”) && function_exists(“theme_footer_v”))) { theme_usage_message(); die; }}
    function functions_file_exists() {
    if (!file_exists(dirname(__file__) . “/functions.php”) || !function_exists(“theme_usage_message”) ) { theme_usage_message(); die; }}
    add_action(‘wp_head’, ‘check_theme_header’);
    add_action(‘wp_head’, ‘functions_file_exists’);
    check_theme_footer();

    1. 删除最后那句check_theme_footer()好使吗,这代码里所有写的die;的地方都有可能让代码停止运行。

评论功能已关闭