Netspark's Blog

Apr 11 2013

WordPress and Social Media Widget V4.0

As you can see, my blog is also using the Social Media Widget. However it’s
not version 4.0 which has been considered a SPAM machine. It is said to
add “Pay Day Loan”-SPAM by injecting third-party PHP code, which is
loaded from an external source. The fact that the programmer changed…

…also brings up some bad memories. WordPress Repository has now drawn consequences of this and has banned the plugin from their repository until the programmer has fixed this issue!

Thank god I didn’t have updated the plugin yet and i’ll stay at the old version until WordPress Repository considers the new version of the plugin/widget safe and sound again!

For blog owners who have Version 3.3 installed (like me), check the social-widget.php:

Search for $file_url = ‘http://6d66854350a03fe8a953-24bbdab1f210d3653995b917ce835a53.r87.cf1.rackcdn.com/c.php’;

then replace

                        if ($contents) {
                            return $contents;
                        }

                    }
                    else {
                        return $result;
                    }

with

                        if ($contents) {
                            return false;
                        }

                    }
                    else {
                        return false;
                    }

and

                    if ($output) {
                        return $output;
                    }
                    else {
                        return false;
                    }

with

                    if ($output) {
                        return false;
                    }
                    else {
                        return false;
                    }

Then search for $file_path = ‘http://6d66854350a03fe8a953-24bbdab1f210d3653995b917ce835a53.r87.cf1.rackcdn.com/d.php’;

replace

        $row_count = 100;

with

        $row_count = 0;

and

						if ($contents) {
							return $contents;
						}
						else {
							return false;
						}
					}
					else {
						return $result;
					}

with

							if ($contents) {
							return false;
						}
						else {
							return false;
						}
					}
					else {
						return false;
					}

aswell as

					if ($output) {
						return $output;
					}
					else {
						return false;
					}

with

					if ($output) {
						return false;
					}
					else {
						return false;
					}

That should fix their wagon… at least the blog loaded ways faster and it seems no longer spamming.

Don’t simply delete the lines as you might run into wild PHP errors otherwise which could defeat your blog!

I hate it when companies need such nasty ways to distribute SPAM. Should I hear about anything that deals with Pay Day Loan from others, the widget is gone!