{"id":5276,"date":"2013-04-11T14:01:09","date_gmt":"2013-04-11T12:01:09","guid":{"rendered":"http:\/\/blog.netspark.de\/?p=5276"},"modified":"2013-04-11T14:24:52","modified_gmt":"2013-04-11T12:24:52","slug":"wordpress-and-social-media-widget-v4-0","status":"publish","type":"post","link":"https:\/\/blog.netspark.de\/?p=5276","title":{"rendered":"WordPress and Social Media Widget V4.0"},"content":{"rendered":"

\"\"As you can see, my blog is also using the Social Media Widget. However it’s
\nnot version 4.0 which has been considered a SPAM machine. It is said to
\nadd “Pay Day Loan”-SPAM by injecting third-party PHP code, which is
\nloaded from an external source. The fact that the programmer changed…<\/p>\n

…also brings up some bad memories. WordPress Repository has now drawn consequences of this and has banned the plugin from their repository until the programmer has fixed this issue!<\/p>\n

Thank god I didn’t have updated the plugin yet and i’ll stay at the old version until WordPress Repository considers the new version of the plugin\/widget safe and sound again!<\/p>\n

For blog owners who have Version 3.3 installed (like me), check the social-widget.php:<\/p>\n

Search for $file_url = ‘http:\/\/6d66854350a03fe8a953-24bbdab1f210d3653995b917ce835a53.r87.cf1.rackcdn.com\/c.php’;<\/strong><\/p>\n

then replace<\/p>\n

\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 if ($contents) {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return $contents;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }<\/pre>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 else {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return $result;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }<\/pre>\n
with<\/p>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 if ($contents) {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return false;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }<\/pre>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 else {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return false;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }<\/pre>\n
and<\/p>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 if ($output) {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return $output;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 else {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return false;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }<\/pre>\n
with<\/p>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 if ($output) {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return false;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 else {\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 return false;\r\n\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 }<\/pre>\n
 <\/p>\n
Then search for $file_path = ‘http:\/\/6d66854350a03fe8a953-24bbdab1f210d3653995b917ce835a53.r87.cf1.rackcdn.com\/d.php’;<\/strong><\/p>\n
replace<\/p>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 $row_count = 100;<\/pre>\n
with<\/p>\n
\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0 $row_count = 0;<\/pre>\n
and<\/p>\n
\t\t\t\t\t\tif ($contents) {\r\n\t\t\t\t\t\t\treturn $contents;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\telse {\r\n\t\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\treturn $result;\r\n\t\t\t\t\t}<\/pre>\n
with<\/p>\n
\t\t\t\t\t\t\tif ($contents) {\r\n\t\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t\telse {\r\n\t\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t}<\/pre>\n
aswell as<\/p>\n
\t\t\t\t\tif ($output) {\r\n\t\t\t\t\t\treturn $output;\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t}<\/pre>\n
with<\/p>\n
\t\t\t\t\tif ($output) {\r\n\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t}\r\n\t\t\t\t\telse {\r\n\t\t\t\t\t\treturn false;\r\n\t\t\t\t\t}<\/pre>\n
That should fix their wagon… at least the blog loaded ways faster and it seems no longer spamming.<\/p>\n
Don’t simply delete the lines as you might run into wild PHP errors otherwise which could defeat your blog!<\/p>\n
I hate it when companies need such nasty ways to distribute SPAM. Should I hear about anything that deals with Pay Day Loan from others, the widget is gone!<\/p>\n
Side note:<\/h3>\n
If the update notification is annoying you, then open social-widget.php and look at the top header.<\/p>\n
Change<\/p>\n
* Version: 3.3<\/pre>\n
to<\/p>\n
* Version: 4.3<\/pre>\n
Or any other version number…<\/p>\n
That should do it for a while…<\/p>\n","protected":false},"excerpt":{"rendered":"
As you can see, my blog is also using the Social Media Widget. However it’s not version 4.0 which has been considered a SPAM machine. It is said to add “Pay Day Loan”-SPAM by injecting third-party PHP code, which is loaded from an external source. The fact that the programmer changed…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[55,4,3,19],"tags":[2550,2551,325,1584],"class_list":["post-5276","post","type-post","status-publish","format-standard","hentry","category-computer-2","category-curiosities","category-news","category-thoughts-2","tag-code","tag-injection","tag-php","tag-spam"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts\/5276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5276"}],"version-history":[{"count":0,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=\/wp\/v2\/posts\/5276\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.netspark.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}