Message on Wordpress site after upgrading PHP

Question

I have upgraded the server to PHP 5.3 recently and I just noticed that one of the sites that uses wordpress has this message appeared at the top of every pages.

. // // Alexey A.Znayev, znaeff@mail.ru, http://xbsoft.org, http://xbsoft.ru // /////////////////////////////////////////////////////////////////////////// // This file contains public class DNSBL // This class performs IP address check in spam blocking lists as described // on http://ru.wikipedia.org/wiki/RBL class DNSBL { private $_aCheckers = array( // list of checkers available for individual checking 'spamhaus' => array('.zen.spamhaus.org', true), //available for group checking with 'all' key 'spamcop' => array('.bl.spamcop.net', true), //available for group checking with 'all' key 'dsbl' => array('.list.dsbl.org', false), //not available for group checking with 'all' key 'ordb' => array('.relays.ordb.org', false), //not available for group checking with 'all' key 'sorbs' => array('.dnsbl.sorbs.net', false), //not available for group checking with 'all' key 'njabl' => array('.dnsbl.njabl.org', false) //not available for group checking with 'all' key ); // AZ - 1. Key 'all' is illegal // AZ - 2. Most of spammer IP addresses is ...........

The other sites that use Drupal, Magento, & Symfony don't have a problem.

Any idea?

Thanks.

hc.

Answer 1

First, make sure that your server is still executing PHP. For that, just create a simple php page with this : <?php phpinfo(); ?> and call it from your browser. If you see all your server's information, it's fine. If you see nothing, there's a problem with your server. (don't forget to remove the file as it gives a lot of information on your server)

If the phpinfo thing works, I would make a search on all files on this site to find one of the sentence. For example, use a tool to search for "array('.bl.spamcop.net', true)" in all the files. If you find it, please post the content here.

Do you use Linux for your site? Do you have a copy of your Website on your computer? Can you connect remotely to your computer through a shell or something similar? (sorry, can't use the comment feature because of my low rep)

---

Edit : Like "nevermind" said, check the file with the name DNSBL.php. It looks like something to prevent spam. Maybe you have a security plugin of some sort?

If you have Linux on your server and have a shell access, you can issue this command to find the file: find / -name 'DNSBL.php'

---

Edit #2 : The file you found should look like this (the first lines) :

<?
///////////////////////////////////////////////////////////////////////////
//
//    DNSBL - Spam IP address checker.
//    Copyright (C) 2011 Alexey A.Znayev

From what you copied in your question, it looks like everything is missing until "Alexey A.Znavev".

If the file is fine, check the source code of one of the the page that displays the text on your site (ctrl+u on most browsers). What do you see in it? Is there more "weird" stuff at the beginning of the page?