Author Topic: Malicious code in some of those Wordpress Themes perhaps??  (Read 2124 times)

ContentWriter

  • Guest
Malicious code in some of those Wordpress Themes perhaps??
« on: April 27, 2011, 12:20:44 PM »
An eye-opening read...


Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else

http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/



Offline Wayne

  • Sr. Member
  • Posts: 527
  • Let's EAT: Exposure-Action-Trade
    • View Profile
    • Mercs LLC: Action Oriented Technology
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #1 on: April 27, 2011, 06:10:18 PM »
After having read that article in the midst of fighting a virus in my hosting a while back, I went through all the files in my hosting looking for eval() and base64() and found a bunch of themes in my "to look at"/"recommended" pile that hid links and/or other junk. Fortunately, I'd not been using any of those, so I just deleted them.

The thing that caught me slightly off guard was that a number of plugins, including some from the RRW archives, also use the same techniques to "hide" their code. I have no reason not to trust the author of the primary culprits, but it reminded me to be careful what I put on my production server!

I also found that much of the Wishlist Member code is obfuscated like that as well. I highly doubt they've got anything unsavory in there, but, again, just reminded me to pay attention to what I'm putting on my servers.

Thanks for the reminder.

Offline Donald

  • Sr Member
  • Posts: 2,452
    • View Profile
    • My Blog
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #2 on: April 28, 2011, 12:42:09 AM »
Thanks for that Karen, have bookmarked that page.

Donald

ContentWriter

  • Guest
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #3 on: April 28, 2011, 01:50:45 AM »
Any PHP scripts no matter they come from; I guess we should all be careful
and check each & every one before using.

When dealing with Resell Rights products, there's no telling how many hands
they pass through before the end user gets them. And that's no reflection on
who or where we get them from of course.

Even having something outsourced for our personal use or as an original for
resale, the coder could put something in without our knowing it.

Most coders are good, honest people but, there are a few out there who for
some unknown reason, take delight in wreaking havoc on a large scale.

Very sad indeed.

~Karen


Offline padre

  • Sr. Member
  • Posts: 264
    • View Profile
    • Padre Art Productions
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #4 on: April 28, 2011, 04:06:23 AM »
Thanks for the link Karen, great info.

Being new to WP, I'm not sure how to find the code to check it out.

My only WP site was set up by a third party and had a suspicious plug-in that had a warning to not remove or the site wouldn't work properly.  After removal the site works fine but probably not for the plug-in owners.

It wouldn't be surprising to find some of the base64 code as well.  If it's there does that mean the theme needs to be replaced or just remove the bad code?

Cheers
Padre Art Productions ~ http://goo.gl/Bie8a
Classic Old Photos ~ http://goo.gl/HlGX3
Padre Art Prints ~ http://goo.gl/YN96W

Offline Wayne

  • Sr. Member
  • Posts: 527
  • Let's EAT: Exposure-Action-Trade
    • View Profile
    • Mercs LLC: Action Oriented Technology
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #5 on: April 28, 2011, 11:55:59 AM »
Padre,

The base64 is just a way to hide what the code does. It doesn't mean the code does mean nasty stuff, just that someone wants to keep it hidden.

The WPMU article uses a couple tools to check things out. You can do the same.

HTH

Offline Mark Austin

  • Admin
  • Posts: 7,962
  • Life is like photography. Use negatives to develop
    • View Profile
    • Resell Rights Weekly
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #6 on: April 28, 2011, 08:50:15 PM »
Karen,

Thanks good info to have - thanks for sharing!

Mark
“Keep away from people who try to belittle your ambitions. Small people always do that,
but the really great makes you feel that you, too, can become great.”
~ Mark Twain

promomxr

  • Guest
Re: Malicious code in some of those Wordpress Themes perhaps??
« Reply #7 on: April 28, 2011, 09:53:22 PM »
Karen,

Thanks good info to have - thanks for sharing!

As a coder (home schooled) I've known about the base64 to hide issues like copyrighting and the likes to protect your work, etc. Yes, I had thought about the ability to use it maliciously but to be quite frank I believe the majority of people are honest. Especially professionsl coders. I think what opened my eyes was the idea of 3rd party intervention to promote thier own evil deeds. WOW! Never even thought in those terms. Shame on me as I am so security minded.

eval() was a new one for me. Guess I getting to old and not seeing code the way I used to. LOL

Anyhow great find and for now I bookmarked it.
Howard