What kind of malicious code should I be on the lookout for in WP themes? - GoFuckYourself.com

DHDChris · 09-15-2010, 03:33 PM

I'm looking through a few WordPress themes for any malicious code. I'm on the lookout for encoded / encrypted code, and any obvious things (like changing emails, accessing unnecessary db records, sql injections). However, I'm not sure what subtle function calls to look for. I'm thoroughly familiar with programming and php, but not so much with the WordPress functions.

Any ideas?

Thanks,
Chris

Vertigo · 09-16-2010, 12:15 AM

Few days back, my non-adult WP site was infected with a malicious code. I only realized it when I opened my site and it was redirecting to some site in Russia. In my next attempt, I somehow managed to check the source code of my site before it could redirect and immediately informed my host. Host found the malicious code and immediately removed it. There was a huge dump of malicious code in the footer of the page.

Luckily, no sensitive information was transmitted as I use OpenDNS. When I checked the OpenDNS logs, I could literally see the entry as blocked. If I hadn't been using OpenDNS, any sensitive data could easily have been transmitted.

So far, I have found no traces as to which plugin or theme this infection came from. So its a bit difficult to answer your question. But may be you can get more information on this in the WP forums.

MrRob · 09-16-2010, 01:08 AM

There are a couple of security plugins that may remove that shit. Try "Secure WordPress" and "WP Security Scan".
Get them @ wordpress.org

You should NEVER install free themes found on forums or on other free download sites. I suggest you buy a theme from a site like Themeforest.net and get one of the more popular themes that is updated regularly.

One other thing that is helpful and that is to rename Admin to something completely different.

Vertigo · 09-16-2010, 01:54 AM

Forgot to attach the screenshot.

Apart form MrRob's suggestions and for added safety/security, you can also try to use the OpenDNS which blocks transmitting of any sensitive data just in case your site or any site visited is infected.

DHDChris · 09-16-2010, 05:22 PM

Thank you for the responses, guys. I will check out the WP plugins and OpenDNS.

fatfoo · 09-17-2010, 03:07 PM

I suppose you shouldn't check for problems yourself. Get the program that checks for problems.

Bec · 09-18-2010, 07:49 AM

You should also look over this Theme Authenticity Checker plugin

2intense · 09-19-2010, 01:22 PM

Quote:

Originally Posted by adultweb4u

Few days back, my non-adult WP site was infected with a malicious code. I only realized it when I opened my site and it was redirecting to some site in Russia. In my next attempt, I somehow managed to check the source code of my site before it could redirect and immediately informed my host. Host found the malicious code and immediately removed it. There was a huge dump of malicious code in the footer of the page.

Luckily, no sensitive information was transmitted as I use OpenDNS. When I checked the OpenDNS logs, I could literally see the entry as blocked. If I hadn't been using OpenDNS, any sensitive data could easily have been transmitted.

So far, I have found no traces as to which plugin or theme this infection came from. So its a bit difficult to answer your question. But may be you can get more information on this in the WP forums.

pornguy · 09-20-2010, 08:09 AM

Believe it or not, it is usually best to buy a theme..

Vertigo · 10-01-2010, 02:20 AM

Quote:

Originally Posted by Bec

You should also look over this Theme Authenticity Checker plugin

Thanks, I will get this plugin in the sites ASAP.

09-15-2010, 03:33 PM	#1
DHDChris Registered User Industry Role: Join Date: Nov 2009 Location: Las Vegas Posts: 18	What kind of malicious code should I be on the lookout for in WP themes? I'm looking through a few WordPress themes for any malicious code. I'm on the lookout for encoded / encrypted code, and any obvious things (like changing emails, accessing unnecessary db records, sql injections). However, I'm not sure what subtle function calls to look for. I'm thoroughly familiar with programming and php, but not so much with the WordPress functions. Any ideas? Thanks, Chris __________________ 65% Revenue share with NO Pre-checked Cross-Sales - DirtyHardCash FHGs \| Morphing RSS Feed \| ICQ 586-006-959 Dirty Hard Drive Network: Katie Kox,Teagan Presley, The Squirt Instructor, Kiera King

09-16-2010, 05:22 PM	#5
DHDChris Registered User Industry Role: Join Date: Nov 2009 Location: Las Vegas Posts: 18	Thank you for the responses, guys. I will check out the WP plugins and OpenDNS. __________________ 65% Revenue share with NO Pre-checked Cross-Sales - DirtyHardCash FHGs \| Morphing RSS Feed \| ICQ 586-006-959 Dirty Hard Drive Network: Katie Kox,Teagan Presley, The Squirt Instructor, Kiera King

09-17-2010, 03:07 PM	#6
fatfoo ICQ:649699063 Industry Role: Join Date: Mar 2003 Posts: 27,763	I suppose you shouldn't check for problems yourself. Get the program that checks for problems. __________________ Send me an email: [email protected]

09-20-2010, 08:09 AM	#9
pornguy Too lazy to set a custom title Industry Role: Join Date: Mar 2003 Location: Homeless Posts: 62,897	Believe it or not, it is usually best to buy a theme.. __________________ PornGuy skype me pornguy_epic AmateurDough The Hottes Shemales online! TChicks.com \| Angeles Cid \| Mariana Cordoba \| MAILERS WELCOME!

09-16-2010, 12:15 AM	#2
Vertigo Confirmed User Industry Role: Join Date: Aug 2008 Posts: 131	Few days back, my non-adult WP site was infected with a malicious code. I only realized it when I opened my site and it was redirecting to some site in Russia. In my next attempt, I somehow managed to check the source code of my site before it could redirect and immediately informed my host. Host found the malicious code and immediately removed it. There was a huge dump of malicious code in the footer of the page. Luckily, no sensitive information was transmitted as I use OpenDNS. When I checked the OpenDNS logs, I could literally see the entry as blocked. If I hadn't been using OpenDNS, any sensitive data could easily have been transmitted. So far, I have found no traces as to which plugin or theme this infection came from. So its a bit difficult to answer your question. But may be you can get more information on this in the WP forums.

09-16-2010, 01:08 AM	#3
MrRob Registered User Industry Role: Join Date: Sep 2010 Posts: 92	There are a couple of security plugins that may remove that shit. Try "Secure WordPress" and "WP Security Scan". Get them @ wordpress.org You should NEVER install free themes found on forums or on other free download sites. I suggest you buy a theme from a site like Themeforest.net and get one of the more popular themes that is updated regularly. One other thing that is helpful and that is to rename Admin to something completely different.

09-16-2010, 01:54 AM	#4
Vertigo Confirmed User Industry Role: Join Date: Aug 2008 Posts: 131	Forgot to attach the screenshot. Apart form MrRob's suggestions and for added safety/security, you can also try to use the OpenDNS which blocks transmitting of any sensitive data just in case your site or any site visited is infected.

09-18-2010, 07:49 AM	#7
Bec Confirmed User Join Date: Jul 2004 Location: Ohio Posts: 293	You should also look over this Theme Authenticity Checker plugin