[wp-hackers] Free themes have backlinks and backdoors inserted in code?

Mayur somani somani.mayur at gmail.com
Mon Jan 26 09:07:09 GMT 2009 

At least the most trivial ways to insert backlinks can be prevented by plugin.
What do you say?

On Mon, Jan 26, 2009 at 2:31 PM, DD32 <wordpress at dd32.id.au> wrote:
> grepping for http:// wont help, they'll just obfuscate it.
>
> Ways which it'd be possible to insert malicious links:
> include()(remote url) / fopen() / JS / eval() / urldecode() / chr() /
> . (string concat'ing 'h' . 'tt' . 'p')..
>
> In short.. If you make a plugin, It'll be worked around by the
> majority of those who insert the links..
>
> 2009/1/26 Brian Krausz <brian at nerdlife.net>:
>> Alternatively, it would be really neat to regex-out any URL from theme
>> files, and compare it to a list of malicious sites (or build a list of links
>> to external URLs, easily done with a code equivalent of `grep -R "http://"
>> *`).  Then, maybe whenever a user goes to activate a theme (or on the theme
>> selection page), show them that list.
>>
>> --Brian
>>
>> On Mon, Jan 26, 2009 at 3:50 AM, Mayur somani <somani.mayur at gmail.com>wrote:
>>
>>> Hi,
>>>
>>> While researching on some of the, so called, black hat SEO strategies,
>>> I found many tricks to insert backlinks and backdoors into free
>>> wordpress themes and then distributing them.
>>>
>>> Now this is unacceptible. So, please list any of the ways you know to
>>> insert backlinks and backdoors into themes files. I am planning to
>>> write a plugin that will scan all the theme files to report any
>>> malicious code there.
>>>
>>> Thank you for your time.
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list