[wp-hackers] Free themes have backlinks and backdoors inserted in code?

Otto otto at ottodestruct.com
Mon Jan 26 14:39:46 GMT 2009


On Mon, Jan 26, 2009 at 3:01 AM, DD32 <wordpress at dd32.id.au> wrote:
> grepping for http:// wont help, they'll just obfuscate it.
>
> Ways which it'd be possible to insert malicious links:
> include()(remote url) / fopen() / JS / eval() / urldecode() / chr() /
> . (string concat'ing 'h' . 'tt' . 'p')..
>
> In short.. If you make a plugin, It'll be worked around by the
> majority of those who insert the links..

True, but at the same time it could be useful as a early warning
device. I've seen a plugin along these lines, but I can't find it
anywhere now. :(

99% of the themes I see with this stuff in them contain either "eval"
or "base64_decode" in them. Of course, there's other ways to
obfuscate, and no one method will find them all, but having an early
warning on theme activation could be useful.


More information about the wp-hackers mailing list