WARNING - FREE to exploit

17 replies
We all love "free" and there are certainly some great freebies on the web - WordPress immediately comes to mind. But tread carefully when you're grabbing those free themes off the net. Many free themes contain base64 encrypted code, which may or may not be evil. Some encrypted code may be legitimate but some may contain links to external sites or worse. Stick with themes from WordPress › Free WordPress Themes or premium themes (although I'd check them too) and you should be safe.
You can use the following tools to check for theme exploits, especially if you're hosting free themes.

WordPress › TAC (Theme Authenticity Checker) « WordPress Plugins
Checks for malicious code and static links.

If the encrypted code begins with php $0, copy and paste here to decrypt it:
Otto's decoder

If the code starts with $_F=__FILE__: copy and paste here to decrypt it:
php $_F=__FILE__;$_X= Byterun Decoder

If the code starts with eval(gzinflate(base64_decode('...')));: copy and paste here to decrypt it
eval gzinflate base64_decode Online Decode Tool

For more general scanning:
WordPress › Exploit Scanner « WordPress Plugins
Search the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers.

We all love "free" but it may just cost you if you're not careful.
#exploit #free #warning
  • Profile picture of the author Andyhenry
    Good post Brian - sensible warning and useful shares.
    Signature

    nothing to see here.

    {{ DiscussionBoard.errors[4615058].message }}
  • Profile picture of the author tpw
    I am posting on this thread, just so I can quickly find it again later. Good stuff.
    Signature
    Bill Platt, Oklahoma USA, PlattPublishing.com
    Publish Coloring Books for Profit (WSOTD 7-30-2015)
    {{ DiscussionBoard.errors[4615192].message }}
    • Profile picture of the author Brian Alaway
      I have a test blog just for testing plugins and themes and it's a real eye opener to see how many free themes actually contain encrypted/hidden code.
      {{ DiscussionBoard.errors[4615339].message }}
      • Profile picture of the author tpw
        Originally Posted by Brian Alaway View Post

        I have a test blog just for testing plugins and themes and it's a real eye opener to see how many free themes actually contain encrypted/hidden code.

        I am still pissed about WordPress.org distributing one file with a normal build that is encrypted.

        I discovered it when I was trying to clean up a WP installation that was hacked.

        There are complaints on the WP.org site about it, but everyone kind of just blows it off as a funny easter egg. I for one am not amused by it.
        Signature
        Bill Platt, Oklahoma USA, PlattPublishing.com
        Publish Coloring Books for Profit (WSOTD 7-30-2015)
        {{ DiscussionBoard.errors[4615352].message }}
        • Profile picture of the author Brian Alaway
          Originally Posted by tpw View Post

          I am still pissed about WordPress.org distributing one file with a normal build that is encrypted.

          I discovered it when I was trying to clean up a WP installation that was hacked.

          There are complaints on the WP.org site about it, but everyone kind of just blows it off as a funny easter egg. I for one am not amused by it.
          Yea, that's not cool at all. Hopefully it's a rare exception but that just opens the floodgates when the mutants know it's possible to slip something in there.
          {{ DiscussionBoard.errors[4615386].message }}
        • Profile picture of the author SteveJohnson
          Originally Posted by tpw View Post

          I am still pissed about WordPress.org distributing one file with a normal build that is encrypted.

          I discovered it when I was trying to clean up a WP installation that was hacked.

          There are complaints on the WP.org site about it, but everyone kind of just blows it off as a funny easter egg. I for one am not amused by it.
          Maybe I'm searching for the wrong terms, but I can't find any mention of that in the forums. I also can't find a file that's encrypted by any 'normal' methods. Can you shoot me a link to where you're seeing this?
          Signature

          The 2nd Amendment, 1789 - The Original Homeland Security.

          Gun control means never having to say, "I missed you."

          {{ DiscussionBoard.errors[4616191].message }}
  • Profile picture of the author thelibidoguy
    Good stuff to know i was just looking at wordpress not long ago. I will now be more cautious than ever when i look into more avenues of online "work". Thanks!
    {{ DiscussionBoard.errors[4615614].message }}
    • Profile picture of the author JohnMcCabe
      Just because you paid for a theme does not mean it's clean. I'd use the same caution when buying premium themes as when grabbing free ones.
      {{ DiscussionBoard.errors[4615760].message }}
      • Profile picture of the author Brian Alaway
        Originally Posted by JohnMcCabe View Post

        Just because you paid for a theme does not mean it's clean. I'd use the same caution when buying premium themes as when grabbing free ones.
        Absolutely. Fortunately TAC doesn't discriminate and will check all installed (not just the activated) themes.
        {{ DiscussionBoard.errors[4615983].message }}
  • Profile picture of the author Vimal Gobin
    Is TAC compatible with the latest WP? Cause on the plugin's page, it's written "Compatible up to: 3.0.5"..
    {{ DiscussionBoard.errors[4616215].message }}
    • Profile picture of the author Brian Alaway
      Originally Posted by Vimal Gobin View Post

      Is TAC compatible with the latest WP? Cause on the plugin's page, it's written "Compatible up to: 3.0.5"..
      Haven't had any problems running it on the latest WP version. But as with a number of plugins that don't require always being on, I activate it, let it do it's checking/reporting and then deactivate it. Just make sure to still keep it updated.
      {{ DiscussionBoard.errors[4616234].message }}
  • Profile picture of the author Vimal Gobin
    Awesome! I'm off scanning right away!
    {{ DiscussionBoard.errors[4616370].message }}
  • Profile picture of the author polishstorm
    awesome post. Should help as a newbie...
    {{ DiscussionBoard.errors[4616376].message }}
  • Profile picture of the author Patrick
    Many theme creators ( who give it for free ) encrypt their "designed by" or "created by" part.

    Pay some respect to the one giving it to you for free..
    {{ DiscussionBoard.errors[4616389].message }}
    • Profile picture of the author Brian Alaway
      Originally Posted by schwarzes View Post

      Many theme creators ( who give it for free ) encrypt their "designed by" or "created by" part.

      Pay some respect to the one giving it to you for free..
      That may be true but assuming that's what is encrypted could be very dangerous, whether it's in a free theme or a paid theme.
      {{ DiscussionBoard.errors[4616426].message }}
      • Profile picture of the author Patrick
        Originally Posted by Brian Alaway View Post

        That may be true but assuming that's what is encrypted could be very dangerous, whether it's in a free theme or a paid theme.

        Those you will find in themes from external sites..from Wordpress.org you wont get such a thing...
        {{ DiscussionBoard.errors[4616494].message }}

Trending Topics