What kind of malicious code should I be on the lookout for in WP themes?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • DHDChris
    Registered User
    • Nov 2009
    • 18

    #1

    What kind of malicious code should I be on the lookout for in WP themes?

    I'm looking through a few WordPress themes for any malicious code. I'm on the lookout for encoded / encrypted code, and any obvious things (like changing emails, accessing unnecessary db records, sql injections). However, I'm not sure what subtle function calls to look for. I'm thoroughly familiar with programming and php, but not so much with the WordPress functions.

    Any ideas?

    Thanks,
    Chris
    65% Revenue share with NO Pre-checked Cross-Sales - DirtyHardCash
    FHGs | Morphing RSS Feed | ICQ 586-006-959
  • Vertigo
    Confirmed User
    • Aug 2008
    • 131

    #2
    Few days back, my non-adult WP site was infected with a malicious code. I only realized it when I opened my site and it was redirecting to some site in Russia. In my next attempt, I somehow managed to check the source code of my site before it could redirect and immediately informed my host. Host found the malicious code and immediately removed it. There was a huge dump of malicious code in the footer of the page.

    Luckily, no sensitive information was transmitted as I use OpenDNS. When I checked the OpenDNS logs, I could literally see the entry as blocked. If I hadn't been using OpenDNS, any sensitive data could easily have been transmitted.

    So far, I have found no traces as to which plugin or theme this infection came from. So its a bit difficult to answer your question. But may be you can get more information on this in the WP forums.

    Comment

    • MrRob
      Confirmed User
      • Sep 2010
      • 92

      #3
      There are a couple of security plugins that may remove that shit. Try "Secure WordPress" and "WP Security Scan".
      Get them @ wordpress.org

      You should NEVER install free themes found on forums or on other free download sites. I suggest you buy a theme from a site like Themeforest.net and get one of the more popular themes that is updated regularly.

      One other thing that is helpful and that is to rename Admin to something completely different.

      Comment

      • Vertigo
        Confirmed User
        • Aug 2008
        • 131

        #4
        Forgot to attach the screenshot.



        Apart form MrRob's suggestions and for added safety/security, you can also try to use the OpenDNS which blocks transmitting of any sensitive data just in case your site or any site visited is infected.

        Comment

        • DHDChris
          Registered User
          • Nov 2009
          • 18

          #5
          Thank you for the responses, guys. I will check out the WP plugins and OpenDNS.
          65% Revenue share with NO Pre-checked Cross-Sales - DirtyHardCash
          FHGs | Morphing RSS Feed | ICQ 586-006-959

          Comment

          • fatfoo
            ICQ:649699063
            • Mar 2003
            • 27763

            #6
            I suppose you shouldn't check for problems yourself. Get the program that checks for problems.
            Send me an email: [email protected]

            Comment

            • Bec
              Confirmed User
              • Jul 2004
              • 293

              #7
              You should also look over this Theme Authenticity Checker plugin

              Comment

              • 2intense
                Too lazy to set a custom title
                • Dec 2009
                • 12495

                #8
                Originally posted by adultweb4u
                Few days back, my non-adult WP site was infected with a malicious code. I only realized it when I opened my site and it was redirecting to some site in Russia. In my next attempt, I somehow managed to check the source code of my site before it could redirect and immediately informed my host. Host found the malicious code and immediately removed it. There was a huge dump of malicious code in the footer of the page.

                Luckily, no sensitive information was transmitted as I use OpenDNS. When I checked the OpenDNS logs, I could literally see the entry as blocked. If I hadn't been using OpenDNS, any sensitive data could easily have been transmitted.

                So far, I have found no traces as to which plugin or theme this infection came from. So its a bit difficult to answer your question. But may be you can get more information on this in the WP forums.
                Most Affordable Firewall & Malware Protection for Linux Servers

                Comment

                • pornguy
                  Too lazy to set a custom title
                  • Mar 2003
                  • 62912

                  #9
                  Believe it or not, it is usually best to buy a theme..
                  PornGuy skype me pornguy_epic

                  AmateurDough The Hottes Shemales online!
                  TChicks.com | Angeles Cid | Mariana Cordoba | MAILERS WELCOME!

                  Comment

                  • Vertigo
                    Confirmed User
                    • Aug 2008
                    • 131

                    #10
                    Originally posted by Bec
                    You should also look over this Theme Authenticity Checker plugin
                    Thanks, I will get this plugin in the sites ASAP.

                    Comment

                    Working...