[wp-hackers] Free themes have backlinks and backdoors inserted in
code?
Joost de Valk
joost at yoast.com
Mon Jan 26 09:41:43 GMT 2009
Anyone serious about doing this kind of thing would only show the
links to search engine bots, or would at least prevent the links from
showing to any IP where an admin has logged in from.
Best,
Joost
On Jan 26, 2009, at 10:07 AM, Mayur somani wrote:
> At least the most trivial ways to insert backlinks can be prevented
> by plugin.
> What do you say?
>
> On Mon, Jan 26, 2009 at 2:31 PM, DD32 <wordpress at dd32.id.au> wrote:
>> grepping for http:// wont help, they'll just obfuscate it.
>>
>> Ways which it'd be possible to insert malicious links:
>> include()(remote url) / fopen() / JS / eval() / urldecode() / chr() /
>> . (string concat'ing 'h' . 'tt' . 'p')..
>>
>> In short.. If you make a plugin, It'll be worked around by the
>> majority of those who insert the links..
>>
>> 2009/1/26 Brian Krausz <brian at nerdlife.net>:
>>> Alternatively, it would be really neat to regex-out any URL from
>>> theme
>>> files, and compare it to a list of malicious sites (or build a
>>> list of links
>>> to external URLs, easily done with a code equivalent of `grep -R
>>> "http://"
>>> *`). Then, maybe whenever a user goes to activate a theme (or on
>>> the theme
>>> selection page), show them that list.
>>>
>>> --Brian
>>>
>>> On Mon, Jan 26, 2009 at 3:50 AM, Mayur somani <somani.mayur at gmail.com
>>> >wrote:
>>>
>>>> Hi,
>>>>
>>>> While researching on some of the, so called, black hat SEO
>>>> strategies,
>>>> I found many tricks to insert backlinks and backdoors into free
>>>> wordpress themes and then distributing them.
>>>>
>>>> Now this is unacceptible. So, please list any of the ways you
>>>> know to
>>>> insert backlinks and backdoors into themes files. I am planning to
>>>> write a plugin that will scan all the theme files to report any
>>>> malicious code there.
>>>>
>>>> Thank you for your time.
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list