One thing I love to do is to investigate different wordpress themes. I love it! I love the ideas that people share with each other and the different layouts, colours etc. Its always an inspiration to view all the different aspects and ideas.
Recently, I downloaded this one theme, that I was considering adapting for a friends blog and lo and behold it had something evil in the footer or should I say eval.
This is the code in the footer:
<?php $_F=__FILE__;$_X='Pz4JPGQ0diA0Z...rubbish
...=';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJ etc rubbish
It worried me a little, then I laughed, because I thought of how you can’t really stop people from decoding or stealing your work (not that I advocate this!) if they really, really want to. You can however make it harder or as most people see it more challenging.
I began my quest on the internet. I found some sites that warned against using themes with base 64 code as they may contain malicious attacks, scripts etc. Then I thought, why not find out what it actually says before freaking out.
This site helped: http://danilo.ariadoss.com/decoding-_f__file___x-eval-base64_decode/
As did this: http://www.tareeinternet.com/scripts/byterun.php
So after running the evil script through the decoder (which took a second) I found that it basically was running a script and that script was to stop people from removing credits from the bottom. Which is fine. I don’t have a problem with that as nothing annoys me more than people STEALING – bad!
This is just a post to help you investigate what codes a theme is using and making sure that there is nothing malicious in an encrypted footer.php page. This in no way advocates removing of authors credits.
Loading ...
Sasha has been a photoshop nerd and photographer for over 10 years now. She loves to share information and make the world a more colourful place, perhaps a little photoshop enhanced.
No Comments