Prevent Nulled themes/plugins from "calling home"

purity

purity

Well-known member
Trusted Uploader
Nov 4, 2018
664
3,027
100
Gemany
Hi community,

if I would use nulled themes/plugins in production, how can I detect that they are "phoning home" and how can I avoid it?

Are there certain possibilities or how to protect yourself against it?

Or can that never be prevented?
 
nesym

nesym

Active member
Babiato Lover
Sep 8, 2019
366
191
43
You can check the source code and look for outgoing requests and URLs.
 
nesym

nesym

Active member
Babiato Lover
Sep 8, 2019
366
191
43
purity said:
how exactly can I do that? What do I have to look for?
Click to expand...

If you are using Linux you can grep through all the files and search for strings like "www" "http" "https" additional queries and so on.
 
  • Like
Reactions: purity
purity

purity

Well-known member
Trusted Uploader
Nov 4, 2018
664
3,027
100
Gemany
nesym said:
If you are using Linux you can grep through all the files and search for strings like "www" "http" "https" additional queries and so on.
Click to expand...

Okay, many thanks. I'm actually using linux and can try this on various themes/plugins.
Is there actually still the base64 encoding/encryption for themes and plugins?
 
nesym

nesym

Active member
Babiato Lover
Sep 8, 2019
366
191
43
purity said:
Okay, many thanks. I'm actually using linux and can try this on various themes/plugins.
Is there actually still the base64 encoding/encryption for themes and plugins?
Click to expand...
If you see a base64 encoding stay away from these themes/plugins. They are probably with preinstalled malware. Also, don't be too afraid because most themes come with a GPL license because the authors use many many free libraries to build those themes upon. Chill. Don't be to paranoic about it but be paranoid if you see base64 encoding.
 
  • Like
Reactions: purity and Masood
sanishan

sanishan

Member
Banned User
Dec 15, 2019
44
33
18
Some developers hide calls back URL In base64 or even use hex to hide the URL.
Some are clever enough to hide the actual URL in SVG, JPG, TXT or any other file .. which is very hard to find.

Some use different variable in whole plugin file like $h='http'; somewhere $_B='://"; somewhere else $b='complete.com/url';

And when they want to use they could use base64 with eval to join those variables and call back, this kind of link is very very hard to find.

Thanks,
 
  • Like
Reactions: purity
RealHacker

RealHacker

Well-known member
Trusted Uploader
Dec 30, 2018
305
687
93
Yes i do this myself.

OPTION-1: Via Snitch Plugin-
https://wordpress.org/plugins/snitch/

Plugin will display details (origin code location, http request details, etc) about all outgoing http network calls made by wordpress, plugins, theme, etc and allows you to block those network calls by various ways (url, plugin, etc).

EDIT: You can instead of blocking network call via plugin, comment off the code which make that http network call. You get the location of code in the source code which originates the network call via above plugin.

OPTION-2: Via mentioning whitelisted domains/urls for whole wordress site in wp-config-
With this method you block all outgoing calls except whitelisted domains/urls. Example snippet to be added to wp-config of your wordpress site is as below (make adjustments according to your needs)-

define('WP_HTTP_BLOCK_EXTERNAL', true);
define('WP_ACCESSIBLE_HOSTS','wordpress.org,.wordpress.org,elementor.com,.elementor.com');

If it helped, give a like.
 
Last edited:
  • Like
Reactions: Borte, purity, dreamland69 and 1 other person
You must log in or register to reply here.

Similar threads

dfgfgfhj
Prevent android source code from decompile
Replies
0
Views
530
General Discussion
dfgfgfhj
dfgfgfhj
6ixMedia SA
How do I get my nulled resources approved?
Replies
2
Views
382
General Discussion
6ixMedia SA
6ixMedia SA
RiaanN
Netmix 1.0.8 Nulled
Replies
4
Views
565
General Discussion
kasperdz
kasperdz
Escanor64
I need sound advice concerning using a nulled script for a serious project
Replies
4
Views
665
General Discussion
Escanor64
Escanor64
ghostriderfrommars
Nulled Apps Problem
Replies
7
Views
1K
General Discussion
barimahagyapong
barimahagyapong
START MAKING $750+/DAY

Latest posts

Forum statistics

Threads
69,435
Messages
909,670
Members
239,362
Latest member
ameliaislaking

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom