13 มีนาคม 2018 Codeconyon Codeconyon

rnOur conclusion is that this practice of posting plugins containing malicious code is typical for these sites. Moreover, when in their very own comments area people warn about malicious “extras” they have found in the plugins, the admin readily replaces them with “retail” versions.

Why not do it from the very beginning?. rnI’m not going to link directly to that site, but you can find those comments using this Google search.

  • Visual Composer Clipboard v3.2.5Legacy v5.2 ai??i?? White label WordPress Admin Theme
  • Visual Composer ai??i?? 3D Menu Flyer for Restaurant and CafeUserPro v4.9 ai??i?? User Profiles with Social Login
  • FullPage for Visual Composer v1.7.2Woocommerce Donation plugin v1.7
  • User Profiles Made Easy v2.2.03 ai??i?? WordPress PluginPopping Sidebars and Widgets for WordPress v2.1.3
  • EventOn Slider Addon v2.8.1Save & Share Cart for WooCommerce v2.13

rnThe “patch” has changed since last June. While the added files look the same (one long line of commented out PHP code with a short payload in the middle of the comments), they work differently. In all of them, the payload looked more or less like this (added formatting for readability):rn/l. php ), as well as the base64 encoded URL: base64decode” c3BhbWNoZWNrci5jb20vY2hlY2sucGhw “rnURL into the header of WordPress pages for users not logged in ( wordpresstestcookie not set).

Category Subdomain Pro v2.0UserPro v4.9 ai??i?? User Profiles with Social Login

However, it doesn’t happen every time. The chances of an injection are ), so you might need to browse quite a few pages before you can detect it. rnBehind the spamcheckr URL’s we currently see these adwat.

ch scripts:rnAdwat. ch is a URL shortening service that shows full-page ads that can’t be closed for a few seconds when people click on their short URL’s. Since no one likes obtrusive ads, and there are many better alternative services out there, adwat.

ch shares ad revenue with people who shrink URLs using their service to encourage people to use their site. The injected code participates in the revenue sharing program with nulled wordpress template PluginNulled.com the ID 234224 . rnThe injected code doesn’t have to always be that adwat. ch script.

It’s being downloaded from the spamcheckr server and can be pretty much anything: benign, obtrusive or even outright malicious. rnFor example, some people reported that infected sites also redirected to adf.

ly ads. We noticed some periods of inactivity when spamcheckr returned the following Google Analytics code:rnThis Google Analytics ID UA-27917097-1 also has a long history of being used in unwanted code that some plugins injected into WordPress pages. Two years ago, people reported an older GA code with that very ID being injected along with hidden spammy links. rnmay eventually return some exploit code that will attack site visitors or redirect them to a malicious site. rnEveryone knows that using pirated software is bad.

Not just ethically bad. It’s stupid. Why trust people who don’t respect property, and whose business is stealing? Just ask yourself a question, where did they get so many paid software titles, and why do they give it away for free?rnforum. Note how they mention ” not original “, ” not official ” when specifying the plugins where they found the malicious code. If you know it’s not original, why install it on your server?rnIt’s not always about the money.

Oftentimes, it’s likely just a lack of knowledge. We’ve found these plugins on websites that made decent money for their owners, on sites that used upscale hosting solutions, and on websites with owners who were willing to pay for extra services. What makes them search for pirated plugins when they can afford paying for original plugins? What makes them install pirated plugins and risk losing site reputation through unwanted ads, redirects and malware? What makes them install pirated plugins if they may give control of their sites to hackers (via backdoors)? It is probably a lack of knowledge. rnThink about what you install on your server. Any third-party software that you install can do pretty much anything with your site, and in some cases, with your server. Not all functions may be declared.

Many themes and plugins consist of thousands of lines of code and it takes only one line to add a backdoor that can potentially devastate your site.

120 views

แสดงความคิดเห็น

Leave a Reply