Saturday, 25 July 2015 22:59

Malicious templates Featured

Written by
Rate this item
(0 votes)


There are numerous sites advertising free templates but you have to watch out. File sharing sites are the most common place to get a free template or from a friend if you read the joomla forums. Nowadays more and more unsavoury distributors of templates have come on the scene trying to cash in on joomla success and catch unwary users.

Several companies in the past have been known to just put hard coded links into their files. Eg Themza whose method was to call an encoded gif {menu_col.gif} file to place a spam link in the menu and also in the footer. a sample of the code
A big discussion on

 

themza is at http://forum.joomla.org/viewtopic.php?p=1827027 They also do not state they are gpl as they have restrictions on you altering their code. They still continue their practice as can be seen in the screenshot A newer trick is to place a piece of code into a file and mark it, for those interested to look, as a security check

/*security feature START*/ if ($this->countModules("left") && $this->countModules("right")) {$compwidth="60";} else if ($this->countModules("left") && !$this->countModules("right")) { $compwidth="80";} else if (!$this->countModules("left") && $this->countModules("right")) { $compwidth="80";} else if (!$this->countModules("left") && !$this->countModules("right")) { $compwidth="100";} eval(str_rot13('shapgvba purpx_sbbgre(){$y=\'dhnyvglwsdfsjdfyngrf.pbz\';$s=qveanzr(__SVYR__).\'/vaqrk.cuc\'; $sq=sbcra($s,\'e\');$p=sernq($sq,svyrfvmr($s));spybfr($sq);vs(fgecbf($p, $y)==0){rpub \'Nhgube yvax zhfg erznva vagnpg.\';qvr;}}purpx_sbbgre();'));function artxReplaceButtons($content){$re = artxReplaceButtonsRegex();} /*security feature END*/ ?> I have jumbled the coded letters to prevent linking. or even clearer but strangely in the same file from joomlathemes.co aka joomlatemplates.me $host = substr(hexdec(md5($_SERVER['HTTP_HOST'])),0,1); $url1 = "http://joomlatemplates.me/3.1"; $text1 = array("Simple Joomla Templates","Best Joomla Template","Joomla Blog Template","Joomla Tema", "Free Joomla Template","Gratis Joomla","Plantillas Joomla","Customize Joomla Template","Joomla шаблоны", "Download Joomla Templates"); $url2 = "http://aboutwebhost.com/ipage-review/"; $text2 = array("iPage Reviews","iPage Hosting","iPage Coupon","iPage Complaints", "iPage Review","iPage Hosting Review","iPage","iPage.com","User Reviews iPage", "iPage Reviews"); echo "".$text1[$host]." by ".$text2[$host]."";

This varies in its method by using an array to randomly change the bait text. Here is another interesting case for a template provider advertising wordpress templates on a joomla template.

div id="hdd">Templates Joomla 1.7 by Wordpress themes free

Since these practices came to light and people started avoiding them, it has become more common to use various different names that all lead to the same sites. freshjoomlatemplates aka qualityjoomlatemplates aka joomlaskins aka livedemos.net joomlathemes.co aka joomlatemplates.me It has been stated that these download sites are not "malicious" just "link spamming" template providers. Most of these sites provide legitimate free templates from other developers repackaged with the 'dodgy' code inside. It is up to you, the user to decide to use them or not.

There are numerous sites advertising free templates but you have to watch out. File sharing sites are the most common place to get a free template or from a friend if you read the joomla forums. Nowadays more and more unsavoury distributors of templates have come on the scene trying to cash in on joomla success and catch unwary users.

Several companies in the past have been known to just put hard coded links into their files. Eg Themza whose method was to call an encoded gif {menu_col.gif} file to place a spam link in the menu and also in the footer. a sample of the code
A big discussion on themza is at http://forum.joomla.org/viewtopic.php?p=1827027 They also do not state they are gpl as they have restrictions on you altering their code. They still continue their practice as can be seen in the screenshot A newer trick is to place a piece of code into a file and mark it, for those interested to look, as a security check

/*security feature START*/ if ($this->countModules("left") && $this->countModules("right")) {$compwidth="60";} else if ($this->countModules("left") && !$this->countModules("right")) { $compwidth="80";} else if (!$this->countModules("left") && $this->countModules("right")) { $compwidth="80";} else if (!$this->countModules("left") && !$this->countModules("right")) { $compwidth="100";} eval(str_rot13('shapgvba purpx_sbbgre(){$y=\'dhnyvglwsdfsjdfyngrf.pbz\';$s=qveanzr(__SVYR__).\'/vaqrk.cuc\'; $sq=sbcra($s,\'e\');$p=sernq($sq,svyrfvmr($s));spybfr($sq);vs(fgecbf($p, $y)==0){rpub \'Nhgube yvax zhfg erznva vagnpg.\';qvr;}}purpx_sbbgre();'));function artxReplaceButtons($content){$re = artxReplaceButtonsRegex();} /*security feature END*/ ?> I have jumbled the coded letters to prevent linking. or even clearer but strangely in the same file from joomlathemes.co aka joomlatemplates.me $host = substr(hexdec(md5($_SERVER['HTTP_HOST'])),0,1); $url1 = "http://joomlatemplates.me/3.1"; $text1 = array("Simple Joomla Templates","Best Joomla Template","Joomla Blog Template","Joomla Tema", "Free Joomla Template","Gratis Joomla","Plantillas Joomla","Customize Joomla Template","Joomla шаблоны", "Download Joomla Templates"); $url2 = "http://aboutwebhost.com/ipage-review/"; $text2 = array("iPage Reviews","iPage Hosting","iPage Coupon","iPage Complaints", "iPage Review","iPage Hosting Review","iPage","iPage.com","User Reviews iPage", "iPage Reviews"); echo "".$text1[$host]." by ".$text2[$host]."";

This varies in its method by using an array to randomly change the bait text. Here is another interesting case for a template provider advertising wordpress templates on a joomla template.

div id="hdd">Templates Joomla 1.7 by Wordpress themes free

Since these practices came to light and people started avoiding them, it has become more common to use various different names that all lead to the same sites. freshjoomlatemplates aka qualityjoomlatemplates aka joomlaskins aka livedemos.net joomlathemes.co aka joomlatemplates.me It has been stated that these download sites are not "malicious" just "link spamming" template providers. Most of these sites provide legitimate free templates from other developers repackaged with the 'dodgy' code inside. It is up to you, the user to decide to use them or not.

http://web.archive.org/web/20150216033139im_/http://urbanshakemagazine.com/wp-content/uploads/2011/08/Oh-Yes-Its-Free-sign.jpg

Read 2043 times Last modified on Tuesday, 18 August 2015 03:20

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.