1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to make sure a nulled theme is really clean?

Discussion in 'Black Hat SEO' started by DreamBigWorkHard, Mar 20, 2013.

Thread Status:
Not open for further replies.
  1. DreamBigWorkHard

    DreamBigWorkHard Registered Member

    Joined:
    Nov 20, 2012
    Messages:
    92
    Likes Received:
    11
    Occupation:
    Daydreamer
    Just came across a site called themelock, and I noticed you could almost find any premium theme there. But the problem is, I'm not sure if all the themes are actually safe to use, because some might have malicious codes injected. So how do you make sure a theme is clean? And where do malicious codes always hide? Is there a way or tool to check it out after installation?

    Thanks a lot!
     
  2. Conor

    Conor Jr. VIP Jr. VIP

    Joined:
    Nov 7, 2012
    Messages:
    3,360
    Likes Received:
    5,422
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    They hide in the "Malicious Code" folder obviously ^^

    Seriously though, no way to find out but by doing your homework. Google the site to check if it's legit. Run the theme on a local Wordpress installation (I'm assuming these are WP themes but the info applies to any big CMS I suppose), and there are a few plugins to check the authenticity and stuff of your files. Just play around a bit and see what you can find!
     
    • Thanks Thanks x 2
    Last edited: Mar 20, 2013
  3. BooBoo1982

    BooBoo1982 Newbie

    Joined:
    Mar 17, 2013
    Messages:
    1
    Likes Received:
    1
    WP plugin Theme Authenticity Checker (TAC); WP plugin AntiVirus; WP plugin ExploitScanner
     
    • Thanks Thanks x 1
  4. sysfailure

    sysfailure Junior Member

    Joined:
    Jul 24, 2009
    Messages:
    108
    Likes Received:
    55
    there was checkers plugin like those:
    Code:
    [URL]http://wordpress.org/extend/plugins/tac/[/URL]
    [URL]http://wordpress.org/extend/plugins/wp-plugin-security-check/[/URL]
    
    but my method is:
    1.download the theme on the desktop and unzip it
    2. use wingrep or fgrep (depend if i am on win or linux box) to find: "mail(" and "eval(" strings.
    check this call if exist and remove it. sure that is better check all files manual and look at code.
    hope this helps.
     
    • Thanks Thanks x 3
    Last edited: Mar 20, 2013
  5. ija61

    ija61 Senior Member

    Joined:
    Mar 2, 2011
    Messages:
    960
    Likes Received:
    634
    Gender:
    Male
    Occupation:
    The first SEO economist:)
    Location:
    Romania
    Home Page:
    • Thanks Thanks x 1
  6. dog-tag

    dog-tag Senior Member

    Joined:
    Oct 19, 2010
    Messages:
    811
    Likes Received:
    912
    Occupation:
    Full-Time Internet Marketer + Business Consultant
    Location:
    Thailand
    I use the wordpress TAC checker, reviews and sucuri.net to scan my folders.
     
    • Thanks Thanks x 1
  7. manima

    manima Newbie

    Joined:
    Jan 12, 2015
    Messages:
    2
    Likes Received:
    1
    Hi guys
    sorry for bringing up an old topic (I didn't want to create a separate topic for my question)
    my question is:
    Can I scan themes with essential tools (like TAC, exploit scanner ...) on a local sever (say wamp server) and after cleaning potentially malicious codes, I can move it to real server, is it possible?
    thanks
     
  8. Jobdollarr

    Jobdollarr Supreme Member

    Joined:
    Dec 12, 2014
    Messages:
    1,252
    Likes Received:
    151
    Occupation:
    Webmaster
    Location:
    USA
    Home Page:
    Usually only backlinks implanted into the theme.
    If you aim to membangu large websites then my advice is just buy a premium theme.
     
    • Thanks Thanks x 1
  9. manima

    manima Newbie

    Joined:
    Jan 12, 2015
    Messages:
    2
    Likes Received:
    1
    actually I just asked out of curiosity, I'm gonna lunch a simple site
    as you said "usually" , then there will maybe more than backlinks, like trojans ...
    so I can clean themes locally, then copy/move it's directory to my actual website, right?
     
    • Thanks Thanks x 1
  10. Bleght

    Bleght Power Member

    Joined:
    Feb 18, 2016
    Messages:
    516
    Likes Received:
    154
    You can if you are sure you have cleaned them successfully. But if you want to be absolutely sure, just buy the theme and have piece of mind about your sites security and use the saved time to make more money than the theme cost you.
     
    • Thanks Thanks x 1
  11. Jobdollarr

    Jobdollarr Supreme Member

    Joined:
    Dec 12, 2014
    Messages:
    1,252
    Likes Received:
    151
    Occupation:
    Webmaster
    Location:
    USA
    Home Page:
    I do not know the shape of the actual trojan.

    If the business site as sript connected with paypal.
    Then there will be dorkway aimed at stealing money.
    Or create a page redirects to a site owner theme
     
Thread Status:
Not open for further replies.