1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[METHOD] Check your scripts and wordpress themes for hidden nasties

Discussion in 'Black Hat SEO Tools' started by roamer, Apr 27, 2011.

  1. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Hey everyone, this is a short and very general guide, but I figured it's better to share than not to, more so since there are so many members willing and able to expand on it.


    What you'll require is an un-nulled copy of the script or theme you're trying to check. Also, and this is very important, it must be the exact same version, and must be un-obfuscated / un-encripted (ie. zend, ioncube, etc.) - yes, I'm assuming it's written in PHP, but perl will work too.

    What you do is, you get two directories, one with the virgin script, and one with the nulled one. Next, you run a program that does file compare of both directories (there are lots of them, I personally use ultracompare). It'll show you what files were modified, and you should be able to compare the code of each one to see exactly what's missing, modified or added. Don't forget to scan all files, to be on the safe side - that means .css files, and miscellaneous files used as includes and/or data for the database at installation time.


    Well, this is my little contribution to this great community, I hope it helps at least one of you. And of course, feel free to comment and expand on it, as well as recommending good tools for this task, what to look for (though that's been covered really well in other threads, afaik). :grouphug:
     
    • Thanks Thanks x 2
    Last edited: Apr 27, 2011