[METHOD] Check your scripts and wordpress themes for hidden nasties

Discussion in 'Black Hat SEO Tools' started by roamer, Apr 27, 2011.

  1. roamer

    roamer Power Member

    Dec 2, 2008
    Likes Received:
    Gfx designer, vfx and mgfx
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Hey everyone, this is a short and very general guide, but I figured it's better to share than not to, more so since there are so many members willing and able to expand on it.

    What you'll require is an un-nulled copy of the script or theme you're trying to check. Also, and this is very important, it must be the exact same version, and must be un-obfuscated / un-encripted (ie. zend, ioncube, etc.) - yes, I'm assuming it's written in PHP, but perl will work too.

    What you do is, you get two directories, one with the virgin script, and one with the nulled one. Next, you run a program that does file compare of both directories (there are lots of them, I personally use ultracompare). It'll show you what files were modified, and you should be able to compare the code of each one to see exactly what's missing, modified or added. Don't forget to scan all files, to be on the safe side - that means .css files, and miscellaneous files used as includes and/or data for the database at installation time.

    Well, this is my little contribution to this great community, I hope it helps at least one of you. And of course, feel free to comment and expand on it, as well as recommending good tools for this task, what to look for (though that's been covered really well in other threads, afaik). :grouphug:
    • Thanks Thanks x 2
    Last edited: Apr 27, 2011