1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Opencart Nulled Scripts & Malicious Code

Discussion in 'General Scripting Chat' started by Brainstorm389, Mar 2, 2016.

  1. Brainstorm389

    Brainstorm389 Registered Member

    Joined:
    Dec 23, 2015
    Messages:
    79
    Likes Received:
    39
    Occupation:
    Business Owner
    Location:
    Athens, Greece
    Hello!

    I'm helping a friend build his website in Opencart since I've used it before and using it for some time now as well. Since Opencart is pretty "naked" to say the least, in terms of features, I've installed some legit bought plugins I had from my previous installations but he's not willing to pay what's needed for some others ( cache, seo plugins etc which are expensive ) to make his store function the way he wants.

    So, to get to the point, how could he be safe in using nulled scripts in his web store? I found some from marketplaces that ask 5/7 dollars per plugin/module, and since I'm not making the calls here, he's willing to pay instead of buying a regular licence of 90 dollars for some of them. I don't have a problem installing nulled or cracked plugins on his website, but is there a way to check them beforehand to see if there's malicious code or anything else that could harm the store or the server that's hosting it?

    I found some PHP scripts that check the base64 encode inside the plugin/module but I don't know if it will work or if we'll get false positives.

    What are my options here? Since I can't convince him to give 300 dollars on plugins instead of 30 ( well, it's really tempting actually ), do anyone here know of a good way to make sure the nulled script is clean? I know that in the end I'll just go buy them for him and install them, but I want to avoid cleaning his website/server afterwards cos of all the whining and "ball busting" I'll receive till everything's fixed.

    Thanks a lot in advance :)
     
  2. ophelis

    ophelis Newbie

    Joined:
    Aug 28, 2015
    Messages:
    12
    Likes Received:
    1
    Occupation:
    salesman
    Location:
    Sofia
    I dont know of such a way, but you should really both think about it, before using such scripts. Also what kind of scripts do you need exactly?

    Most extensions have free alternatives that work. The only thing you REALLY need to buy is a SEO plugin and a Template.
     
  3. Brainstorm389

    Brainstorm389 Registered Member

    Joined:
    Dec 23, 2015
    Messages:
    79
    Likes Received:
    39
    Occupation:
    Business Owner
    Location:
    Athens, Greece
    Hello, and sorry for the late reply.

    I'm totally against nulled scripts and even if someone can't afford an extension, then they must wait until they can buy it.

    The only thing I installed for him ( nulled ) was an SEO extension that he finally bought afterwards.

    For the record, I used some scripts to check for PHP malicious injections/code or whatever. They all showed that the extension was clean, so I gues they either didn't find anything bad inside the code or the extension was so perfectly cracked that it didn't show any signs of malicious code.

    The scripts were :

    hxxs://github.com/mikestowe/Malicious-Code-Scanner
    hxxp://www.mikestowe.com/blog/2010/10/php-malicious-code-scanner.php

    I don't know if I'm allowed yet to paste links so I edited them. I also used something else that I can't find a link for.

    Cheers!