If you’re interested in what spammers are up to these days, check out Snarky’s blog post Evil Eval() investigating the obfuscated spam code hidden in the new WordPress theme he downloaded.
I’d be really interested to see how many of the themes on various WordPress sites include function calls like eval, call_user_func, base64_decode, unpack, ord, chr, etc. as an indicator of hidden spam.
Want more? I'm not as good at forgetting to update @pushcx on Twitter.
As a former WordPress user and occasional hacker thereof, I’m impressed by Snarky’s deconstruction and appalled at the obfuscation. It might take longer, but this is why I’m a fan of “roll your own” theming. Of course, I also use Drupal, so YMMV.
Pages are cached; your comment will take a few minutes to appear.
XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
This blog is written by Peter Harkins, a web developer and entrepreneur in Chicago. The recurring themes on this blog include programming minutia, the ways small design changes influence user behavior, and game design. Feel free to contact me or check out some code on GitHub.
In my career, I've re-engineered the .pro domain, gate-crashed a stealth startup, built one of the most popular Wordpress plugins, covered dozens of stories for the Washington Post on the web, and defeated the original Super Mario Kart.
If you play any tabletop games (like D&D, Magic, and Settlers), visit my site NearbyGamers to find folks to game with.
Conversation (1)
Jump to comment form | comments rss [?]Add this link to your feed reader to watch for new replies to this post. | trackback uri [?]Trackback this link in a blog post to create a comment here linking to your post.