push.cx
Peter Bhat Harkins
Investigating Theme Spam
« Athenge Ops Playtested
» JavaScript: The Good Parts
Code: decoding, obfuscation, PHP, reverse engineering, spam, WordPress
1 comment
If you’re interested in what spammers are up to these days, check out Snarky’s blog post Evil Eval() investigating the obfuscated spam code hidden in the new WordPress theme he downloaded.
I’d be really interested to see how many of the themes on various WordPress sites include function calls like eval, call_user_func, base64_decode, unpack, ord, chr, etc. as an indicator of hidden spam.
As a former WordPress user and occasional hacker thereof, I’m impressed by Snarky’s deconstruction and appalled at the obfuscation. It might take longer, but this is why I’m a fan of “roll your own” theming. Of course, I also use Drupal, so YMMV.