Note: How do you investigate the malware of the Jetpack team to help protect your website sense Interest?
Then we provide you with a guarantee. The main points are suitable for everyone, but the second half of the article really requires some technical knowledge about WordPress working principles. It is really exciting to create a new business website or personal blog! It is not easy to choose a good theme to show your vision and choose the right plug -in to provide the best user experience, and it is likely to increase the cost of starting and running the project. Pirate software may be attractive as a simple measure to save costs.
In addition to software such as Windows 10, Microsoft Office or Adob \u200b\u200bE Creative Suite, you will also find pirated WordPress expansion programs. plug -in and themes that have never been permitted to plugins and themes will only increase your cost in the long run. Let me explain why.
In 2018, BSA released a global software survey, which lists some amazing numbers: [ 123]
37% of all software installed on the personal computer
The cost of repairing malware or virus installed from pirated software each year is close to 360 billion US dollars
[123 ]
Some people may argue that pirated WordPress themes or plugins will not cause damage to their computers, and will not even pose a threat to their information, because it runs on other people’s computers (also known as cloud) on the computer (also known as cloud)) Essence This can’t be mistaken again.
Questioning sales promotion
Many software engineers rely on other companies to distribute and sell their work. In addition to legal distribution channels, there are pirated software websites. They don’t have to worry about engineering code because they stole it to make profits. They spend time on sales because their only goal is to let you and install their pirated software.
If it can be obtained for free, why should you pay the developers and dealers?
We encourage youKeeping the website with the button is cautious, which may confuse you and increase their bottom line by increasing the number of website clicks. In addition, please pay attention to obvious violations of distribution, as shown in the example above.
Transactions with Meffist -Reading Details From German folk folks In the legend, Faust made a deal with the devil in order to gain more knowledge and power. Similarly, websites that provide pirated WordPress extensions do not know what returns they will get, so you have to bear all risks. Don’t worry, we will help you understand the transactions you really signed here.
I ed this cinematix theme from a dark theme website. I immediately noticed that the content of the readMe.txt file is the same as the 2.3 version of the default 271 theme.
Is it cinematix or 27 -year -old theme?
We recommend that you do not perform this operation by yourself, but because we are a security expert, I continue to operate in accordance with the instructions. I renamed the directory name from nLD_THEME_INDEXcinematix
. This feels completely unnecessary, in fact it is true.
In my WP-Admin’s theme part, I can see It seems to be closed because there is no preview picture. Maybe if I activate it, will it work? No preview available, perhaps just activating its problem.
After the activation, I received a good news, I had to buy the software! You will never ask you to buy the theme permit for free topics from the WordPress directory. There are many great high -level themes to be purchased, but usually before you . Do not pay for the theme of ing from developers or creating their companies.
But the news said that it is free … What is the wrong word?
In the name of science, I will remove this lock and use the cinematix theme for free.
As predicted, this \”cinematix theme\” is actually a free open source 27 -year -old theme in disguise. We saw this through Readme.txt in the previous Readme.txt.
Let us study the code in depth to see what we can find, but where do we get from What about starting? When it tries to convince us to pay the license we do not need, the fake theme has given us a prompt.
The theme license is invalid, please buy The message is not part of 27, it can be used as a guide for our other hate things. I found the news on /inc/template-tags.php , which also appeared in the original theme. However, code is not, it is our first hazard indicator for this malicious software.
Everything before this function was of course malicious and dangerous. Let’s take a look:
]
The first function there (
getuseripaddr () ) is not bad, but it is activate_nulled_theme () It is used to provide it when calling home and providing it to go home. Infected stationPoint information. The first thing it did was to add wp_rest_api
Users to add as administrators to the site. Here we have a second compromise indicator.
not only trying to allow you I have the opportunity to share information about your website with the author). You can see the Phone-Home code in WP-Remote_post function, which is set to the URL, IP address and credentials of sending your website. For readers who are not experts, what we see here is that the malicious code in this pirated theme will send the username and password to the hacker so that they can log in to your website. This will enable them to access private content, e -commerce store orders, and let them completely control your website.
In addition, it will also use this code
/inc/adminindex.php The copy of
wp-found
,
wp-add and wp-confload/uploads
. Can you guess what this file is doing?
It is a file uploading the back door, providing an address, administrator user, and a kind Insert any other malware they want to add. This is the last indicator of our compromise, although it is just icing on the cake at this time.
SHA1 – 6ab059929f89a77c698619a88de756f69a9f8c53 nld-theme-index/inc/adminindex.php MD5 – 940864af2095f4fcfa646d45c1dd2366 nld-theme-index/inc/adminindex.php[ 123] Conclusion The use of pirated software seems to be a simple way to reduce costs, but behind the scenes, it may have a terrible impact on your website and then adversely affect you or your visitors. As our friends in Malwarebytes shared in this article, the loopholes can use this tool package to use thisThe file uploads the back door or wp_rest_api The user adds it to your site and is used to attack any visitor browser.
We strongly recommend that you formulate a security plan for scanning and backup of malicious documents for your site.Buying your software allows developers to continue their work, but more importantly, it can ensure the security of your website and visitors.
nLD_THEME_INDEX
In addition, it will also use this code 