5ThirtyOne

Derek Punsalan

Media Temple

WordPress & Joomla theme users beware!

Thanks to Milo for giving me the heads-up concerning the discomforting news which targets WordPress & Joomla users.

Templates Browser is re-distributing public blog themes which are modified in such a way as to exploit the end user by inserting hidden spam or malware links. A quick search concerning the website pulls up the following links on AboutUs, Joomla forums, and Onnoot – here & here.

The links are inserted via an additional functions.php file which is included with the theme downloads. If you’re shopping around for public themes, I strongly recommend that you download directly from the original authors website.

Unfortunately, one of my own public themes – 5ThirtyOne V2 – is one of the "dirty" themes that has been modified and is currently being redistributed.

Spread the word and inform other WordPress & Joomla users – Digg this.

Take Care of your Hosting Issues

Make sure you have safe and secure hosting for your website. Sometimes unix web hosting is a more secure option, so do your hosting research before paying the big bucks. Take care of your website hosting issues today!

Backblaze unlimited secure online backups Find out what Backblaze can do for your online backups

Related Posts

68 Comments • RSS

  1. Carl says:
    April 11, 2009 at 12:48 pm

    There are a few that do this … joomlatp.com and jooma2u.net download free templates then put in their own code for their sites and pass of the templates as their own ..

    be aware of those two .. as they might one day put other stuff in

    Reply
  2. pascualrandy says:
    May 23, 2009 at 12:55 am

    How can we stop this kind of treats?
    is it detected by our personal antivirus or anti malware?

    thanks for this info

    Reply
  3. Jorge says:
    July 11, 2009 at 11:57 am

    I use wordpress themes in my sites, how can I check if there is any malware on my theme code?

    Reply
  4. nitendra says:
    July 28, 2009 at 7:35 am

    Yeah its true i think bcoz my site got same problem i had to delete everything and uploaded everything from scratch.

    Reply
  5. irma says:
    October 14, 2009 at 12:19 am

    It looks a suspicious site. It’s just a collection of templates without any information about the owner of the site

    Reply
  6. Techilli says:
    October 21, 2009 at 8:56 am

    For wordpress, there’s a plugin called Theme Authenticity Checker (TAC) available for verifying that the themes files are safe and doesn’t contain any malicious code in them.

    Reply
  7. kpb says:
    October 23, 2009 at 6:49 pm

    Great article, and thanks for the heads up!
    I downloaded a theme once that had Adsense ad units, with the creators Publisher ID. Not really malicious, but it was sneaky.

    Reply

« Older

Leave a Reply

Comments may be held for moderation. If your comment does not appear immediately, do not repost. I reserve the right to remove any inappropriate or off-topic comments. If you plan on sharing helpful code, please pass it through Postable first. Want other to know who you are? Register a Gravatar.

Syndicate

Subscribe via RSS or Email

Advertisements

Explore

9rules network

5THIRTYONE

Public projects

Select project

Something new

Fresh content

Show Latest

Muro – HTML5 drawing tool Check out deviantART's HTML5 drawing tool. Super slick and a joy to work with. Makes you wonder why basic desktop drawing tools *cough* Microsoft Paint *cough* still exist. Link