pharma hack, base64, spammy theme?

  • Recently had what appeared to be a hacked WP site. Checking the google cache revealed a number of spammy adult links AND a link to the “theme” – kaboodle theme to be exact… All things pointed to a relatively widespread a well documented attack referred to as the Pharma Attack. I scanned the site, found many of the “base64” functions, eval and common strings associated with the problem. As I started cleaning things up, I realized that many of the potentially new malicious files and potentially compromised files had not been modified since I had installed WP and the theme it self… Hmmmmmmm, something doesn’t add up here. I started sniffing around for other potential problems.

    As it turns out my client had downloaded his theme from the following source for FREE.

    https://themecrunch.blogspot.com/2011/05/kaboodle.html

    This theme is a Woo network theme and once I was made aware theat it was downloaded for free I became very suspect. I went over to woo themes and as I suspected it is NOT free.

    https://www.woothemes.com/2011/04/kaboodle/

    I do plan on purchasing the legitimate theme from Woo Themes and comparing.
    In the mean time my question… Are rogue / spammy themes common?

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘pharma hack, base64, spammy theme?’ is closed to new replies.