The MU forums have moved to WordPress.org

More nasty "attacks" (4 posts)

  1. arezki
    Member
    Posted 14 years ago #

    I noticed WP MU is a potential security hazard. Folks, with nothing good to do with their lives and talents find ways to embed nasty things. I noticed one of the themes I installed called "Smilies Army" says it is "designed by Free Counter, Coded by Online Casino, tested by Online Pharmacy 21." When you actually google this expression, you will see a number of sites that have no idea that they are being used. So, what do you watch for to prevent these "attacks?" Are there any tools that can be used to bullet proof sites against these idiots? Also, for those using MU, can they create a a new template with basic functionalities and NOT ALLOW anyone to temper with the theme or choose another one? The idea is to just allow them to post comments. thanx a bunch

  2. SteveAtty
    Member
    Posted 14 years ago #

    There is not a lot you can do with third party themes apart from go through them line by line and remove any links/keywords like that.

    There are several basic clean themese for WP/WPMU that don't have user editable options and if as the admin you lock down the theme to just one then no-one can change anything.

  3. andrea_r
    Moderator
    Posted 14 years ago #

    "I noticed one of the themes I installed "

    It's in the code of the them that *you* installed. If you're grabbing a free theme willy-nilly off anyplace other that the repository or a well-known themer, then you absolutely have to check the theme over for things like this before you upload it to your site.

    For the theme in question, check out the footer.php. If it is garbled, that means it's encoded, and it was most definitely in the theme before you installed it. So ditch the theme or fix the footer to remove the encoding.

  4. Ovidiu
    Member
    Posted 14 years ago #

    lol, seriously, its exactly as Andrea said: YOU are using their theme. even if it were on your own private single wordpress blog it would be your responsability to check the theme, even more so being on a wpmu isntallation, where yo urae responsible for more blgos than just your one.

About this Topic