Folks who follow this blog know that the look has changed over the past week.
Part of the reason why this happened is because I wanted to change things up. I upgraded to WordPress 2.5 – no probs there. And I looked for a different theme to mark the change.
So I looked for a freebie to act as a stop-gap and found a theme that was GNU-licensed and open-source, which would allow me the flexibility to change things up. I found one at a free WP theme meta-site, which seemed fine, and I installed the theme.
Then I got around to looking at the PHP code to see where I could tweak things, and I noticed some strange, base-64 encoded strings in some of the files.
Commence mental alarm bells.
So I look at some of the WP developer blogs (those referenced in the default RSS feed on the WP admin page of almost every WordPress-driven site) and found this post from an open-source theme developer. It seems that some of his themes had been swallowed up by a free theme meta-site and doctored with this base-64 code. This developer did some snooping and asking around, and found that the inserted code was definitely not WP standard, and was very likely malicious:
I think the potential for abuse of this script is huge. I see it as a covert channel to setup Word Press enabled sites as thin zombies. The code being sent back to the server and evalâ€™d could be a mailing script for spam or phishing.
So I decided to reverse-engineer the whole damn thing, stripping out all malicious code, and seeing how it turned out. It’s not bad – looks and acts the same, without all the scary eval calls and potential for hacks to my site.
Caveat emptor means more and more in the days of the internet.