High quality themes with rich features for free!

[horst]

<now you are already half way social engineered>Hah!</now you are already half way social engineered>
 

CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale.
 
By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.

 
read more ... (blog.fox-it.com)
 
OMG! When it comes to the combination of these two human characteristics the world is uncertain: greed and stupidity.

[Joss]

I got caught out like this several years ago on a Joomla plugin - actually, I didn't even know it was a ripped off plugin, it seemed to come from an ordinary legit site, so I got caught without even doing anything obviously silly.

I can't remember what it installed now, but it ended up mashing up just about everything. Thankfully (sort of) it was on one of my own sites and not something important, so I was able to chuck the whole lot away and only kick myself.

This is one of the things that put me off systems that rely on lots of functionality from a lot of different sources - it is difficult to keep track of everything. With ProcessWire, I haven't had that worry. It is one of the reasons I am not keen to see lots of front-end display modules appearing and making the PW network too wide with functionality being downloaded from hundreds of different, un-policed locations.

Probably me being paranoid.

[horst]

This CryptoPHP is really bad stuff.

Especially on W*rdpr*ss it installes an additional AdminAccount too. This way the attackers may have server control after the desinfection of the malware code itself.

CryptoPHP is PHP-code within a file that should be a PNG-image. There is a python detection script on GitHub available: https://github.com/fox-it/cryptophp/tree/master/scripts

[MatthewSchenker]

Greetings,

This is one of my primary reasons for getting away from Joomla and discovering and falling in love with ProcessWire.

I wish this problem were more known. I work with a number of Drupal/WordPress/Joomla people, and I am amazed at how many just assume that what you install in these systems is safe. I'm talking about developers, by the way, not "regular" users!

It's not only malicious plugins -- innocent ones can be an issue too. They all open security holes. A well-intentioned developer can compromise your application (I witnessed it first hand).

I think another part of the problem that we don't hear about is hosting dishonesty. A lot of hosts specifically market to the Joomla audience (for example), and they spread a bit of false security. I've had conversations with two developers in recent weeks who host at a particular cloud service, and they both believed that the host protected their sites from malicious plugins. (I actually went so far as to write to this host and ask them to guarantee this, at which point, of course, they admitted it was not true).

On a related note: happy two-year mark Joss! I'll try to round up the old Seblod and Molajo team for a celebration. Amy Stephen might come too.

Matthew