Theme Authenticity Checker (TAC)

Version Description

Release Info

Developer	builtBackwards
Plugin	Theme Authenticity Checker (TAC)
Version	1.1
Comparing to
See all releases

Version 1.1

Files changed (3) hide show

readme.txt +56 -0
screenshot-1.jpg +0 -0
tac.php +155 -0

readme.txt ADDED Viewed

	@@ -0,0 +1,56 @@


1	+ === TAC (Theme Authentication Checker) ===
2	+ Contributors: builtBackwards
3	+ Donate link: http://builtbackwards.com/donate
4	+ Tags: themes, security, javascript, admin
5	+ Requires at least: 2.3.0
6	+ Tested up to: 2.5.1
7	+ Stable tag: 1.1
8	+
9	+ Scan all of your theme files for potentially malicious or unwanted code.
10	+
11	+ == Description ==
12	+
13	+ TAC got its start when we repeatedly found obfuscated malicious code in free Wordpress themes available throughout the web. A quick way to scan a theme for undesirable code was needed, so we put together this plugin.
14	+
15	+ After Googling and exploring on our own we came upon the [article by Derek](http://5thirtyone.com/archives/870 "article by Derek") from 5thiryOne regarding this very subject. The deal is that many 3rd party websites are providing free Wordpress themes with encoded script slipped in - some even going as far as to claim that decoding the gibberish constitutes breaking copyright law. The encoded script may contain a variety of undesirable payloads, such as promoting third party sites or even hijack attempts.
16	+
17	+
18	+ What TAC Does
19	+
20	+ TAC stands for Theme Authentication Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If
21	+ such code is found, TAC displays the path to the theme file, the line
22	+ number, and a small snippet of the suspect code.
23	+
24	+ Then what do you do? Just because the code is there doesn't mean it's not supposed to be or even qualifies as a threat, but most theme authors don't include code outside of the Wordpress scope and have no reason to obfuscate the code they make freely available to the web. We recommend contacting the theme author with the code that the script finds, as well as where you downloaded the theme.
25	+
26	+ == Installation ==
27	+
28	+ After downloading and extracting the latest version of TAC:
29	+
30	+ 1. Upload `tac.php` to the `/wp-content/plugins/` directory
31	+ 2. Activate the plugin through the 'Plugins' menu in WordPress
32	+ 3. Go to Design -> TAC in the Wordpress Admin
33	+ 4. The results of the scan will be displayed for each theme with the filename and line number of any threats.
34	+
35	+ == Frequently Asked Questions ==
36	+
37	+ = What if I find something? =
38	+
39	+ Contact the theme's original author to double check if that section of code is supposed to be in the theme in the first place - chances are it shouldn't as there isn't a logical reason
40	+ have base64 encoding in a theme.
41	+
42	+ = What about future vulnerabilities? =
43	+
44	+ As we find them we will add them to TAC. If you find one, PLEASE let us know: [Contact builtBackwards](http://builtbackwards.com/contact/ "Contact builtBackwards")
45	+
46	+ == Screenshots ==
47	+
48	+ 1. TAC Report Page
49	+
50	+ = Closing Thoughts =
51	+
52	+ We hope this helps out. Please enjoy being secure!
53	+
54	+ Ciao!
55	+
56	+ The builtBackwards Team

screenshot-1.jpg ADDED Viewed

Binary file

tac.php ADDED Viewed

	@@ -0,0 +1,155 @@


1	+ <?php
2	+ /*
3	+ Plugin Name: TAC (Theme Authentication Checker)
4	+ Plugin URI: http://builtbackwards.com/projects/tac/
5	+ Description: TAC scans all of your theme files for potentially malicious or unwanted code.
6	+ Author: builtBackwards
7	+ Version: 1.1
8	+ Author URI: http://builtbackwards.com/
9	+ */
10	+
11	+ /* Copyright 2008 builtBackwards (William Langford and Sam Leavens) - (email : contact@builtbackwards.com)
12	+
13	+ This program is free software; you can redistribute it and/or modify
14	+ it under the terms of the GNU General Public License as published by
15	+ the Free Software Foundation; either version 2 of the License, or
16	+ (at your option) any later version.
17	+
18	+ This program is distributed in the hope that it will be useful,
19	+ but WITHOUT ANY WARRANTY; without even the implied warranty of
20	+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	+ GNU General Public License for more details.
22	+
23	+ You should have received a copy of the GNU General Public License
24	+ along with this program; if not, write to the Free Software
25	+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
26	+ */
27	+
28	+ // Check the theme
29	+ function check_theme($template_files) {
30	+ foreach ($template_files as $tfile)
31	+ {
32	+ $lines = file("../".$tfile, FILE_IGNORE_NEW_LINES);
33	+ $line_index = 0;
34	+ $is_first = true;
35	+ foreach($lines as $this_line)
36	+ {
37	+ if (stristr ($this_line, "base64"))
38	+ {
39	+ if ($is_first) {
40	+ $the_result .= "<strong>File:</strong> " . $tfile;
41	+ $is_first = false;
42	+ }
43	+ $the_result .= "<div class=\"tacbad\"><strong>Line " . ($line_index+1) . ":</strong> \"" . trim(htmlspecialchars(substr(stristr($this_line, "base64"), 0, 85))) . "...\"</div>";
44	+ }
45	+ $line_index++;
46	+ }
47	+ }
48	+ if (!isset($the_result)) {
49	+ $the_result = "<div class=\"tacgood\">Theme Ok!</div>";
50	+ }
51	+ return $the_result;
52	+ }
53	+
54	+ function tac_page() {
55	+ if ( function_exists('add_submenu_page') )
56	+ add_submenu_page('themes.php',__('TAC'), __('TAC'), '10', 'tac.php', 'tac');
57	+ }
58	+
59	+
60	+ function tac_init() {
61	+ add_action('admin_menu', 'tac_page');
62	+ }
63	+
64	+ add_action('init', 'tac_init');
65	+
66	+ function tac() {
67	+ ?>
68	+ <div class="wrap">
69	+ <h2>
70	+ <?php _e('TAC (Theme Authentication Checker)'); ?>
71	+ </h2>
72	+ <div class="pinfo">
73	+ TAC checks themes to make sure they don't have any malicious code. For more info please go to the plugin page: <a href="http://builtbackwards.com/projects/tac/">http://builtbackwards.com/projects/tac/</a>
74	+ </div>
75	+ <?php
76	+
77	+ $themes = get_themes();
78	+
79	+ $style = '';
80	+ $theme_names = array_keys($themes);
81	+ natcasesort($theme_names);
82	+ foreach ($theme_names as $theme_name) {
83	+ $template_files = $themes[$theme_name]['Template Files'];
84	+ $template = $themes[$theme_name]['Template'];
85	+ $title = $themes[$theme_name]['Title'];
86	+ $version = $themes[$theme_name]['Version'];
87	+ $author = $themes[$theme_name]['Author'];
88	+ $screenshot = $themes[$theme_name]['Screenshot'];
89	+ $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
90	+ ?>
91	+ <div id="tacthemes">
92	+ <?php if ( $screenshot ) : ?>
93	+ <img src="<?php echo get_option('siteurl') . '/' . $stylesheet_dir . '/' . $screenshot; ?>" alt="" />
94	+ <?php endif;
95	+ ?>
96	+ <h3>
97	+ <?php echo "$template $version by $author"; ?>
98	+ </h3>
99	+ <?php echo check_theme($template_files); ?>
100	+ </div>
101	+ <?php
102	+ }
103	+ echo '</div>';
104	+ }
105	+
106	+ // CSS to format the list of themes checked
107	+ function tac_css() {
108	+ echo '
109	+ <style type="text/css">
110	+ <!--
111	+ .tacbad {
112	+ border: 1px solid #000;
113	+ background: #FFC0CB;
114	+ width: 80%;
115	+ margin-left: 140px;
116	+ font-family: "Courier New", Courier, monospace;
117	+ margin-top: 8px;
118	+ padding: 10px;
119	+ }
120	+
121	+ .tacgood {
122	+ width: 90px;
123	+ background: #3fc33f;
124	+ font-size: 120%;
125	+ margin: 10px 10px 10px 140px;
126	+ padding: 10px;
127	+ }
128	+
129	+ .pinfo {
130	+ background: #DCDCDC;
131	+ margin: 5px;
132	+ padding: 5px;
133	+ }
134	+
135	+ #tacthemes {
136	+ width: 100%;
137	+ padding-bottom: 20px;
138	+ border-bottom: 1px solid #ccc;
139	+ margin: 10px;
140	+ }
141	+
142	+ #tacthemes img {
143	+ float: left;
144	+ width: 100px;
145	+ height: 75px;
146	+ border: 1px solid #000;
147	+ margin: 10px 20px 10px 10px;
148	+ }
149	+ -->
150	+ </style>
151	+ ';
152	+ }
153	+
154	+ add_action('admin_head', 'tac_css');
155	+ ?>

Theme Authenticity Checker (TAC) - Version 1.1

Version Description

Release Info

Version 1.1