Using unofficial themes, plugins, templates or extensions can be asking for trouble. The sharing and collaboration encouraged by popular open source software platforms like Joomla, Drupal and WordPress makes it easy to move from sharing into carelessness.
Be careful
If the piece of software you found for your website or blog isn’t coming from the official Joomla Extension Directory or the official directories for WordPress Plugins or WordPress Themes, you could be opening your website, and possibly the entire server it resides on, to an attack.
The risks
According to Beta News, the security researchers at Fox-IT say that website admins who use these shady downloads may be installing the CryptoPHP backdoor on their server. While many hosting companies have security measures to combat and isolate this kind of malicious code, avoiding it is the best way to maintain the integrity of your website.
One thing to look for if you suspect your website might have been affected with this infection is an admin account that seems out of place. WordPress infestations have been known to have this happen, presumably so that hackers still have access even after the infected files have been removed.
How to avoid shady downloads?
Be careful. You usually get what you pay for –– and headaches usually come free of charge.
—-
photo credit: Creative Commons 2.0 license by O Palsson
