http://www.kriesi.at/support/tags/hacked Support Forum - Tag: hacked - Recent Posts en-US Sun, 19 May 2013 06:26:42 +0000 http://bbpress.org/?v=1.0.2 q http://www.kriesi.at/support/search.php http://www.kriesi.at/support/topic/avisio-version-121-theme-hacked-defaced#post-89569 Wed, 02 Jan 2013 15:57:10 +0000 Devin 89569@http://www.kriesi.at/support/ <p>Hi GT2000,</p> <p>I would suggest contacting your hosting provider and ask them to scan your account for vulnerabilities. As far as I know there has been no reported exploit with Avisio or any part of its files. Since Kriesi runs it on his MU install in the demo, I would expect his installation to be hit with something major very quickly if it was discovered.</p> <p>Regards,</p> <p>Devin </p> http://www.kriesi.at/support/topic/avisio-version-121-theme-hacked-defaced#post-89533 Wed, 02 Jan 2013 10:19:32 +0000 GT2000 89533@http://www.kriesi.at/support/ <p>Hi<br /> My site with WP3.5 and Avisio 1.2.1 has been defaced (by indonesian hackers both times) twice within a week. It seems like the hacking has been done through the Avisio theme and not at the core WP. Can you please advise me what to do to prevent it to occur again. Is there an update to the theme?</p> <p>Kind regards </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89271 Fri, 21 Dec 2012 19:21:11 +0000 Devin 89271@http://www.kriesi.at/support/ <p>Hi colorit2,</p> <p>The dst_store is a file created by apple. Since Kriesi compiles and works on a Mac it gets added in. See: <a href="http://en.wikipedia.org/wiki/.DS_Store" rel="nofollow">http://en.wikipedia.org/wiki/.DS_Store</a></p> <p>There was a security fix in the most recent version of corona (1.4) so you should definitely download it and update. You can do so by re-downloading the theme from themeforest and then installing the theme in the same way you first installed it.</p> <p>Regards,</p> <p>Devin </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89242 Fri, 21 Dec 2012 13:35:35 +0000 colorit2 89242@http://www.kriesi.at/support/ <p>Here is a PDF (600 kB) made with Fireshot of this theme check:</p> <p><a href="https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf" rel="nofollow">https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf</a> </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89240 Fri, 21 Dec 2012 13:29:31 +0000 colorit2 89240@http://www.kriesi.at/support/ <p>Hi,</p> <p>due to some security issues at my WP installation I have made beside other things a theme check with this plugin: <a href="http://wordpress.org/extend/plugins/theme-check/" rel="nofollow">http://wordpress.org/extend/plugins/theme-check/</a></p> <p>And there are obviously a lot of issues with CORONA; I'm mostly concerned about the red "warnings" like</p> <p><code> ... base64_encode ... </code></p> <p>in avia-export-class.php for example, fopen, fclose, and why is there a <strong>hidden file/folder ".ds_store"</strong>??<br /> It is in the original CORONA files, freshly downloaded at Themeforest.</p> <p>What is there to do with all these issues concerning the security?<br /> (my WP has been hacked by the "pharma hack" --&gt; <a href="http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php" rel="nofollow">http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php</a></p> <p>And this although I have installed Antivirus, Limit Login Attempts-plugin, several WP security plugins, using strong passwords, having no "admin" user, protecting wp-admin and wp-config.php with .htaccess and having the wp-config.php moved above the WP installation folder etc.</p> <p>So I'm currently checking all security vulnerabilities in my network - and therefor I'm worried about the "theme check" of CORONA.</p> <p>Any suggestions for this?<br /> Thanks a lot! </p> http://www.kriesi.at/support/topic/footer-hacked#post-2560 Wed, 11 Aug 2010 14:14:26 +0000 James Morrison 2560@http://www.kriesi.at/support/ <p>If you figure out which plugin is adding the links and you want to continue using the plugin, edit the plugin file and remove the links.</p> <p>Some authors offer a "premium" version without links in the footer so it may be worth contacting them first to see if they have any guidelines on this. </p> http://www.kriesi.at/support/topic/footer-hacked#post-2502 Tue, 10 Aug 2010 16:27:36 +0000 sparklyscotty 2502@http://www.kriesi.at/support/ <p>Thanks so much! I should have thought of that. Doh! Will start deactivating and reactivating and see if I can find it.</p> <p>Angela </p> http://www.kriesi.at/support/topic/footer-hacked#post-2498 Tue, 10 Aug 2010 15:40:26 +0000 Dude 2498@http://www.kriesi.at/support/ <p>I think the links are produced by the wp_footer() function. Have a look at this thread: <a href="http://codex.wordpress.org/Plugin_API/Action_Reference/wp_footer" rel="nofollow">http://codex.wordpress.org/Plugin_API/Action_Reference/wp_footer</a></p> <p>Something in your WP setup calls the wp_footer() and produces this code. I'm pretty sure it's a hacked plugin because a javascript file(wp-includes/js/jquery/jquery.form.js?ver=2.02m) from another plugin is called before this spam code.</p> <p>If it's located in the footer (hardcoded) you need to check your footer.php - but I don't think so because the spam links would disappear if you change the theme.</p> <p>The Dude </p> http://www.kriesi.at/support/topic/footer-hacked#post-2495 Tue, 10 Aug 2010 15:17:20 +0000 sparklyscotty 2495@http://www.kriesi.at/support/ <p>Hi folks, Someone seems to have hack my site, <a href="http://www.weddingfashionfiles.com" rel="nofollow">http://www.weddingfashionfiles.com</a> (See those lovely arabic links on the right hand side??) When I swap themes they appear below the footer area, so I think the guilty code must be in the footer? If anyone has any suggestions, I would really appreciate it. My Search and Destroy mission to find the code in my theme files has failed. :(</p> <p>Angela </p>