http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation Support Forum - Topic: Serious issues in original CORONA theme files - hacked WP installation en-US Sun, 19 May 2013 03:20:53 +0000 http://bbpress.org/?v=1.0.2 q http://www.kriesi.at/support/search.php http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89271 Fri, 21 Dec 2012 19:21:11 +0000 Devin 89271@http://www.kriesi.at/support/ <p>Hi colorit2,</p> <p>The dst_store is a file created by apple. Since Kriesi compiles and works on a Mac it gets added in. See: <a href="http://en.wikipedia.org/wiki/.DS_Store" rel="nofollow">http://en.wikipedia.org/wiki/.DS_Store</a></p> <p>There was a security fix in the most recent version of corona (1.4) so you should definitely download it and update. You can do so by re-downloading the theme from themeforest and then installing the theme in the same way you first installed it.</p> <p>Regards,</p> <p>Devin </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89242 Fri, 21 Dec 2012 13:35:35 +0000 colorit2 89242@http://www.kriesi.at/support/ <p>Here is a PDF (600 kB) made with Fireshot of this theme check:</p> <p><a href="https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf" rel="nofollow">https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf</a> </p> http://www.kriesi.at/support/topic/serious-issues-in-original-corona-theme-files-hacked-wp-installation#post-89240 Fri, 21 Dec 2012 13:29:31 +0000 colorit2 89240@http://www.kriesi.at/support/ <p>Hi,</p> <p>due to some security issues at my WP installation I have made beside other things a theme check with this plugin: <a href="http://wordpress.org/extend/plugins/theme-check/" rel="nofollow">http://wordpress.org/extend/plugins/theme-check/</a></p> <p>And there are obviously a lot of issues with CORONA; I'm mostly concerned about the red "warnings" like</p> <p><code> ... base64_encode ... </code></p> <p>in avia-export-class.php for example, fopen, fclose, and why is there a <strong>hidden file/folder ".ds_store"</strong>??<br /> It is in the original CORONA files, freshly downloaded at Themeforest.</p> <p>What is there to do with all these issues concerning the security?<br /> (my WP has been hacked by the "pharma hack" --&gt; <a href="http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php" rel="nofollow">http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php</a></p> <p>And this although I have installed Antivirus, Limit Login Attempts-plugin, several WP security plugins, using strong passwords, having no "admin" user, protecting wp-admin and wp-config.php with .htaccess and having the wp-config.php moved above the WP installation folder etc.</p> <p>So I'm currently checking all security vulnerabilities in my network - and therefor I'm worried about the "theme check" of CORONA.</p> <p>Any suggestions for this?<br /> Thanks a lot! </p>