Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #18936

    Hi,

    due to some security issues at my WP installation I have made beside other things a theme check with this plugin: http://wordpress.org/extend/plugins/theme-check/

    And there are obviously a lot of issues with CORONA; I’m mostly concerned about the red “warnings” like

    ... base64_encode ...

    in avia-export-class.php for example, fopen, fclose, and why is there a hidden file/folder “.ds_store”??

    It is in the original CORONA files, freshly downloaded at Themeforest.

    What is there to do with all these issues concerning the security?

    (my WP has been hacked by the “pharma hack” –> http://www.pearsonified.com/2010/04/wordpress-pharma-hack.php

    And this although I have installed Antivirus, Limit Login Attempts-plugin, several WP security plugins, using strong passwords, having no “admin” user, protecting wp-admin and wp-config.php with .htaccess and having the wp-config.php moved above the WP installation folder etc.

    So I’m currently checking all security vulnerabilities in my network – and therefor I’m worried about the “theme check” of CORONA.

    Any suggestions for this?

    Thanks a lot!

    #101444

    Here is a PDF (600 kB) made with Fireshot of this theme check:

    https://www.dropbox.com/s/n0ug942le2z5kmk/ThemeCheck-Corona-Original.pdf

    #101445

    Hi colorit2,

    The dst_store is a file created by apple. Since Kriesi compiles and works on a Mac it gets added in. See: http://en.wikipedia.org/wiki/.DS_Store

    There was a security fix in the most recent version of corona (1.4) so you should definitely download it and update. You can do so by re-downloading the theme from themeforest and then installing the theme in the same way you first installed it.

    Regards,

    Devin

Viewing 3 posts - 1 through 3 (of 3 total)

The topic ‘Serious issues in original CORONA theme files – hacked WP installation’ is closed to new replies.