Digital experiences for all disciplines
New Landing › How can we help? › Themeforest Theme Support › Dante › Major issue with malicious update!
New Landing › How can we help? › Themeforest Theme Support › Dante › Major issue with malicious update!
- This topic has 25 replies, 5 voices, and was last updated 9 years by Swift Ideas – Ed.
-
Posted in: Dante
-
August 19, 2014 at 3:17 pm #102367
Dear Swiftideas,
We have just found a major issue with the theme update service wp-updates.com. Just last thursday we found out that our server was being hacked through a file called social.png (refer to http://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/2#post-5888807). Social.png contains javascript and runs another javascript file on a (in this case) website called genericstts.com.
We have put more than 80 hours in trying to figure out what the extent of the hack was and decided today that we would reinstall wordpress on another server and rebuild the site completely. In the progress of installing the theme and plugins I was notified about an update of the Dante theme to version 2.64. I looked at your documentation but couldn’t find the change logs, but figured it was ok. I installed version 2.64 and afterwards ran Wordfence. Immediately WordFence gave notice of a malicious file being installed in wp-themes/dante/. This file was: social.png!
I then looked into it with a developer, and we found out that this the update of the theme was actually coming from wp-updates.com, and that this file came along with it.
Can you please contact me through phone or mail, because I seriously think that this is a major issue. social.png is very malicious, it at least alters the WP database and sends all admin and visitor data to some shady server on genericstts.com. My phonenumber is +31619448131.
August 19, 2014 at 3:38 pm #102385Hi
Thanks for informing us, I will get the developer to check this
– Kyle
August 19, 2014 at 4:59 pm #102412Hi Kyle,
Thanks for the quick reply. I am really curious if my assumption is right, because then a lot more users will be affected by this. Can you please let me know asap? We are waiting with reinstalling the theme until further notice. That implies that our website is down.
August 20, 2014 at 8:05 am #102534This reply has been marked as private.August 20, 2014 at 8:07 am #102535This reply has been marked as private.August 20, 2014 at 8:08 am #102537Hi
We released 2.65 last night, I’ve tested and there is no social.png file, so you are safe to use that version.
– Kyle
August 20, 2014 at 10:16 am #102562This reply has been marked as private.August 20, 2014 at 10:34 am #102566I have assigned this to the developer, he will check it when he comes online
– Kyle
August 20, 2014 at 11:30 am #102589Hi JGVerhoef,
I’m looking into this, but have confirmed with multiple update tests that this definitely isn’t an issue with the v2.65 update zip.
Thanks,
– Ed
August 20, 2014 at 11:44 am #102594This reply has been marked as private.August 20, 2014 at 11:45 am #102595Ok no problem
– Kyle
August 20, 2014 at 12:16 pm #102604Hi,
I am running 2.64 right now, does this mean my customers are exposed?
This has me very worried!Regards
August 20, 2014 at 12:26 pm #102611No problem @JGVerhoef
@studioenigma – we’re investigating, but as always and in this particular case we always recommend the latest update (v2.65 at this time).– Ed
August 20, 2014 at 12:30 pm #102615Thanks for the quick reply Ed,
updated right away, but from @JGVerhoef’s comments, it seems like this isn’t enough to fix the problem (if it turns out there is one!)
August 20, 2014 at 12:32 pm #102616This reply has been marked as private. -
Posted in: Dante
You must be logged in and have valid license to reply to this topic.