New Landing How can we help? Themeforest Theme Support Dante Major issue with malicious update!

Viewing 15 posts - 1 through 15 (of 26 total)
  • Posted in: Dante
  • #102367
    JGVerhoef
    Member
    Post count: 21

    Dear Swiftideas,

    We have just found a major issue with the theme update service wp-updates.com. Just last thursday we found out that our server was being hacked through a file called social.png (refer to http://wordpress.org/support/topic/problem-with-httpgenericsttscominitminjs-1/page/2#post-5888807). Social.png contains javascript and runs another javascript file on a (in this case) website called genericstts.com.

    We have put more than 80 hours in trying to figure out what the extent of the hack was and decided today that we would reinstall wordpress on another server and rebuild the site completely. In the progress of installing the theme and plugins I was notified about an update of the Dante theme to version 2.64. I looked at your documentation but couldn’t find the change logs, but figured it was ok. I installed version 2.64 and afterwards ran Wordfence. Immediately WordFence gave notice of a malicious file being installed in wp-themes/dante/. This file was: social.png!

    I then looked into it with a developer, and we found out that this the update of the theme was actually coming from wp-updates.com, and that this file came along with it.

    Can you please contact me through phone or mail, because I seriously think that this is a major issue. social.png is very malicious, it at least alters the WP database and sends all admin and visitor data to some shady server on genericstts.com. My phonenumber is +31619448131.

    #102385
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    Hi

    Thanks for informing us, I will get the developer to check this

    – Kyle

    #102412
    JGVerhoef
    Member
    Post count: 21

    Hi Kyle,

    Thanks for the quick reply. I am really curious if my assumption is right, because then a lot more users will be affected by this. Can you please let me know asap? We are waiting with reinstalling the theme until further notice. That implies that our website is down.

    #102534
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    #102535
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    #102537
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    Hi

    We released 2.65 last night, I’ve tested and there is no social.png file, so you are safe to use that version.

    – Kyle

    #102562
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    #102566
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    I have assigned this to the developer, he will check it when he comes online

    – Kyle

    #102589
    Swift Ideas – Ed
    Keymaster
    Post count: 15264

    Hi JGVerhoef,

    I’m looking into this, but have confirmed with multiple update tests that this definitely isn’t an issue with the v2.65 update zip.

    Thanks,

    – Ed

    #102594
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    #102595
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    Ok no problem

    – Kyle

    #102604
    studioenigma
    Member
    Post count: 56

    Hi,

    I am running 2.64 right now, does this mean my customers are exposed?
    This has me very worried!

    Regards

    #102611
    Swift Ideas – Ed
    Keymaster
    Post count: 15264

    No problem @JGVerhoef


    @studioenigma
    – we’re investigating, but as always and in this particular case we always recommend the latest update (v2.65 at this time).

    – Ed

    #102615
    studioenigma
    Member
    Post count: 56

    Thanks for the quick reply Ed,

    updated right away, but from @JGVerhoef’s comments, it seems like this isn’t enough to fix the problem (if it turns out there is one!)

    #102616
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
Viewing 15 posts - 1 through 15 (of 26 total)

You must be logged in and have valid license to reply to this topic.

License required for one of the following items
Login and Registration Log in · Register