New Landing How can we help? Themeforest Theme Support Dante Major issue with malicious update!

Viewing 11 posts - 16 through 26 (of 26 total)
1 2
  • Back to forum
    Posted in: Dante
  • August 20, 2014 at 12:50 pm #102632
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    August 20, 2014 at 1:09 pm #102642
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    Ok great

    August 22, 2014 at 8:47 am #103302
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    August 22, 2014 at 8:50 am #103304
    Melanie – SUPPORT
    Member
    Post count: 11032

    Hi, I thought you said it was fine now? 🙂

    August 22, 2014 at 8:55 am #103309
    JGVerhoef
    Member
    Post count: 21

    Hi Melanie,

    2.65 is fine yes, but it worries me that I was pushed the malicious update 2.64 through wp-updates.com on my WordPress install and that update 2.64 doesn’t show in the changelogs you keep in the documentation.

    Please beware that wp-updates also pushes me valid updates, such as the latest 2.65. It’s just the update service within WP. I need to know though if I can trust those updates. I assume that you guys wouldn’t push malicious code, but then it must have come through an infection on wp-updates.com. Either way it has cost us in total 10 days to fix everything, so I just need to be sure that I won’t be exposed to a malicious update again.

    Jeroen

    August 22, 2014 at 9:41 am #103325
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    Hi

    Not sure what research Ed has done but the only thing I could find was a forum that explained the issue as being the social.png file is a php script which finds all records in servers database table and sends them to a specific host, so they can access your server. There has be no mention of it being anything to do with wp-updates.com

    – Kyle

    August 22, 2014 at 10:05 am #103333
    JGVerhoef
    Member
    Post count: 21

    Hy Kyle,

    I understand, please refer to my first post.

    We were offered the 2.64 update of Dante through the WP update function. It doesn´t matter to me where the update comes from, but I saw it came from wp/updates.com.

    Dante 2.64 contained malicious code: social.png. You guys are the developers of the Dante theme, my question was, and still is,
    1) have you found out what caused this malware to be part of 2.64, and
    2) can you garuantee that it won’t happen again?

    I do not want to scapegoat, but I want to know if I can trust Dante and the updates that are provided.

    August 22, 2014 at 2:11 pm #103372
    Swift Ideas – Ed
    Keymaster
    Post count: 15264
    This reply has been marked as private.
    August 22, 2014 at 2:28 pm #103377
    JGVerhoef
    Member
    Post count: 21
    This reply has been marked as private.
    August 22, 2014 at 3:19 pm #103397
    Kyle – SUPPORT
    Moderator
    Post count: 35880

    No problem

    – Kyle

    August 22, 2014 at 10:54 pm #103466
    Swift Ideas – Ed
    Keymaster
    Post count: 15264

    Hi Jeroen,

    No we weren’t, but thanks anyway! 🙂

    – Ed

  • Back to forum
    Posted in: Dante
Viewing 11 posts - 16 through 26 (of 26 total)
1 2

You must be logged in and have valid license to reply to this topic.

License required for one of the following items
Login and Registration Log in · Register