Slider Revolution Premium Plugin – Hacking Issues

[ktdoyle]

Hi,

I received an email from BlueHost about the Slider Revolution Premium Plugin hacking issues and have been advised to upgrade to version 4.6.5 by 28 Dec 2014 or else my site will be blacklisted.

Even though I believe the issue/s affect/s versions prior to 4.2 (I have version 4.3.1), I have been advised by BlueHost to upgrade or ask you for a patch.

As the Slider came with my Neighbourhood theme and I’m not a coder/developer, I’m not sure what I have to do.

Can you please help me.

Warm wishes, KT
______________

Full email from BlueHost:

Slider Revolution Premium Plugin has released a new verison 4.6.5 for their plugin. A recent hack has been found in older versions of this plugin that allows an attacker to download any file from your hosting account, such as the configuration file containing the database passwords. Once the attacker has this information the attacker can comprise your website via the database.

This vulnerability is being exploited currently which is causing numerous domains to become blacklisted by Google. For additional details please refer to this link http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html

Your account was found to have the Slider Revolution Premium Plugin. Due to the vulnerability this creates to your website and our servers we strongly recommend that you upgrade this plugin to the most recent version 4.6.5. We also strongly recommend that you update all of your plugins and themes as the Slider Revolution Plugin is included in a number of other themes and plugins. It is strongly recommend you update your WordPress installation(s) to the most current version at this time as well.

** If the Slider Revolution Premium Plugin is not updated by 28 December 2014 we will be forced to disable the plugin in order to protect our servers from being blacklisted. **

The easiest way to resolve this is to log into your WordPress admin control panel and click on Plugins (located on the left panel). Scroll down and find Slider Revolution Plugin in the list, the version number will be listed in the description. If a WordPress plugin update is available, it will be shown on the Dashboard Panel, an alert on the Plugin’s menu title, and on the Plugin List. You can also refer to our Knowledge Base article https://my.bluehost.com/hosting/help/emergency-wordpress-plugin-update-slider-revolution for directions on updating the plugin.

For more information please visit: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html

[Kyle – SUPPORT]

Hi

You can get the latest version from here: http://www.swiftideas.com/forums/topic/revolution-slider-latest-version-2/page/2/#post-135386

– Kyle

[ktdoyle]

Hi Kyle,

Will this version work with the Neighbourhood theme?

How do I install it?

Many thanks 🙂
KT

[Kyle – SUPPORT]

Yes sure 🙂

You need to use FTP to upload the new version

– Kyle

[ktdoyle]

Hi Kyle,

Sorry to ask for more detail…

So, in WordPress, I’ve gone to Revolution Slider, scrolled the bottom and clicked on Manual Plugin Update, clicked on Chosen File (rev_slider.zip) and clicked on Update Plugin.

Is that right? It’s taking a long time…

Warm wishes,
KT

[Kyle – SUPPORT]

I’ve never actually tried it that way.

The best method is to use an FTP program such as filezilla, then log into your host using the FTP details provided by them. Navigate to your wp-content/plugins folder and upload the new files.

If this is too tricky for you then you can delete the plugin from you WP admin and upload the new version

– Kyle

[ktdoyle]

Hi Kyle,

My method didn’t work. I got this message:
“Update Error: Wrong update extracted folder. The file: /home7/jeanbagc/public_html/wp-content/plugins/revslider/temp/update_extract/revslider/revslider.php not found.
Please update the plugin manually via the ftp”

I’ve followed your instructions. I think I’ve overwritten the wp-content/plugins/revslider by uploading the rev_slider.zip to the plugins folder. But, how do I see that I have 4.6.5 uploaded in the WordPress backend?

Cheers,
KT

[Kyle – SUPPORT]

There’s a version number on the rev slider main page in the bottom corner, also in your plugins list

– Kyle

[ktdoyle]

It still says I’m running Version 4.3.1. I even logged out of WP and logged back in to check if it needed a refresh in order to show the updated plugin…

I’ve attached a screen grab of the backend of my BlueHost account to show that I clicked on public_html/wp-content/plugins and then ‘upload’ to upload the rev_slider.zip.

What do you think I’m doing wrong/missing?

Cheers,
KT

Attachments:

You must be logged in to view attached files.

[Kyle – SUPPORT]

You need to extract the .zip file

– Kyle

[ktdoyle]

I clicked on the .zip file I uploaded and then clicked on Extract and it created the folder _MACOSX with the rev slider inside it. Now it looks like I’ve got two rev slider folders?

Screens attached.

Attachments:

You must be logged in to view attached files.

[Kyle – SUPPORT]

That’s odd, delete the old revslider folder, and then ‘move’ the new one outside of the _MACOSX folder.

– Kyle

[ktdoyle]

Delete this one? Even though it looks like it’s been updated today? I checked the date on the files and they’re older than the 4.6.5 version I downloaded today. (screen attached)

Attachments:

You must be logged in to view attached files.

[ktdoyle]

…. most of the folders in _MACOSX seem to be empty… I don’t want to use this to replace the other one… (screen attached)

Attachments:

You must be logged in to view attached files.

[Kyle – SUPPORT]

_MACOSX is an empty file which is uploaded when you upload from a Mac, you can just delete it

– Kyle