Website Hacked
-
-
- thedeeper
- Newbie
- Posts: 16
- Thanks: 0
- Graphic Designer
-
We built many websites, most of them are wordpress.
We found out that one of our client's site was hacked, the only RocketTheme template that we use.
The file that was hacked was your infuse theme in WP, the file function.php was hacked and infested with codes. It brought down the site, given 500 error, and when we try to restored it, it became super slow, and unable to login to admin.
We found the virus and deleted the codes, now we have to "update" the theme and update WP for security. Unfortunately, there is no way for me to access Infuse template support forum to report this issue, and we have to PAY SUBSCRIPTION just to access that area. WHY do we have to PAY to get updated theme that we already paid - for the security reason...so your RT theme won't get hacked again?
In fact ALL of other themes we purchased elsewhere provide FREE UPDATES for the theme we purchase. That's called SUPPORT. Now I know we are NOT FORCED to update, but you are also making your customer vulnerable for More attacks, what a great way to have your customer remember you when their site is hacked or down?
Can you provide me free updated version of Infuse theme for WP, so that your theme don't get hacked again?
-
-
-
- Jakub Baran
- Elite Rocketeer
- Posts: 4329
- Thanks: 81
-
Hi,
I'm very sorry to hear about your issues. This is, most likely, not the case of functions.php but the third party script for cropping images called TimThumb. In November of 2011, people have discovered the vulnerability in this script and a lot of sites using it were hacked. We have released patched themes and plugins to fix this vulnerability, but your membership has expired half year before that. Because of that I'm assuming that the vulnerable script is still part of your site, and that's how the hackers were able to hack it and add their code to the functions.php file in order to make sure it gets executed asap.
I'm attaching a zip package to this post with the files that should be placed in your themes' root directory. The timthumb.php file should be replaced with the new one from phpThumb, with old file name to maintain compatibility. We once again would like to sincerely apologize for your trouble.
This attachment is hidden for guests. Please log in or register to see it.
Thanks,
Jakub - Remember to always post a link to the site you're having problem with.
-
-
-
- thedeeper
- Newbie
- Posts: 16
- Thanks: 0
- Graphic Designer
-
Great Jakub,
Hopefully it will help.
Meanwhile, we have to update WP version to 3.5.2 for security reasons. (currently WordPress 3.3.1. )
Will your Infuse Theme 1.0 be okay (don't break) once we update it to WP 3.5.2?
-
-
-
- Jakub Baran
- Elite Rocketeer
- Posts: 4329
- Thanks: 81
-
Hi,
They should work just fine, however please always make sure to backup your whole database and ALL of your WordPress files just in case if something breaks. This way you'll be able to revert everything without any issues.
Thanks,
Jakub - Remember to always post a link to the site you're having problem with.
-
-
-
- prim
- Preeminent Rocketeer
- Posts: 17290
- Thanks: 217
-
So you haven't updated your WP installation in 15-16 months and you missed 4 major WP security releases...
wordpress.org/news/category/releases/
You can't be a slacker, you must keep your software up-to-date in order to get bug-fixes and to stay relatively secure. - Please reply with a direct link to the issue & create a new thread for each new issue.
A template is only as good as the content that goes into it
- DanG
-
Time to create page: 0.070 seconds