[jonken]

Hello there,

I have been using the Paeon theme for about 3 months now and it has been hacked once successfully and attempted another time last night. See the the scan file sent to me below.

It looks like the template and theme is not very secure and susceptible to attack. Have you experienced this before? What measures are in place to tighten up the security on the site?

———– SCAN REPORT ———–
TimeStamp: Wed Mar 12 01:04:04 2014
(/usr/sbin/cxs –cgi –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –mail team@propagate.com.au –options mMOLfSGchexdnwZDRu –qoptions Mv –quiet –sizemax 500000 –smtp –summary –sversionscan –timemax 30 –novirusscan /tmp/20140312-010401-Ux8X0RuDaYIADkqMAuAAAAAA-file-VX42NL)

# Known exploit = [Fingerprint Match] [PHP REQUEST Exploit [P0007]]:
‘/tmp/20140312-010401-Ux8X0RuDaYIADkqMAuAAAAAA-file-VX42NL’

[Juanfra Aldasoro]

Hello there,

Thanks for writing. We’ve taken security directives when coding the theme. I’m deeply sorry for this experience.

This is the first time we hear this sort of comment.

Who have sent you the scan? Can you explain me the way in which you have been hacked? The scan sounds more like a server related thing than to the theme.

Thanks,
Juan.

[jonken]

We run a series of security devices on the server that standard server doesn’t normally run, they are good at alerting us of malicious script being uploaded to a website. It appears the users where able to get into your site via certain URL’s.

We removed the files and no damage occurred this time although the last time it obviously caused an issue and is concerning that the site got attacked on 2 separate occasions successfully. The normal way this sort of thing occurs is hackers searching the net for files that exist… when they find them they will attempt a hack.

[Juanfra Aldasoro]

Hi,

Thanks for the follow up.

So, they look for vulnerabilities across the server files. Are you able to tell me through which file is that they have uploaded the malicious scripts?

Best,
Juan.