SQL attack on Cache folder « My Site My Way Support

Home / Support / Awake Wordpress

SQL attack on Cache folder

pending (5 posts) (4 voices)

al5976
Member

Using version 1.3 the cache folder is vunerable to SQL injection. My site has been attacked. I have had to take the website down. Can you provide a fix for this?

[26/Jan/2012:19:01:54 +0000] “GET /wp-content/themes/awake/lib/scripts/cache/ee4eb301273e6cf160cd348d31d455ff.php HTTP /1.1” 200 – ”-” “libwww-perl/6.03”

ran this file – which is a fairly malicious little remote shell – effectively giving an attacker full control over your site.

/wp-content/themes/awake/lib/scripts/cache/ee4eb301273e6cf160cd348d31d455ff.php

Posted 3 months ago #
Webtreats
Support

Hi al5976,

Looks like you're using an older version of Awake with an out of date version of TimThumb.

You can either update Awake to the latest version or update your TimThumb:

http://timthumb.googlecode.com/svn/trunk/timthumb.php

Posted 3 months ago #
al5976
Member

I changed the Tim Thumb file, but the site has been attacked again. I cannot upgrade to the new theme version as the style is used is rich-black, which isn't in the new version. The site has been attacked 3 times now. I really need help.

Posted 3 months ago #
Dogmut
Member

Was there not an issue with that in w3 total cache.

Posted 3 months ago #
Elliott
Support

Here is the legacy rich black skin for Awake, http://mysitemyway.com/skins/custom-skins/legacy-rich-black-01/.

I recommend updating Awake to the latest version but if you wish to stick with the outdated version try deleting your /wp-content/themes/awake/cache/ directory and recreate it.

Posted 3 months ago #

RSS feed for this topic

Reply

You must log in to post.

Construct wordpress theme

Myriad wordpress theme

Method wordpress theme

Fusion wordpress theme

Elegance wordpress theme

Echelon wordpress theme

Persuasion wordpress theme

Dejavu wordpress theme

Modular wordpress theme

Start Your Free Trial

Come and be a part of the fastest growing new Premium WordPress Theme Club around!

We stand behind the quality of our themes, and believe that you will be fully satisfied. If, for any reason you are not fully satisfied, we offer a 30 day, no-hassle, money-back guarantee.

Who's Using Mysitemyway?

7249 Active Users Can't Be Wrong...

68829 Support Forum Posts Served!

I've been working with WordPress for a while now and I wanted to say that MysiteMyway is by far the best support I have come across. I've purchased about 30 themes, Dejavu was the first from these guys and I couldn't be happier!

Layers

Your themes and support are the best in the entire Internet universe! Over the years I have bought many themes that never work as advertised. Your 30 day money back guarantee is a no brainer risk on your part: Who would ever want their money back? The designers, QA and support staffs are a throwback to the good old days when businesses cared about the quality of their products and their customers.

Frank Gennaro

I just wanted to say, that this theme is absolutely amazing. The documentation is superb and the customer service is above and beyond! I would have spent MORE for such expertise and service that you receive with this product.
Thanks so much and keep up the amazing work!!!

wildefranz

Just a quick thanks for producing such wonderful themes. I can’t tell you how much I appreciate the amount of time, skill and craftsmanship that wen’t into these. The detail is incredible, every corner I peak into I find something that surprises me. And the documentation, it’s extremely well written and very easy to follow.

Well done,

Great Support !!! & very powefull WP Theme… Super Flexible %100 recommended

JavierDesigns

PrevNext

Limited time only! The Ultimate WordPress Developer Bundle only $149