I had a domain with your directory theme installed on a wordpress version around 4.2.
The site was idle there for a couple years. Meanwhile there were several user registrations subscribers along the months, but I was completely ignoring them until now.
These days I noticed strange files in the ftp folder from this theme, with a cron job made to send emails, and several emails to be sent under exim. It looks like these registered users were beeing used for some spam activity. I went today to the admin users list and there where almost 900 users there, none of them made by me. There might be an exploit somewhere !
Does anyone knows where the hackers are entering into the theme to be able to create files and run cron jobs and stuff ?
[DISPLAY] – Pricing Table [MISC] – Taxonomies [MISC] – Terms and Conditions Preserved Html Editor Markup Revolution Slider
The theme comes with an option for users to create accounts. So 900 people (or bots) registered at your page.
As for the file changes and cron job, guess your hosting account is compromised. Maybe get your hoster on board to make the account secure.
You’ve been hacked Luciana.
Maybe time to get decent hosting, as your existing hosts look pretty useless.
The host is very decent, it’s not shared and it’s managed. Based on what you say it’s useless?
I’m saying they are using this theme to hack into, so I wonder where is the exploitable code so I can fix it.
They used the register option yes, but this shouldn’t itself open a door to them saving files and use those emails to send spam. The theme might have a flaw where they are entering and getting able to save a cron file, otherwise they would not using this particular theme to create emails and create the files. There might have an exploitable form somewhere with this theme. They were creating files only in this theme’s folder and there are many other wp installs over there that were not touched.
Start your new website today!