ThemeShaper.com Probably Unhacked

Update: I’ve done a mass hardening (that sounds gross) on everything here at the ThemeShaper ranch and—and it looks like we’re cool now. Let’s hope things stay that way. Hey!—at least I learned something about WordPress security, right?

I’m not sure when but some time ago ThemeShaper.com was hacked. I’m fairly sure it wasn’t a random sort of script-based bot attack but targeted directly at this site. I know this because the idiot that did this uploaded a hacked version of Thematic to a downloads folder on my site and altered the links on the Thematic landing page to point to it. Crap.

You’ll know you have a hacked version if you’ve got an sv_ss.php file in thematic/library/languages/.

If you’ve recently downloaded Thematic or are worried at all there’s a simple fix. Download Thematic again from the WordPress.org Themes directory and thank God there’s a free central repository for these sort of things.

Again, crap. And my apologies. I like making ‘the WordPress news’ but not for something like this. But I would like to assure you this is not a hack resulting from anything wrong with Thematic. Just one of those things that tends to happen to popular WordPress-based sites. It could happen to anyone.

I just wish it didn’t happen to me. Or you guys.

Now, as for the hack. I don’t know how it happened. It’s been suggested to me that it came through a weak plugin. I usually keep everything up to date here on ThemeShaper so, well, I don’t know. We’ll see, I guess. I do know that last night I discovered my wp-admin and wp-includes directories were 2 megabytes larger than they should be. I deleted them and replaced them. Here’s hoping that put an end to this.

If it doesn’t, and my site disappears suddenly, well, crap, it didn’t work.

Hey, at least the front page isn’t ThemeShaper recommended hosting right? Right?

Sigh. And it’s my birthday today too. What a day.

38 thoughts on “ThemeShaper.com Probably Unhacked

  1. Ouch, that really sucks man. I guess this means that it happens to the best of us. Now I’m worried about WPTavern and having something happening to it.

  2. Pingback: ThemeShaper Hacked - WordPress Tavern Forum

  3. People with nothing better to do than break things should be… insert dirty words. I was hacked on one of my sites last summer. What a bummer that was.
    Sorry to hear it.

  4. Ouch, that hurts. Better safe: delete every file and get clean copies of WP and plugins from the repo. Might want to check every post/page in the DB too.

  5. sorry to hear it.

    it must have been after nov 24 or nov 27? b/c i downloaded from thematic on one or maybe both of those dates and the file you noted sv_ss.php is not in the library. is that the only file that would have been different?

    my download: thematic.0.9.5.1.zip was 205 kb and i show it dated Nov 24/09 7:43 pm
    and those files in /library/ are dated June 21/09 1:09PM

    so happy b-day and hope the holes get plugged

  6. It is unfortunate when things like this happen. However, it is good you caught it. Although for one way, it might look bad, but another… you caught it and posted about it. Things happen. You do not expect numbnuts to hack your hard work.

    • I’m not so concerned about looking bad … that’s … that’s just life. I’m more concerned about letting people down. Within 3 minutes of finding out my site was suddenly linking to a compromised version of Thematic this post was published. Pretty much as fast as I could type it. It’s worth looking like a fool to make sure I’m not making others look like fools.

  7. Pingback: WP Addict » News: Hacking Found in Thematic Framework

  8. Sorry to hear about the hack Ian. I’ve been the victim of the automated stuff, but never directly targeted. And on your birthday, no less. Not the best way to spend the day.

    If you go to my profile at delicious (vangogh99) and search wordpress security I have quite a few posts bookmarked. You’ve likely seen most, but maybe there’s one or two with a few things you haven’t seen.

    Sounds like you caught this sooner rather than later so at least that’s something good.

    I know it wasn’t the greatest day, by Happy Birthday anyway.

  9. Bummer to hear about your birthday ordeal. I remember when something similar happened to me. Fortunately I managed to find someone willing to help who knew quite a bit more about WordPress than me. The breach was traced to a caching plugin that was out of date by about a week.

    But hey, at least you caught it. Happy Birthday!

  10. Pingback: ThemeShaper Hacked - WordPress Tavern Forum

  11. DOH! I feel for you, thanks for all the WP magic you do, though. Sucks that one rotten apple can sour the whole barrel. Just wanted to give you some move positive feedback so you know the community loves you! that and say Happy Birthday!!! Hope this sorts out and you can enjoy some of it.

  12. Comments subscribers: I’ve updated this post with the following note.

    Update: I’ve done a mass hardening (that sounds gross) on everything here at the ThemeShaper ranch and—and it looks like we’re cool now. Let’s hope things stay that way. Hey!—at least I learned something about WordPress security, right?”

  13. Hi Ian,

    Really sorry you had this unfortunate thing happen on your birthday. How lame is that? But I’m sure the outpouring of appreciation is helping.

    In any event, Happy Birthday to you!

  14. Pingback:   ¡Cuidado si usas Thematic! | samuelaguilera.com

  15. Pingback: Stop Downloading WordPress Themes from Shady Sites | Theme Lab

  16. Pingback: wordpress dev » Blog Archive » Stop Downloading WordPress Themes from Shady Sites

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s