Home Forums Theme support Hot theme: Custom CSS Exploitable for ddos attack

Tagged: 

This topic contains 9 replies, has 2 voices, and was last updated by  7Theme Support 1 year, 5 months ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • This file is Exploitable for DDOS attack:

    /wp-content/themes/hot/7league/script/custom.js.php?

    It’s the only file that makes us trouble when we are attacked by DDOS. What solution can we apply?

    Thank you.

    Hi,

    what exactly is the problem with the file? This file does return only some Javascript code, it’s nothing that can cause problems…

    Hi,
    the attack is based on the query string for this file:

    GET /wp-content/themes/hot/7league/script/custom.js.php?v=57409
    GET /wp-content/themes/hot/7league/script/custom.js.php?v=27633
    GET /wp-content/themes/hot/7league/script/custom.js.php?v=71935
    GET /wp-content/themes/hot/7league/script/custom.js.php?v=42775
    GET /wp-content/themes/hot/7league/script/custom.js.php?v=61266

    Ok, but the query string does not change anything, you can do this with any other file, it’s just an accident that the attacker has chosen this file

    Ok, thank you.

    You’re welcome!

    I protected the site with a Firewall from Sucuri, and that company sent me this message regarding this file and another one:

    “Any .php file deep inside wp-content will have it’s directly access blocked by the Firewall, since most of the cases those files accessed directly are backdoors. Well coded plugins/themes do not load php files directly, they usually use AJAX instead:
    https://codex.wordpress.org/AJAX_in_Plugins

    The file is needed to add the changes in the theme options to the website. All premium themes where you can change colors and backgrounds need to use this method, another way is to add the content of the file in the header, but this is not good for SEO, that’s why we never used it in our themes…

    Thank you.

    I found another solution. I copied the content generated by this file into a new static CSS file and I replaced in the callcripts.php the path to the new CSS file. Of course, I can not make customizations from the admin menu, I will make them from that static file separately. However, the CPU load on the server is reduced, because the new file is static and does not involve php.

    Hi,

    yes, that’s a way to “remove” the file. I’m glad you found a solution.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.