• Background
    • Awards
    • Biography
    • Resume
  • Blog
    • Articles
    • Cookie Policy
    • Galleries
      • Photo Gallery
      • Video Gallery
    • Glossary
  • Contact
    • Contact
    • Social Networks
  • IT
    • Downloads
      • Windows
    • Equipment
    • Hardware
    • Software
    • Testimonial
    • Information Technology
  • Projects
    • Business Projects
    • HackBook Projects
    • Hackintosh Projects
    • Website Projects
    • More Projects
  • Service Rates
    • Business Rates
    • Residential Rates

dl-skin.php

Monday, January 19, 2015 Articles, Tips Comments Off on dl-skin.php

Hackers are still aware of the AFD (Arbitrary File Download) exploits with the dl-skin.php files and is actively targeting WordPress websites which consist of vulnerable themes having that file as shown below.

/wp-content/themes/awake/lib/scripts/dl-skin.php
/wp-content/themes/barracudafx/lib/scripts/dl-skin.php
/wp-content/themes/construct/lib/scripts/dl-skin.php
/wp-content/themes/dejavu/lib/scripts/dl-skin.php
/wp-content/themes/echelon/lib/scripts/dl-skin.php
/wp-content/themes/elegance/lib/scripts/dl-skin.php
/wp-content/themes/fusion/lib/scripts/dl-skin.php
/wp-content/themes/infocus2/lib/scripts/dl-skin.php
/wp-content/themes/infocus/lib/scripts/dl-skin.php
/wp-content/themes/Insignia/lib/scripts/dl-skin.php
/wp-content/themes/manbiz2/lib/scripts/dl-skin.php
/wp-content/themes/Melos_Pro/lib/scripts/dl-skin.php
/wp-content/themes/mesocolumn/lib/scripts/dl-skin.php
/wp-content/themes/Minamaze_Pro/lib/scripts/dl-skin.php
/wp-content/Medic-Theme/lib/scripts/dl-skin.php
/wp-content/themes/method/lib/scripts/dl-skin.php
/wp-content/themes/myriad/lib/scripts/dl-skin.php
/wp-content/themes/modular/lib/scripts/dl-skin.php
/wp-content/themes/persuasion/lib/scripts/dl-skin.php
/wp-content/themes/versatile/lib/scripts/dl-skin.php

Please be aware that this is not a full list as I do not want Hackers and Script Kiddies (who watch WordPress AFD dl-skin.php Exploit videos online) to have more data to work with in their intrusion from hacked servers as it is not always easy to recover a hacked WordPress site. So far, I have spotted one compromised server belonging to Hotel Kouris in Greece that was being used to send out attacks.

Updates
Log into WordPress frequently to keep your version current. If this is not possible because you have numerous sites or little free time, you can automatically apply WordPress updates by adjusting your configuration file. Keep in mind that plugins will not update unless it is hosted on WordPress.com or you have an additional plugin that does this for you.

Protection
To make sure that your site or client’s site stays safe, always remove themes that are no longer in use on the site (except for the current default WordPress to use in troubleshooting plugins and site issues) as you will most likely not be updating the themes on a regular basis especially if they have tons of customization or is no longer being supported and updated by the developer.

Avoiding Detection
Normally it would be hard to know which website has the exploitable themes but unfortunately, Google has made it very easy with their Search Results as exploiters can search using inurl: before the theme’s names. This is why it is also important to rename the themes in the WordPress folders to something similar to below and have the Robots.txt for WordPress block indexing of your themes.

/wp-content/theme/r3d/
/wp-content/theme/y3110w/
/wp-content/theme/b1u3/
/wp-content/theme/gr33n
/wp-content/theme/0ran9e/
/wp-content/theme/purp13/
/wp-content/theme/b1ack/
/wp-content/theme/cu5t0m/
/wp-content/theme/tw3ak3d/

This way, an actual person has to visit your site to peek at your website’s view source (which you can attempt to block) as their bots will be useless attacking default paths for the known themes. I would also go a step further and edit the style.css file in your theme because the css file contains information on the theme along with the the creator which makes it easier for the attacker to lookup and download (especially if it is free or have a free version) to see what files are included and their paths and the best way to use an exploit.

To make sure that you know which themes you have installed later on after they are renamed, leave a randomly named .txt file in the theme’s folder as a reference for yourself and those that are authorized to manage the site with you.

Also, if you have numerous sites, it will be a good idea to add a tracking estimation code to your 404.php pages so that you can see what themes or plugins are being looked at by exploiters so you can avoid using them in the future or until they are patched along with adding the offending IP address to your server’s firewall.

Getting Email Alerts
Free email accounts from Microsoft (Hotmail.com, Outlook.com, Live.com, etc) is not recommended as your server will eventually get banned for the uptick in mass emails to your Microsoft account. If this is your only option, please contact Microsoft in advance and let them know what you plan to do so your server’s IP address can be added on their whitelist. If you are blocked, you will have to fill out a form and wait for your server’s IP Address to be unblocked and that often takes up to three business days and if numerous clients share the same IP Address, they will become affected as well.

The following two tabs change content below.
  • Bio
  • Latest Posts
facebook-profile-picture
My Twitter profileMy Facebook profileMy LinkedIn profileMy Pinterest profileMy YouTube channel

Stephan Pringle

Chief Executive Officer at Sipylus
About The Author: Stephan Pringle is an Information Technology Specialist. He covers hardware and software and provides tips for you to troubleshoot and repair issues on your own. In his spare time, he writes articles about the State of New York on his Hackintosh and HackBook and that has helped him to become the top contributor of the New York City section of Yahoo! Answers.
facebook-profile-picture
My Twitter profileMy Facebook profileMy LinkedIn profileMy Pinterest profileMy YouTube channel

Latest posts by Stephan Pringle (see all)

  • The New Microsoft Edge is Old - Friday, January 15, 2021

Related posts:

  1. Vulnerable Themes
  2. WordPress Theme is Breaking SSL
  3. Robots.txt for WordPress
  4. Skin
  5. WordPress Theme Generator
  6. Login Limit Exceeded
  7. Hotel Kouris
  8. Recover a Hacked WordPress Site
  9. Remove Powered By
  10. Skeleton Directory
  11. Install a WordPress Plugin
  12. Microsoft Notepad
  13. New WordPress Site
  14. wp-inorms.php
  15. ErrorDocument 410
  16. Site Map for Web Logs
  17. WordPress
  18. Automatically Apply WordPress Updates
  19. Editing an .htaccess File
  20. Wayback Machine

Comments are closed.




Copyright © 1990-2020 Stephan Pringle. All rights reserved.

Stephan Pringle

IT Technical Support Specialist

  • Keyword Search

  • Translator

  • Topic Sponsor

I am always working to improve your experience on my website. Part of this involves using cookies to collect anonymous data for statistics and personalization. Learn more