We have a site that is using the CESIS Theme. While doing a security scan on it using Acunetix, our mySQL DB log files filled up because the scan repeatedly attempts to run the statement below against the site. Looking over the command more closely, it appears like it’s trying to set permissions for the following rolls
Administrator
Editor
Author
Contributor
Subscriber
Can anyone tell us if there is anything within the Cesis them that handles user accounts and roles management? If there is, would you be able to tell us where those files/code line are so we can look at them further? So far we have not been able to reproduce this issue with an out of the box wordpress setup and am trying to narrow down what could be causing this.
As a side note, while investigating the problem, we did come across an interesting comment section within the redux font extension code. We’d like to make sure that the theme that we’re paying for is using properly licensed code where applicable. Please see screenshot attached. How can you confirm that you are properly licensing someone else private code?
Query Below
-- Connection Id: 38593364
-- User: **Redacted****
-- Host: **Redacted****
-- DB: ***Redacted***
-- Command: Query
-- Time: 0
-- State: updating
UPDATE `wp_options` SET `option_value` = 'a:5:{s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:69:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;s:11:"update_core";b:1;s:10:"list_users";b:1;s:12:"remove_users";b:1;s:13:"promote_users";b:1;s:18:"edit_theme_options";b:1;s:13:"delete_themes";b:1;s:6:"export";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:42:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:18:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:13:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:9:{s:4:"read";b:1;s:7:"level_0";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;}}}' WHERE `option_name` = 'wp_user_roles'
First regarding the custom fonts extension, we are paying for it, in fact we work with the team that's why we have access to it, currently it is not longer sold in their website and the custom fonts features will be included in redux 4.0 which will be soon released.
Regarding the account and role management it is related to the Redux framework or anything else would be if you are using bbpress or buddypress.
Do not hesitate to contact us if you have more questions.
The primary issue is that when we perform a security scan on the site, it fills up our database replication logs and has the potential to take down the site as well as any others using the same DB environment. The query we see is in the first post. The scan continually tries to run that query. To us, it looks like the scan found something within the theme and tries to update the roles within Wordpress. Whenever it does that, the site looks like it's attempting to reinitialize the wordpress setup process. There are several hundred wordpress sites we provide hosting services for. Thus far, the thesis theme appears to be the only common denominator when this occurs.
Thank you. Can you confirm this is the correct file/lines of code to comment out? After we make the requested changes and restart apache, the site doesn't load and throws 500 errors. The apache error is at the very bottom of this response
Can you please tell me how you are doing the security scan, we thought it was from the server directly so we wanted you to test without the theme loading the redux framework which is probably the reason of the problem.
We're using acunetix which is a third party scanning tool. It scans the site remotely as it's running live detecting any vulnerabilities much like an external attacker would potentially scan any site we host to figure out what they can exploit.
I'll be more than happy to test a scan without the redux framework if you can send me the full steps on how to do so. But the lines of code you asked to comment out took the site completely offline. Would it be possible to have a webex meeting to troubleshoot live?
Just to provide an update. We took a copy of the production site and copied it to a test environment. When we scan as is, the same issue is prevalent. When we remove the CESIS theme and rescan, we don't have any problems with the scan filling up the log files.
It's been over a week since we received an update. Can you please let us know how to properly turn off the redux components so that we can determine if that is the cause?
We have a site that is using the CESIS Theme. While doing a security scan on it using Acunetix, our mySQL DB log files filled up because the scan repeatedly attempts to run the statement below against the site. Looking over the command more closely, it appears like it’s trying to set permissions for the following rolls
Administrator
Editor
Author
Contributor
Subscriber
Can anyone tell us if there is anything within the Cesis them that handles user accounts and roles management? If there is, would you be able to tell us where those files/code line are so we can look at them further? So far we have not been able to reproduce this issue with an out of the box wordpress setup and am trying to narrow down what could be causing this.
As a side note, while investigating the problem, we did come across an interesting comment section within the redux font extension code. We’d like to make sure that the theme that we’re paying for is using properly licensed code where applicable. Please see screenshot attached. How can you confirm that you are properly licensing someone else private code?
Query Below
-- Connection Id: 38593364
-- User: **Redacted****
-- Host: **Redacted****
-- DB: ***Redacted***
-- Command: Query
-- Time: 0
-- State: updating
UPDATE `wp_options` SET `option_value` = 'a:5:{s:13:"administrator";a:2:{s:4:"name";s:13:"Administrator";s:12:"capabilities";a:69:{s:13:"switch_themes";b:1;s:11:"edit_themes";b:1;s:16:"activate_plugins";b:1;s:12:"edit_plugins";b:1;s:10:"edit_users";b:1;s:10:"edit_files";b:1;s:14:"manage_options";b:1;s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:6:"import";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:8:"level_10";b:1;s:7:"level_9";b:1;s:7:"level_8";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:12:"delete_users";b:1;s:12:"create_users";b:1;s:17:"unfiltered_upload";b:1;s:14:"edit_dashboard";b:1;s:14:"update_plugins";b:1;s:14:"delete_plugins";b:1;s:15:"install_plugins";b:1;s:13:"update_themes";b:1;s:14:"install_themes";b:1;s:11:"update_core";b:1;s:10:"list_users";b:1;s:12:"remove_users";b:1;s:13:"promote_users";b:1;s:18:"edit_theme_options";b:1;s:13:"delete_themes";b:1;s:6:"export";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:6:"editor";a:2:{s:4:"name";s:6:"Editor";s:12:"capabilities";a:42:{s:17:"moderate_comments";b:1;s:17:"manage_categories";b:1;s:12:"manage_links";b:1;s:12:"upload_files";b:1;s:15:"unfiltered_html";b:1;s:10:"edit_posts";b:1;s:17:"edit_others_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:10:"edit_pages";b:1;s:4:"read";b:1;s:7:"level_7";b:1;s:7:"level_6";b:1;s:7:"level_5";b:1;s:7:"level_4";b:1;s:7:"level_3";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:17:"edit_others_pages";b:1;s:20:"edit_published_pages";b:1;s:13:"publish_pages";b:1;s:12:"delete_pages";b:1;s:19:"delete_others_pages";b:1;s:22:"delete_published_pages";b:1;s:12:"delete_posts";b:1;s:19:"delete_others_posts";b:1;s:22:"delete_published_posts";b:1;s:20:"delete_private_posts";b:1;s:18:"edit_private_posts";b:1;s:18:"read_private_posts";b:1;s:20:"delete_private_pages";b:1;s:18:"edit_private_pages";b:1;s:18:"read_private_pages";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:6:"author";a:2:{s:4:"name";s:6:"Author";s:12:"capabilities";a:18:{s:12:"upload_files";b:1;s:10:"edit_posts";b:1;s:20:"edit_published_posts";b:1;s:13:"publish_posts";b:1;s:4:"read";b:1;s:7:"level_2";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:22:"delete_published_posts";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:11:"contributor";a:2:{s:4:"name";s:11:"Contributor";s:12:"capabilities";a:13:{s:10:"edit_posts";b:1;s:4:"read";b:1;s:7:"level_1";b:1;s:7:"level_0";b:1;s:12:"delete_posts";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;s:34:"vc_access_rules_post_types/product";b:1;}}s:10:"subscriber";a:2:{s:4:"name";s:10:"Subscriber";s:12:"capabilities";a:9:{s:4:"read";b:1;s:7:"level_0";b:1;s:26:"vc_access_rules_post_types";s:6:"custom";s:31:"vc_access_rules_post_types/page";b:1;s:31:"vc_access_rules_post_types/post";b:1;s:36:"vc_access_rules_post_types/portfolio";b:1;s:32:"vc_access_rules_post_types/staff";b:1;s:34:"vc_access_rules_post_types/careers";b:1;s:40:"vc_access_rules_post_types/content_block";b:1;}}}' WHERE `option_name` = 'wp_user_roles'
Hello Patrick, thanks for purchasing Cesis!
First regarding the custom fonts extension, we are paying for it, in fact we work with the team that's why we have access to it, currently it is not longer sold in their website and the custom fonts features will be included in redux 4.0 which will be soon released.
Regarding the account and role management it is related to the Redux framework or anything else would be if you are using bbpress or buddypress.
Do not hesitate to contact us if you have more questions.
Have a nice day!
Regards.
---------------------
Hosting we recommend ( Free SSL and CDN included in all plan ).
Speed up your site with Autoptimize
Test your site with GTmetrix and fix the issue to make it faster
How to Update your Theme
The primary issue is that when we perform a security scan on the site, it fills up our database replication logs and has the potential to take down the site as well as any others using the same DB environment. The query we see is in the first post. The scan continually tries to run that query. To us, it looks like the scan found something within the theme and tries to update the roles within Wordpress. Whenever it does that, the site looks like it's attempting to reinitialize the wordpress setup process. There are several hundred wordpress sites we provide hosting services for. Thus far, the thesis theme appears to be the only common denominator when this occurs.
Hello Patrick,
We have a reply from our dev, they ask you to go to the functions.php and remove or comment out the line
12,13,14 and then try to scan again to see if that fixes the problem.
If not please tell us exactly what you are doing with which plugins so our team can try to reproduce the problem.
Kind regards
---------------------
Hosting we recommend ( Free SSL and CDN included in all plan ).
Speed up your site with Autoptimize
Test your site with GTmetrix and fix the issue to make it faster
How to Update your Theme
Thank you. Can you confirm this is the correct file/lines of code to comment out? After we make the requested changes and restart apache, the site doesn't load and throws 500 errors. The apache error is at the very bottom of this response
/**sitewebdirectory**/wp-content/themes/cesis/functions.php
//Add Redux Framework
//require get_template_directory() . '/admin/admin-init.php';
//require get_template_directory() . '/admin/redux-extensions/config.php';
//require get_template_directory() . '/admin/redux-extensions/loader.php';
We're using the following plugins.
Cesis Custom Posts v1.3
Contact Form by Takayuki Miyoshi 7 v5.1.1 (used for form submissions)
Envato Market v2.0.1 (Tied to cesis updates)
File Manager Advanced by modalweb v2.7(Navigating through the web file directory)
Slider Revolution by ThemePunch v5.4.8.3 (used for modern image/content navigation and display)
The Grid by Themeone v2.7.1 (skin builder)
Wordfence Premium v7.2.4 (Wordpress App Firewall)
WPBakery Page Builder by wpbakery.com v.5.7 (Drag and Drop Page builder)
Apache Error:
[Fri Apr 05 09:23:03.516997 2019] [php7:error] [pid 8478] [client **redacted**:64727] PHP Fatal error: Uncaught Error: Call to undefined function redux_post_meta() in /var/www/html/**sitename**/wp-content/themes/cesis/header.php:17\nStack trace:\n#0 /var/www/html/**sitename**/wp-includes/template.php(704): require_once()\n#1 /var/www/html/**sitename**/wp-includes/template.php(653): load_template('/var/www/html/k...', true)\n#2 /var/www/html/**sitename**/wp-includes/general-template.php(41): locate_template(Array, true)\n#3 /var/www/html/**sitename**/wp-content/themes/cesis/page.php(19): get_header()\n#4 /var/www/html/**sitename**/wp-includes/template-loader.php(77): include('/var/www/html/k...')\n#5 /var/www/html/**sitename**/wp-blog-header.php(19): require_once('/var/www/html/k...')\n#6 /var/www/html/**sitename**/index.php(17): require('/var/www/html/k...')\n#7 {main}\n thrown in /var/www/html/**sitename**/wp-content/themes/cesis/header.php on line 17
Hello Patrick,
Can you please tell me how you are doing the security scan, we thought it was from the server directly so we wanted you to test without the theme loading the redux framework which is probably the reason of the problem.
Waiting for more information.
Kind regards
---------------------
Hosting we recommend ( Free SSL and CDN included in all plan ).
Speed up your site with Autoptimize
Test your site with GTmetrix and fix the issue to make it faster
How to Update your Theme
We're using acunetix which is a third party scanning tool. It scans the site remotely as it's running live detecting any vulnerabilities much like an external attacker would potentially scan any site we host to figure out what they can exploit.
I'll be more than happy to test a scan without the redux framework if you can send me the full steps on how to do so. But the lines of code you asked to comment out took the site completely offline. Would it be possible to have a webex meeting to troubleshoot live?
Just to provide an update. We took a copy of the production site and copied it to a test environment. When we scan as is, the same issue is prevalent. When we remove the CESIS theme and rescan, we don't have any problems with the scan filling up the log files.
It's been over a week since we received an update. Can you please let us know how to properly turn off the redux components so that we can determine if that is the cause?