Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Dashboard no longer available as of yesterday morning - themesteam redirect

Hi everyone, I'm using the open source version for our forum and as af yesterday morning, I have no longer access to the dashboard.
I get redirected to "themesteam" and that's were it goes wrong.

When I look at view-source:http://forum.wisper.be/index.php?p=/dashboard/settings, it seems "Themesteam" scripts but the domain is offline. Anyone have the same problem? Don't know what to do/who to contact (apparently, support@vanillaforums.com is for clients of the cloud hosted solution online).

Many thanks!

Comments

  • R_JR_J Admin

    Yes, there have been others with the same problem. And obviously @ThemeSteam has either severe server problems or simply quit this hobby and left all the users of his theme alone.

    If you have only problems with the dashboard, please check if there is a file /themes/whateverthenameofyourthemeis/views/admin.master.php or /themes/whateverthenameofyourthemeis/views/admin.master.tpl and rename that to admin.master.backup

    Delete all *.ini from the /cache folder and try again.

    That might also be a solution for you, @AlpForum


    But besides of that theme issue, you have got a bigger problem: you installation is outdated and there are security issues with the version you are using. Not updating is irresponsible and puts your users, yourself and your hoster to a risk.

  • I think if you are getting redirected to theme steam then this is potential malware. I don't think that is acceptable and should not be in the repo.

    There is no reason to a theme to have much to do with the dashboard under normal circumferences.

    grep is your friend.

  • R_JR_J Admin
    edited June 2017

    @x00 said:
    I think if you are getting redirected to theme steam then this is potential malware. I don't think that is acceptable and should not be in the repo.

    There is no reason to a theme to have much to do with the dashboard under normal circumferences.

    The code in Cloudy/views/admin.master.php looks like that:

    <?php
    $str = '123456789';
    $shuffled = str_shuffle($str);
    ?>
    
    
    <link rel="stylesheet" type="text/css" href="http://themesteam.com/cdn/cube/license/check.css?<?php echo $shuffled; ?>" media="all" />
    

    As I understand it, that shuffled string should prevent caching and by fetching the css from his server, he used something like a tracking pixel. That is quite common for aggressive advertisers, but at least a tracking pixel wouldn't break an entire page if the hosting server goes down.

  • R_JR_J Admin

    I found that I have a copy of Cloudy and I renamed the admin.master.php to admin.master.backup which didn't work. But if you rename it to backup.admin.master, everything is fine and you are able to use the dashboard again!

  • My suggestion is to remove the theme from the add-ons... something like this is despicable in a theme... it's not just useless, it's cruel.

  • Wherever it is, it is not what he repo is for. The repo requires GPL compatible licence as I understand. So he would have to host it himself and explain how the licence works.

    I suspect it is is more than tracking pixel it would effectively disable the theme, and the redirection code is essentially to a pay wall, probably using javascript.

    grep is your friend.

  • What i don't get is why this is done in the dashboard only. I figure this paywall was there originally and he forgot to remove all of this.

    Regardless it is not on.

    grep is your friend.

  • looks like the domain is parked, probably becuase they failed to renue it.

    grep is your friend.

  • Let this be a lesson, kids - If you're going to make a freemium theme, be sure to have a total dependency on your own server so that if you go down, you take everyone else with you. (I had to re-write this three times to make it civil)

    Also, grep and I have been growing a very blossoming relationship as of late. smiles

  • What I did:

    1) admin.master.php -> admin.master.backup
    2) comment out this line (line 58, I believe, or close to):
    " media="all" />
    3) removed this line (at 113, thereabouts):

    4) restarted web services
    5) clicked my dashboard link and immediate ctrl-f5'd the page to ensure Chrome wasn't cashing the old page.

    It seems to have let me work in the dashboard and the site is still themed. YMMV.

    Did I just explain how to crack a "freemium" theme? Ooops.

  • @R_J said:
    I found that I have a copy of Cloudy and I renamed the admin.master.php to admin.master.backup which didn't work. But if you rename it to backup.admin.master, everything is fine and you are able to use the dashboard again!

    Worked!

  • @R_J said:
    I found that I have a copy of Cloudy and I renamed the admin.master.php to admin.master.backup which didn't work. But if you rename it to backup.admin.master, everything is fine and you are able to use the dashboard again!

    Worked for me as well...thank you!

  • If you rename it , it's the same as removing it. I suggest you simply remove that file admin.master.php from the theme's views . It is not necessary.

Sign In or Register to comment.