Hi there, inspecting the error log of my site, where I’m using a child theme based upon your Dazzling theme I’ve noticed the following lines:
[Thu Jul 02 15:15:20 2015] [error] [client a.b.c.d] File does not exist: /var/www/vhosts/mysite.it/httpdocs/wp-content, referer: http://mysite.it/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php
[Thu Jul 02 15:15:21 2015] [error] [client d.e.f.g.] File does not exist: /var/www/vhosts/mysite.it/httpdocs/wp-content, referer: http://mysite.it/wp-content/plugins/contus-video-gallery/hdflvplayer/download.php?f=../../../../wp-config.php
[Thu Jul 02 16:44:37 2015] [error] [client z.x.c.v] File does not exist: /var/www/vhosts/mysite.it/httpdocs/administrator
[Thu Jul 02 16:45:55 2015] [alert] [client a.s.d.f] /var/www/vhosts/mysite.it/httpdocs/wordpress/.htaccess: Invalid command ‘BEGIN’, perhaps misspelled or defined by a module not included in the server configuration
[Thu Jul 02 17:33:42 2015] [error] [client p.o.i.u] File does not exist: /var/www/vhosts/mysite.it/httpdocs/robots.txt
[Thu Jul 02 17:39:20 2015] [error] [client q.w.e.r] File does not exist: /var/www/vhosts/mysite.it/httpdocs/robots.txt
[root@blahblah]#
Searching on internet, it seems that this attack refers back to some plugins which were infected.
Read this as a starting reference. Slider Revolution Plugin Critical Vulnerability Being Exploited
Could you add something? Me, I’ll be researching and reporting here my results.
Elio