Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #742369

    Our Wordfence suspects this file, is it ok?

    File contains suspected malware URL: /storage/content/95/112595/form.erhemsida.se/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php

    This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.

    Regards /Roland

    #742372

    Hey Roland

    You are currently using an older version of the theme. Please update Enfold to the latest version 3.8.5 – http://kriesi.at/documentation/enfold/updating-your-theme-files/ and flush browser cache and refresh your page a few times – http://wiki.scratch.mit.edu/wiki/Hard_Refresh

    For more information about the warning, i am quoting Kriesi’s reply

    I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.

    In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:

    //fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
    

    The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.

    However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since

    a.) there is no actual problem, just a false positive
    b.) you can fix the false positive by removing that single comment line

    We will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)

    Regards,
    Yigit

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.