Forum Replies Created
-
Posts
-
Here’s the message I get. You’ll notice they say the site “may” be compromised, but like dianado mentions, it’s a bit overwhelming.
I have deleted all or portions of links and paths specific to my account, but hopefully left enough to get the idea:
We have recently scanned one or more users on your DreamHost account for
potential security threats. Unfortunately, we found some potential
indications that your website(s) *may* be compromised.We understand that this may not be the best news you can get. This
notification is intended to help you through the process and serve as a
starting point to assist you in getting your account cleaned and secured.
While we won’t be able to complete these processes for you, if you have
any questions about the items that follow please don’t hesitate to reply
to this email and we will be happy to clarify any points or offer any
further guidance to help you through getting your account back to normal.The following files/directories had insecure permissions (777), which have
been remediated.<deleted path>/wp-content/uploads/dynamic_avia
Additionally, the following steps should be taken to ensure password
security:* Change your users’ password(s) by clicking under the “Action” column
for that user in our Web Panel:
<deleted link>* Change your database password(s) by clicking the database username in
our Web Panel:
<deleted link>IMPORTANT: You may need to modify your site’s configuration file to
reflect the new password.* Use a complex (8-31 characters) password or passphrase that contains
mixed case letters, numbers, and symbols. You should avoid using
dictionary words (in any language), names, dates, addresses, phone
numbers, etc. as these can potentially be guessed or acquired through
other sources. The username that the password is being used for, or the
domain name/site name the user is attached to should never be included
in any part of the password. Also note that it is a good idea to
periodically change your passwords.If you have any questions, please reply to this email and we will be more
than happy to assist you with securing your sites.For general tips on keeping your site secure, please also see Keeping
your website secure
<https://help.dreamhost.com/hc/en-us/articles/214916918_keeping_your_website_sec ure>.If you’d like to receive regular reports of any malware found on your
domains, you might consider signing up for DreamHost’s Malware Remover
service. Our Malware Remover scans your domains on a weekly basis for any
known threats and, if any are found, provides you with instructions for
securing your websites.For more information about the DreamHost Malware Remover, or to sign up,
check out our knowledge base: How do I enable the Malware Remover service
<https://help.dreamhost.com/hc/en-us/articles/226704048-How-do-I-enable-the-Malw are-Remover-service->.If you have any questions or concerns, you can submit a ticket, open a
LiveChat, or request phone support here
<deleted link>Sincerely,
DreamHost Security Bot
Hey guys,
First of all, thanks for the code for child theme functions. I inserted it into one of my sites and site seems fine. I also noticed that the dynamic upload folder had reverted to 777, don’t know why – have not updated theme lately, but maybe the recent upload I did is what changed it. I will test this out.Have also made a note about when the functions file was updated and will track it over time to see if and when permissions change to 777… If this new functions file keeps it at 755, will use it for all Enfold sites. I appreciate your time and attention to this problem.
The larger point here seems to be missed. Regardless of what is secure or safe permissions, my webhost does not like me having a directory with 777, which Enfold has. If I don’t change the directory, the webhost does and often reminds me that they did and that I should stay away from 777. That’s fine, I’m happy to do that but every time I update Enfold, the dynamic upload folder reverts at some point to 777 and so a regular routine is that I have to go through all my enfold sites manually on a regular basis to make sure the directory is not 777.
So the larger point is this: Enfold seems to work quite well enough with 755 on the dynamic uploads directory. Why not make that the default? If I knew how, I would do that in my child theme, but I don’t.
Yeah, that’s great if you only have one install of Enfold, but I’ve licensed on over 10 sites, so every time I update the theme, I have to change permissions, because the permissions do revert to 777. Unfortunately they don’t seem to revert immediately after update. So what this means is that I generally put off updating the theme altogether. Sure wish this could be changed to default to 755 (which works perfectly fine on all my installations) so that I didn’t have to manually track when it reverts to 777, or have my webhost change it and hassle me that I’ve got 777 directories.
OK, hang on. I made an insignificant change in the quick CSS and saved, then the styles loaded. All good. Ok to close.
What I found is if I just switch the firewall settings from enabled to disabled, then switch back, the Avia Layout Builder does NOT load the content for editing.
However, if I disable the firewall, then go edit the page to confirm the ALB is working, then move away from that page, change the FW setting to Learning, go edit a page and verify ALB is working, then move away from that page and enable the FW, then go to a page and edit it.
It is a pain, but this is the weird part. After i did that on one site, the ALB was working on all the others where WF and Enfold were used, even if they were on different servers.
Hey, I’ve been fighting this too and have discovered this: If I disable the WF firewall, I can access the Avia Layout Builder, and if I turn the WF FW back on, I cannot access the ALB. However, if after disabling the WF firewall, then setting it to “Learning” mode, save, I can access ALB, and then one more time setting it back to “enabled” I can then access the ALB again.
In other words, I cycled through the three firewall settings and can then access the Avia Layout Builder on all pages with firewall enabled. Still looking into this because I have 10 sites with the same problem.
Hi Andy,
Thanks for your note. The thing is I did nothing to make it work in Chrome. It worked automatically.
I’ve done some research on Stack Overflow and found others with general non-responsive image issues. What i found that fixes it in FF is to take out the image’s width and height in the tag, and then add this #featuredhome img {width:100%;} where the color section ID is featuredhome
Problem solved.
Hi Rikard,
Thanks for your reply, which prompted me to look more closely at my issue. It turns out, my most dependable browser FF is the one browser this doesn’t work on. Screen shot link in private content. The image on the left is FF and the one on the right is Chrome. Works fine there, as well as Safari. So this is a FireFox issue, not necessarily Enfold.
Sorry I didn’t investigate more thoroughly before contacting you.
It appears this problem has not been resolved, and if I understand correctly, I am having the same problem. To explain it a little more clearly, when using the Portfolio Grid, and having Sort activated, if you view a particular group of images in the category, eventually other images from other categories start to appear. I believe what esher was hoping for was to not have that kind of “overlap” into other categories when viewing the images in lightbox popup window.
Link to site in private content.
If you sort on “Bridge State” category, there are five images. Click on an image to get lightbox enlargement. Click through all five, then it dumps you into a different category. I’d like to limit lightbox slideshow to one category.
Thank you.
Andy, you misunderstood. I have web clients that choose other themes, and make me use them, and they are terrible themes compared to Enfold. Enfold is clear and easy to use and creates beautiful results.
My webhost and I would love to know the good reason for 777, when 755 works and is much safer.
Ok, actually it does change to 777 with update of theme. Yes, minimally it seems this will need to be changed every time the theme is updated, but if 755 works, which it seems to, why not change the function file so that it sets it to 755 by default? It is set in framework>php>function-set-avia-backend.php. Used to be on line 690, but now with new version, it is ironically on line 777.
Thank you Devin and eRoxanne: https://kriesi.at/support/topic/dynamic-avia-folder-has-permissions-set-to-777/
Thanks you guys. I love this theme. I’ve had to use others by client request and they don’t compare well to Enfold.
Hi Ismael, and thanks for reply.
What I mean to ask is, I have manually set permissions on that directory to 755, because the default setting during installation is 777 as per one of your functions files. So, my question is, if I update the theme, as seems to be happening every few months, will the permissions get changed back to 777 default? If so, might I also ask if you see any problem with setting the default to 755 in your function file in updates, since 755 will work anyway, and according to my webhost, is much less dangerous a setting?
Thanks again.
Hi Elliott!
Yeah, that widget is definitely gone in 3.3. But here’s what I did: My next test was to update another instance of Enfold where Latest Portfolios are not used to see what would happen. At the time of that test, Enfold 3.3.1 was available, and the widget is present in that version. So, I went back to the problematic install and updated that to 3.3.1 and Latest Portfolio widget is back.
So, problem solved.
I love your theme. It makes beautiful sites. I’m just always nervous about updates for this very reason.
Hey guys. Sorry this version must be causing a lot of problems. I couldn’t wait any more as half the navigation of client’s site was gone. Found that i could use “Enfold Latest News” as a substitute for all the “Enfold Latest Portfolios” I used to have, which the new theme trashed. All sidebars have been rebuilt and things are working again.
If anyone is listening, deleting a very useful and integral part of the theme like that doesn’t seem like a good idea.
Hey, sorry. I found an answer to this here:
https://kriesi.at/support/topic/limit-navigation-between-posts-to-one-category/OK, so this question can be ignored. I cut and pasted the captions into the title boxes so they are the same.
Hey Dude,
Thanks for checking the site. As usual, I did a terrible job of explaining the problem. The image that goes out of whack is in the first enlargement that pops up in the pretty photo overlay. All of those images are the same height, except for the one in position #9, which actually was uploaded with the same height as all the rest, but for some reason, when my browser is in full monitor, that one image is not fitting inside the viewport:
http://babayard.com/temp/Screen-Shot-OVERLAY.jpgIf I make the browser window smaller, refresh and click on image thumbnail, the image then fits the same way as all the other images do. This happens in FF, Chrome and Safari.
So the second part of my question was, in effect, is the area designated in red of that screen shot changeable in css? I’ve tried a number of things, but got nowhere.
Thanks.
I would like to suggest moving the delete X away from the toggle V in the custom widget area. I’ve deleted two widgets by mistake now and that is super annoying.
Thanks. Really like Enfold a lot.
Re-uploaded without errors. So then I deleted file in question and have successfully re-installed theme.
Hi,
I understand that you are not displaying child pages in the mobile menu, so on those pages, I built sidebar navigation specifically so that mobile users would have a way to navigate. As it turns out, the sidebar is hidden too, in mobile devices. So could you just offer a brief strategy for how you’d allow mobile users complete access to all pages?OK, please scratch the question about eliminating the anchor for page titles. I see they are “bookmarks” and understand the reasoning there. I will leave them.
Still, if you can think of any other place I could look to change or delete Latest News, I would be greatly relieved.
Thanks!
Devin,
Thanks for reply. I fixed the blog/blog issue, but the first question is still a problem. My page slug is just /blog, but what I’m getting in the .main-title is Blog – Latest News, and it is a link to the home page !?!? The permalink for the page under the page title is /blog
(as an aside, and a secondary problem here: In fact, all the main titles on Pages are links to themselves, which is the first time I’ve seen that happen. Can I change that in one of the Enfold theme files?)
I have looked at the slug of every page and post in current lists as well as in the trash.
I have searched the database for that slug and cannot find it…
Any other thoughts on where it might be hidden away would be greatly appreciated.
