-
Search Results
-
Any more updates on this? I just installed Wordfence on all of my websites and now I am getting these same issues.. Warnings when we use the page builder..
In reply to: Theme purchase link
Hi Brett!
Example website is not using WordPress. However as you can see, it has a very outdated design. Which would not be the case if you used Enfold, unless that design is what you are going for.
WordPress like other content management systems, may have security issues however there is a strong team of developers and community behind it so it is being updated and improved with each update, just like our themes.
There are also many free security plugins such as – https://wordpress.org/plugins/wordfence/. Once you start using Enfold and WordPress, i am pretty sure you will be happy with your decision. You can check out Enfold reviews here – https://themeforest.net/item/enfold-responsive-multipurpose-theme/reviews/4519990 :)
Let us know if you have any other questions
Best regards,
YigitIn reply to: www.link.at why there is a link in enfold file?
and you recognized it because you are using Wordfence :lol ?
see here: https://kriesi.at/support/topic/wordfence-critical-issue-with-enfold-theme-file/#post-746534
so update to 3.8.5 or if you are a paranoid person just put in your domain (because it is commented out – there was no result of what is in there)
Hey!
WHen you reply to your own topic, so many times, your request goes last and we can not handle it.
Every time you reply, the position of the topic goes last.Please disable WordFence so we can login and we will check anything else.
Thank uRegards,
BasilisI’ve tried deactivating Wordfence and create a video element. Didn’t work. I’m sending login info in the private field below so you can check yourself.
So today I was updating my site and when creating a video-element and inserting an url from vimeo the video does not show up on the site. Only showing an URL and blank space where the video should have been. Clicking on the link opens up the video in a lightbox.
If I take any of the old video-elements (made long time ago) and move around they work fine and show the video as they are supposed to. If I update the link inside them, they disappear and only the link is shown.
I’ve tried to check if it has something to do with Vimeo settings on the different videos, but tried to copy a link from a video, that is already inserted in one of the existing videos that are showing, and when I hit save and it doesn’t work again.
It looks like it’s an Enfold update thing (???). Or maybe it has something to do with the new version of Wordfence that doesn’t allow caching the videos maybe?
Anyway, what is wrong? Can someone please help me? I need help! I need to have my website working these days since important people are looking :)
THANKS!
Hey dasped!
Please refer to this post – https://kriesi.at/support/topic/wordfence-critical-issue-with-enfold-theme-file/#post-746534
Regards,
YigitAfter running a wordfence scan this evening its returned the following information – Please advise.
File contains suspected malware URL: /home/*********/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Bad URL: http://www.link.at/
File type: Not a core, theme or plugin file.
Issue first detected: 6 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.I can confirm that this is a new installation of both theme and wordfence. No possible contamination/breach has occurred.
I’m presuming this may be a false flag ?
Only URL’s found:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry if(strpos($element['std'], 'http://') === 0) $element['std'] = 'manually,'.$element['std'];&
if($new_std[0] != $key) $element['std'] = "http://";Any assistance appreciated, thanks.
Hey!
Glad you figured it out! For anyone else having this issue:
Please update Enfold to the latest version 3.8.5 – http://kriesi.at/documentation/enfold/updating-your-theme-files/ and flush browser cache and refresh your page a few times – http://wiki.scratch.mit.edu/wiki/Hard_Refresh
I am quoting Kriesi’s response on the issue
I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.
In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since
a.) there is no actual problem, just a false positive
b.) you can fix the false positive by removing that single comment lineWe will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)
Best regards,
YigitHi, I had the same issue as many others:
File contains suspected malware URL: /home/starkhec/public_html/wp-content/themes/enfold-2/config-templatebuilder/avia-template-builder/php/html-helper.class.phpI had in all 3 of my Enfold sites.
Updating the themes on TWO of my sites fixed it (Wordfence scan clean)
But on my http://www.starkhechara.com site it didn’t fix it.
Same malware alert across all 3 sites but the Enfold update only fixed it on 2 of them.
Please help, my sites are getting warnings from Google on them and my clients are emailing me daily
Thank you, Star
Hi,
I have installed Wordfence Security at my site and got this warning today concering the theme file
/config-templatebuilder/avia-template-builder/php/html-helper.class.php“This file contains a suspected malware URL listed on Google’s list of malware sites”
I downloaded the original theme files today again and checked this special file – and indeed, there is link.at mentioned:
Any recommendations what to do please?
Thank you.In reply to: Wordfence Critical Issue with Enfold theme file?
Hey!
Please update Enfold to the latest version 3.8.5 – http://kriesi.at/documentation/enfold/updating-your-theme-files/ and flush browser cache and refresh your page a few times – http://wiki.scratch.mit.edu/wiki/Hard_Refresh
I am quoting Kriesi’s response on the issue
I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.
In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entryThe link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.
However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since
a.) there is no actual problem, just a false positive
b.) you can fix the false positive by removing that single comment lineWe will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)
Regards,
YigitAlert generated at Saturday 11th of February 2017 at 08:10:20 AM
Critical Problems:
* File contains suspected malware URL: /home1/toledobl/public_html/reach2/wp-content/themes/enfold 2/config-templatebuilder/avia-template-builder/php/html-helper.class.phpIt says it links to http://www.link.at ? That site is Blacklisted on Google I guess?
In reply to: New user registrations every 5 minutes
Hey comelen,
Please install a security plugin like https://wordpress.org/plugins/wordfence/ and get in touch with your hosting company to check if they can secure the server your site is hosted on.
Best regards,
VinayIn reply to: WP
Hi,
I have been able to hold off for awhile because I have had the previous unfortunate problem of my theme being broken and it taking weeks or months for a theme revision roll out or patch to fix incompatibilities. I always check support page before updates and see how early adopters of theme or WP updates make out.
However this time, this WP exploit is a MAJOR issue. There has been a lot of press about it, and I heard about it early on and made update. Yet, some sites are really getting clobbered, it is a massive hack….
More News https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/
I would consider putting out a service bulletin as a sticky post in your landing page (if I were in your shoes……:))
All the best, and its good advice, “to encourage our customers to update both theme, plugins and WordPress itself to the current versions to avoid any breaches of security.”
thanks for the support- you guys do a great job
Ed
Topic: Wordfence antivirus problem
Hi, dear Developers.
Wordfence (WordPress Antivirus) find a problem in file: enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php at 726 line:
static function linkpicker($element) { //fallback for previous default input link elements: convert a http://www.link.at value to a manually entry if(strpos($element['std'], 'http://') === 0) $element['std'] = 'manually,'.$element['std'];The “http://www.link.at” is not a good sample, cause it contains a suspected malware URL listed on Google’s list of malware sites. Just replace link.at on link.com or something else in next releases. Thanks.
I have a client web site that was recently hacked and malware/phishing files were added. I removed one of the malicious files. I also installed the plugin for Wordfence and scanned the site. It listed a number of other files it deemed to be malicious or suspicious files. I deleted them. Now the site will not load because some of the files were part of the enfold theme to control how the site works.
Am I able to re-install the enfold theme without harming any of the existing web site content on the site? I have contacted my hosting company with a support ticket to restore the site from a backup, but who knows how long it will be before they respond. My client’s business operates 24/7 so it is critical that their web site is up and running quickly. I put up a temporary index.php page stating that the site is down for updates.
In reply to: Bad url on Avia template builder
Basilis,
Glad you’re here! I have the same problem! I use wordfence and it let me know this file was malware (apparently it’s not?). So, I allowed WordFence to remove it. Now my entire site is blank … I can’t figure out where to find the file to replace it. Is there a way to get only that file?
Thanks (I’m more than a little panicked),
SteveIn reply to: Bad url on Avia template builder
Hi sethriley!
Please upload to latest Enfold version and the issue from WordFence will go away.
Thanks a lot for your understandingBest regards,
BasilisIn reply to: HELP – blank admin page after login
Hey!
Thank you for the update.
I also noticed you deactivated wordfence – was that for testing?
I wasn’t able to do anything yesterday because the account is not an administrator. Where can I see the issue again? I don’t see any errors in the dashboard.
Best regards,
IsmaelTopic: WP
I have been holding off updating to WP 4.7.2 until I update enfold.
I just read this article today and decided to activate to WP 4.7.2 which closes exploit path….phew no problems with theme.
You may want to pass along to your customers.
In reply to: HELP – blank admin page after login
sorry = you’re an admin now
I think the problem may be with WPML and WP 4.7, since I have other sites running 4.7 without issue and this one is the only one running wpml….which I need!
Let me know if you find something else.
I also noticed you deactivated wordfence – was that for testing?
thanks
NancyI received this message on a Wordfence scan:
********************************
File contains suspected malware URL: /home/jguinn66/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Bad URL: http://www.link.at/
File type: Not a core, theme or plugin file.
Issue first detected: 9 hours 24 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file.
******************************************
Do you know what this means and how I can fix it? Thanks!I’m running 3.8.4 and just received the following critical notification from Wordfence. I verified that the file was not modified from the original I used to update my installation of Enfold. Thanks for your attention to this.
From Wordfence:
Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Bad URL: http://www.link.at/
File type: Not a core, theme or plugin file.
Issue first detected: 1 hour 30 mins ago.
Severity: Critical
Status NewThis file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.
Hello, like many others I did receive this message:
public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
I was able to troubleshoot and fix that, but while doing that I noticed that another message was there via wordfence scan.File appears to be malicious: wp-includes/pomo/text.php
This file appears to be installed by a hacker to perform malicious activity. If you know about this file you can choose to ignore it to exclude it from future scans. The text we found in this file that matches a known malicious file is: “@gzuncompress(@base64_decode($________))){setcookie”. The infection type is: Backdoor:PHP/B4BK2tA.—
I am not sure how this happened as everything is generally up to date. I have wordfence, sucuri, ithemes security.
Can someone please look at the private content for login info and please advise? I fear the same thing happened to my other sites since I have the same on them.
Topic: malware
Hello, I am following your instructions but the file still appears in wordfence scan. Can you please take a look?
In reply to: Main Menu Second Row
I appreciate your quick response and apologize it has taken me this long to reply (had a busy weekend out of town). I also had Wordfence blocked all IP’s outside the US which I just turned off for now.
Let me try to explain what I want to do a little better….in the above linked answer, it looks like they wanted to separate one menu item into two lines. I don’t need to do that….I want to have lots of menu items that show up as two rows of menu items. Try this link for a picture of what I’m talking about: http://pasteboard.co/36Pe1xwp5.jpg
Currently although the menu will show up in two rows, it doesn’t display correctly (it show up over top of the slider as well as over the title of other pages).
Thanks again for the awesome theme!
In reply to: 2 question
Hey mjavidnikoo,
1. 3.8.5 was a security update, nothing new was added:
Removed a php comment that caused a false positive alert message with the Wordfence Security Plugin.
2. Updates are for life, so yes :-)
Best regards,
RikardIn reply to: Wordfence – enfold file suspect
Hey Roland
You are currently using an older version of the theme. Please update Enfold to the latest version 3.8.5 – http://kriesi.at/documentation/enfold/updating-your-theme-files/ and flush browser cache and refresh your page a few times – http://wiki.scratch.mit.edu/wiki/Hard_Refresh
For more information about the warning, i am quoting Kriesi’s reply
I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.
In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.
However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since
a.) there is no actual problem, just a false positive
b.) you can fix the false positive by removing that single comment lineWe will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)
Regards,
YigitOur Wordfence suspects this file, is it ok?
File contains suspected malware URL: /storage/content/95/112595/form.erhemsida.se/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.
Regards /Roland
