-
Search Results
-
Topic: problem with site
Hi, I’m having some problems here, I logged into my site earlier after a wordfence alert email as follows
This email was sent from your website “Hypnotherapy Bolton Psychotherapy Service” by the Wordfence plugin.
Wordfence found the following new issues on “Hypnotherapy Bolton Psychotherapy Service”.
Alert generated at Wednesday 1st of February 2017 at 12:50:42 AM
Critical Problems:
* File contains suspected malware URL: /home1/talkinv4/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Warnings:
* The Plugin “Yoast SEO” needs an upgrade (4.1 -> 4.2).
https://wordpress.org/plugins/wordpress-seo/changelog
I then deleted the file as it suggested and there was a 500 error
I contacted bluehost support and the conversation with them went as follows:
6:49:40 PM stuart cale I got an email from wordfence saying “This email was sent from your website “Hypnotherapy Bolton Psychotherapy Service” by the Wordfence plugin.
Wordfence found the following new issues on “Hypnotherapy Bolton Psychotherapy Service”.
Alert generated at Wednesday 1st of February 2017 at 12:50:42 AM
Critical Problems:
* File contains suspected malware URL: /home1/talkinv4/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
6:50:08 PM stuart cale so I went in and deleted the file as it suggested and now the site is not accessible
6:50:38 PM Shrimati P In order to assist you further, please provide the last 4 characters of the Main account password to authenticate you as the owner of the account.6:52:15 PM stuart cale hello?
6:52:21 PM Shrimati P Yes, I’m here.
6:52:37 PM Shrimati P Your main password is expired. Please reset your password.
6:52:41 PM stuart cale is it a big problem?
6:53:05 PM stuart cale can you send a link to do that?
6:54:06 PM Shrimati P Sure. I have sent the reset password link. Please check your mail.
6:54:38 PM stuart cale ok will you leave the window open while i do it – I’ll have to go to my other computer
6:54:45 PM stuart cale will take me an hour or so
6:57:27 PM stuart cale
7:00:08 PM Shrimati P Thank you for validating. Can you please hold while I review your account?
7:00:32 PM stuart cale yes – i might be a bit slow replying but please don’t close the window on me
7:01:35 PM Shrimati P Okay sure.
7:02:03 PM stuart cale do you see the description of the problem i posted above?
7:03:13 PM Shrimati P Yes, I can see.
7:12:56 PM Shrimati P Still working on it. Please be on hold.
7:23:38 PM Shrimati P Still working on it. Please be on hold for few more minutes.
7:29:35 PM Shrimati P Can you please check your website
7:31:12 PM Shrimati P I have set the theme to default. I would suggest you to uninstall and try re-installing the theme and check if it works. Or you may need to contact your theme vendor regarding the theme issue.I’m lost now, can you please help me?
Stuart
In reply to: 3.8.5 and Yoast SEO
Hi. I just can’t replicate duplicate your issues. Several of my sites use the same structures and plugins including
– WP 4.7.2
– Enfold 3.8.5
– Yoast 4.2.1Plus:
– Sucuri 1.8.3
– Wordfence 6.3.0
– WPRocket 2.9.4
– Imagify 1.6.3
– UpdraftPlus 2.12.32.22
– P3 1.5.3.9
– MC4WP 4.0.12
– Hotjar Connecticator 1.1.1
– AMP 0.4.2
– Black Studio TinyMCE Widget 2.3.1
– TinyMCE 4.4.3
– Collapse-O-Matic 1.7.3
– Disable comments 1.6
– Duplicate Posts 3.1.2
– Duplicate Menu 0.2so… anybody else experiencing trouble? It may happen to me too along my webmastering actions. Alex
In reply to: What is the procedure for upgrading WP Layer Slider?
Hey!
We have released Enfold 3.8.5 just to correct the false positive warning Wordfence threw. We are still working on the major update which will be released in a week or two. That update will include the latest version of LayerSlider.
I quote Kriesi’s reply below, so you can read more about the false positive warning
I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.
In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.
However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since
a.) there is no actual problem, just a false positive
b.) you can fix the false positive by removing that single comment lineWe will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)
Cheers!
YigitHello,
We are using the latest version of the Enfold theme. We also use the Wordfence premium plugin to help secure our site. This morning we received a notification from Wordfence informing us there is a suspect file on the site :
File contains suspected malware URL: /home/blahblah/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
After doing some research, we came across this post on the WordPress.org site which seems to be the same issue : https://wordpress.org/support/topic/wordfence-could-not-delete-file-broke-site/
Please advise on how we should handle this ASAP.
Thank you!
In reply to: being hacked
Hey!
I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.
In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.
However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since
a.) there is no actual problem, just a false positive
b.) you can fix the false positive by removing that single comment lineWe will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)
Best regards,
KriesiIn reply to: being hacked
Sorry not acceptable. Once you even touch the code the site is dead. We have already talked with Wordfence.
In reply to: being hacked
Hi!
AS we reported, that is not a security issue and you can ask WordFence team and they will confirm.
It is a ” fake ” issue, based on an automation they have on their API, tracking some specific stuff.
API is a machine, not a human, so after our developers checked they confirmed the problem and releasing an update that is just a work change for that area.We are really sorry you feel that way, but you also have to understand that there is no security risk – and if there was one – we would have released an update the same moment we got the error reported.
Please do contact although WordFence, who will let you know that we do not have a problem.
We do appreciate your patience although and we have pushed the ticket to Kriesi so he can check him self.
Cheers!
BasilisIn reply to: WordFence detected suspected malware
Hi!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Link is in commented line therefore it has no affect but still throws a warning on Wordfence. Applying those changes will fix it. Even if you do not fix it, there is nothing to worry about :)
Regards,
BasilisIn reply to: being hacked
Hi!
Can you please provide for us, into private section, the 35 licenses that you own, please so we can validate the account?
Then, we can go ahead and check the sites one by one, based on WordFence and help you if the issue is from our theme. Will do the modifications to help you further with the issue and manage the problem ASAP.Thank you very much.
Best regards,
BasilisHello!
On my most recent scan (Feb 1, 2017), WordFence detected suspected malware in one of your files. Here’s their message:File contains suspected malware URL: /home/gmcla0/public_html/gmcla3/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Bad URL: http://www.link.at/
File type: Not a core, theme or plugin file.
Issue first detected: 3 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.—
I tried deleting the file through WordFence but that brought my website down. I re-installed the 3.8.4 version of Enfold and ran the scan again – same malware detection.My best,
Jim
In reply to: being hacked
Hi James!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Link is in commented line therefore it has no affect but still throws a warning on Wordfence. Applying those changes will fix it. Even if you do not fix it, there is nothing to worry about :)
Cheers!
YigitTopic: Enfold support response time
Hi,
We need to re-build a website for a big company, we made it with Jupiter theme, but had many issues with heartbeat CPU and WPML.
The support of ArtBees (Jupiter) is terrible, 2-5 days, and do not answer our question and fix issues.
So we decided to change, maybe the Enfold.
Our client have conditions, like support time and real help to fix issues if happen.
We need to know how your support work, is there a live chat ?
Thanks in advance for fast replay
PS: the needed plugin are : Cool Timeline Pro, WP Download Manager, Email Address Encoder, iframe, LayerSlider WP, Nextend, Nextend Accordion Menu, Quform, Real 3D Flipbook, Slider Revolution, TinyMCE Advanced, Wordfence Security, WP Maintenance Mode, WPBakery Visual Composer (Modified Version), WPDM – Extended Short-codes, WPDM – TinyMce Button, Yoast SEO and the WPML (almost full and paid versions)Hey!
I am not really sure then unfortunately. The fix i provided was just to get rid of Wordfence warning. Link was in commented line so it had no affect
Cheers!
YigitHey!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Regards,
YigitWordfence warns be about a malware infection, because in the file
config-templatebuilder/avia-template-builder/php/html-helper.class.php
there is an PHP-Comment which mentions “link.at”. This is surely meant as a generic phrase for a arbitrary URL, but in this case it seems to be a bad choice :-D
726 // fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
Can you fix it?
Topic: Malware or normal state?
Hello,
Wordfence informed me about a potential malware infection on multiple Enfold Websites. Is this really a malware infection?
Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Bad URL: http://www.link.at/
File type: Not a core, theme or plugin file.
Issue first detected: 23 hours 3 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.Topic: Please fix a bug.
Please replace “http://www.link.at” text to “http://www.example.com” or something link that, since WordFence produces a false positive, quote:
Critical Problems:
* File contains suspected malware URL: /home/example/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Hi @Yigit,
Before you close this post (as you did for the link above – and thanks for the solution). I just wanted to ask if I may.
I have two sites running Wordfence. BOTH sites (frontend), gave a blank screen and downloaded a file called download.gz
There was no warning or anything, just this downloaded file. None of my other sites did this. They all operate fine (Without Wordfence). (thought I have changed the code just in case).My question is why? Why was (I presume) my two sites redirecting users to download these files and prevent them from seeing my site content.
Thanks,
HJust letting you know Wordfence has an issue with one of your files.
File contains suspected malware URL: /var/www/html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Bad URL: http://www.link.at/
File type: Not a core, theme or plugin file.
Issue first detected: 5 hours 38 mins ago.
Severity: Critical
Status New
This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.I did find this file and compared it with a newly downloaded one from themeforest and it was the same…
It just has an issue with the link.at URL…..
Hi Peter!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Best regards,
YigitHi there,
Wordfence warning for /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
http://www.link.at is toxic.
Cheers
PeterHey!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Cheers!
YigitThis is a new alert I am receiving form my WordFence Plugin – all of my sites have it to alert me of threats, hacking… this is an Enfold file, just got this message from two of my sites (I deleted the file, re-installed Enfold manually, twice, but it finds it again.
This is apparently a URL that Google has listed as potential malware: http://www.link.at/ and they are finding it in this file.
* File contains suspected malware URL: /home/eleina/public_html/hylifeproviders.com/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
http://www.link.at/2 sites so far:
flaheart.com
hylifeproviders.comHi dfds!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Best regards,
YigitIn reply to: Malwares stuck in the theme…
Hi!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Regards,
YigitHey!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Regards,
YigitI have the same problem. Wordfence has detected suspect malware. Details see in the private content.
Hello all,
I use the Wordfence plugin on my sites for security. Thus far this morning WF has reported a malware breech on the enfold theme for two of my sites. I’ll post the complete info in the private content box. Can I delete this file without it affecting my site? http://www.link.at/
Thanks!
Hi,
I got this email alert from wordfence for 2 independent sites, one of them a private site which cannot be accessed without password so I think this warning must be a false alarm related to enfold? Se private content below.In reply to: malware warning related to avia template builder!
