-
Search Results
-
In reply to: malware warning related to avia template builder!
Hey!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Regards,
YigitI use WordFence plugin to scan my websites for hacks etc. Sometimes they issue an incorrect warning. I am not sure if this is due to an enfold update or if it is really malware. I copied the warning message details in Private Content.
Hopefully it is a false alert!
In reply to: suspected malware
Hi!
@steetiehj Please re-install the file and applied the changes explained here – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
If you would like us to look into it, please start a new thread and attach temporary admin logins and FTP logins in private content fieldBest regards,
YigitTopic: Possible Malware
Hello, I need assistance changing the Malware issue referred to in this thread… https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
FTP log-in is found in the private content below
This morning i updated the theme. let’s pass away the wordfence warning ( .https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608)
i’ve got another weird thing : image thumbnail on popped up avia editors won’t show. For exemple i’ve got a background image in a section block ; if i click on edit icon, a popup open, giving me ability to modify the section block config. But since this update, the image thumbnail doesn’t show the image i previously selected (and the red cross icon, to suppress the image from the background).
Some of you experimented the same issue ?
Cheers(and sorry for my bad english)
In reply to: Suspected Malware on a theme file
Hi, not the problem.
for wordfence, see there: https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608the url is in comment line, so no risk…
bye
LeoIn reply to: Suspected Malware on a theme file
Hi!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Best regards,
YigitMy client’s website is running a bit slow. I did a Wordfence scan and it picked up a problem. Im not sure if thats the reason for the slow site?
Is it safe to delete that file. Screenshot attached.
In reply to: suspected malware
Hey!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Cheers!
YigitIn reply to: Malicious found…
Merhabalar! :)
Please refer to my post here – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Cheers!
YigitTopic: Malicious found…
Hi there,
We just got a warning from wordfence plugin. What do you suggest us?
File contains suspected malware URL: /home/fixxme/public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Thanks,
OrhanYep, replacing that link results in a clear Wordfence scan. Thank you Yigit
By the way, for anyone else looking for it it is located at line 726 in the file.
Hugues
I have temporarily substituted the bad URL for a good one in the html-helper.class.php file.
Re-scanned with WORDFENCE – no problem.
Not saying this is a 100% solution, but it will stop any poss blacklisting for now!Hey!
Please go to enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php file and find
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entryand change it to
//fallback for previous default input link elements: convert a http://kriesi.at value to a manually entryWe have informed our devs :)
Edit: We will add the changes in upcoming Enfold update. Link is in commented line therefore it has no affect whatsoever however applying these changes will take care of Wordfence alert
Regards,
YigitIn reply to: suspected malware
Got several clients mailing (in distress), thinking they got hacked.
All got the same Wordfence message.I hope this will be fixed quickly.
In reply to: suspected malware
Hi,
i have the same problem, and after looking into source i suggest 2 things:
.) don’t delete it
this link ist mentioned in a comment in the file.) Kriesi: please update the theme and replace the url http://www.l**k.at to another placeholder url
http://www.l**k.at is blacklisted as a malware site, that’s why wordfence sees the theme corrupted.Best,
Stefan
aumayermedia.atIn reply to: suspected malware
I also have this problem.
“Adding issue: File contains suspected malware URL: /home/thingsc/www/die-barracudas.ch/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php”
I deleted the file with wordfence and now my enfold website is down :-((((
****
Warning: require_once(/home/thingsc/www/die-barracudas.ch/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) [function.require-once.php]: failed to open stream: No such file or directory in /home/thingsc/www/die-barracudas.ch/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/template-builder.class.php on line 111Fatal error: require_once() [function.require.php]: Failed opening required ‘/home/thingsc/www/die-barracudas.ch/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php’ (include_path=’.:/usr/local/share/pear:/home/thingsc/www/die-barracudas.ch/wp-content/plugins/mailchimp-widget/lib’) in /home/thingsc/www/die-barracudas.ch/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/template-builder.class.php on line 111
****
Can you please advice what to do?In reply to: suspected malware
I have exactly the same message from Wordfence on one of my enfold sites this morning.
I assume it is a false positive but would like to get feedback from the Enfold support team as soon as possible. I have run the site through sucuri’s external site check scan and it comes back clean.The site is: http://stewkley.org.uk
Waiting to hear ?
Wordfence alerts me this:
It seems that a bad link is found in that file, opening the file the link is in a commented row.
It should not have been edited since i installed the theme, can someone helps me to understand if it is normal?Thank you
Topic: suspected malware
Dear Support,
Wordfence found critical problem in the php file
wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
Please let me know if I have to delete the file and upload a new one or upgrade all the theme files.
Regards
Stelios
In reply to: Enfold is causing intermitten 503 and 502 errors
Well the user.ini file said from the beginning:
; Wordfence WAF
auto_prepend_file = ‘/home/content/p3pnexwpnas10_data01/59/2497059/html/wordfence-waf.php’
; END Wordfence WAF
file_uploads = On
post_max_size = 1024M
upload_max_filesize = 128M
memory_limit = 256M
max_execution_time = 300
max_input_vars = 5000But I added the memory code to the wp config file anyway, just in case. Things seems to be loading faster in general, but I still can’t load the Avia builder on that page… Haven’t had any 502s yet, will keep testing.
I was able to “fix” this by disabling (renaming in ftp) 3 plugins: wordfence, stopbadbots and yoast seo.
After being able to log in i could enable wordfence and yoast seo again.
Stopbadbots does seem to be working with 4.7.1 in network mode.In this topic; https://kriesi.at/support/topic/rublon-plugin/ I told about the problems I have with installing the Rublon plugin. I do have trouble too now with using the Live Traffic option in the plugin WordFence.
Note that I use Rublon and Wordfence on a lot of other sites together without any problems. These other sites don’t use the Enfold theme).
In the previous topic the conclusion was that it has nothing to do with the Enfold theme. But now I used the browser console to look for any errors when using the Wordfence Live Traffic and I find these 2 errors (screenshot):
http://www.optiion.nl/wp-content/uploads/wf01.png“Avia tooltip is not a contructor” seems to have something to with the Enfold theme/Avia builder? And what is the other error? Could these 2 errors cause the problems with some plugins not working properly?
In reply to: error fetching content
Hi Rikard,
The server guys have checked and there isn’t anything wrong with the permissions.It appears it was a Wordfence conflict issue.
This thread helped me solve it. I put Wordfence in learning mode and voila working again.
Cheers,
B
In reply to: Problem with opening/modifying pages on my website
Hi Ricard,
I am currently running the latest version of 3.8.4., with no other updates available. The last theme that I bought recently on my envatomarket-account was the following one: Enfold – Responsive Multi-Purpose Theme. I think I installed it correctly via FTP.
Do you have other ideas?
One thing that I discovered, while having a look on the Wordfence button on my website:
“WordPress core file modified: wp-config-sample.php
Filename: wp-config-sample.php
File type: Core
Issue first detected: 11 hours 59 mins ago.
Severity: Critical
Status New
This WordPress core file has been modified and differs from the original file distributed with this version of WordPress.”Doesn’t sound too good does it? The time of the issue dectected corresponds, I think with the moment our problem started. Does this give you an idea of what we can do?
Thank you very much for any help that you may provide.
Matthäus
In reply to: HELP! Have I been hacked??
Hi,
I looks like your site has been compromised yes, for instance the first file you mentioned is not a WordPress file: wp-content/wp-zelf.php
Does WordFence have a cleaning service? If so I would try using it.
Best regards,
RikardTopic: HELP! Have I been hacked??
HELP! I’m getting emails from Wordfence that say the following… What do I do and should I be concerned???
1.
This email was sent from your website “Strength In Numbers” by the Wordfence plugin.Wordfence found the following new issues on “Strength In Numbers”.
Alert generated at Wednesday 21st of December 2016 at 01:44:15 AM
Critical Problems:
* File appears to be malicious: wp-content/wp-zelf.php
2.
This email was sent from your website “Strength In Numbers” by the Wordfence plugin.Wordfence found the following new issues on “Strength In Numbers”.
Alert generated at Thursday 22nd of December 2016 at 01:27:18 AM
Critical Problems:
* WordPress core file modified: wp-includes/theme.php
* File appears to be malicious: wp-admin/includes/page.php
* File appears to be malicious: wp-admin/js/template.php
* File appears to be malicious: wp-content/plugins/gravityforms/print-entry.php
* File appears to be malicious: wp-content/plugins/jetpack/class.jetpack.php
* File appears to be malicious: wp-content/plugins/wordfence/lib/menu_sitePerf.php
* File appears to be malicious: wp-content/uploads/2014/global.php
* File appears to be malicious: wp-content/uploads/delightful-downloads/2015/05/index.php
* File appears to be malicious: wp-includes/SimplePie/Content/sql.php
* File appears to be malicious: wp-includes/SimplePie/XML/diff47.php
* File appears to be malicious: wp-includes/images/wlw/template98.php
* File appears to be malicious: wp-includes/random_compat/test.php
* File appears to be malicious: wp-includes/theme.php
Warnings:
* Unknown file in WordPress core: wp-admin/includes/page.php
* Unknown file in WordPress core: wp-admin/js/template.php
* Unknown file in WordPress core: wp-includes/SimplePie/Content/sql.php
* Unknown file in WordPress core: wp-includes/SimplePie/XML/diff47.php
* Unknown file in WordPress core: wp-includes/images/wlw/template98.php
* Unknown file in WordPress core: wp-includes/random_compat/test.php
In reply to: Problems with the site in huawei mobile phones
