-
AuthorPosts
-
February 1, 2017 at 6:45 pm #741393jamesGuest
Trying to get into your support has not worked.
This is what happens
This is where the hackers are adding code
public_html/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.phpThis is happening to all our clients no matter the hosting. We keep all sites updated and have site lock running.
February 1, 2017 at 7:33 pm #741412Hi James!
Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608
Link is in commented line therefore it has no affect but still throws a warning on Wordfence. Applying those changes will fix it. Even if you do not fix it, there is nothing to worry about :)
Cheers!
YigitFebruary 1, 2017 at 8:36 pm #741430Okay well I have 35 clients running your themes, all are updated and well managed. And they are all hacked. This code fix you offered does not work. FYI.
You have a issue with your themes that need to be fixed, NOW. Not when you get around to it.
Do you have any idea what this is costing us and our clients. I think a turn to Social Media might get your attention.James
February 1, 2017 at 8:59 pm #741439I would like an answer to my questions. These are all business sites and you have an issue. What are you planning to do?
This is a fucking mess. I have never seen such a thing.February 1, 2017 at 9:06 pm #741443Hi!
Can you please provide for us, into private section, the 35 licenses that you own, please so we can validate the account?
Then, we can go ahead and check the sites one by one, based on WordFence and help you if the issue is from our theme. Will do the modifications to help you further with the issue and manage the problem ASAP.Thank you very much.
Best regards,
BasilisFebruary 1, 2017 at 9:16 pm #741453We have already checked the sites since our team has been at this for 24 hours fixing this mess. We are dropping your themes and changing all the sites and then posting on Social Media these facts, that this theme has a HUGE security hole.
We do not need you to look at our sites we already know what is going on. Expect legal actions as this is costing our clients thousands. This is a joke.February 1, 2017 at 9:18 pm #741455We have also notified the following hosting Providers. Godaddy, I-fast, Host Gator and 1&1 to the fact your themes are compromised.
Jim
February 1, 2017 at 9:40 pm #741465Hi!
AS we reported, that is not a security issue and you can ask WordFence team and they will confirm.
It is a ” fake ” issue, based on an automation they have on their API, tracking some specific stuff.
API is a machine, not a human, so after our developers checked they confirmed the problem and releasing an update that is just a work change for that area.We are really sorry you feel that way, but you also have to understand that there is no security risk – and if there was one – we would have released an update the same moment we got the error reported.
Please do contact although WordFence, who will let you know that we do not have a problem.
We do appreciate your patience although and we have pushed the ticket to Kriesi so he can check him self.
Cheers!
BasilisFebruary 1, 2017 at 10:06 pm #741471Sorry not acceptable. Once you even touch the code the site is dead. We have already talked with Wordfence.
February 1, 2017 at 10:12 pm #741473Hey!
I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.
In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.
However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since
a.) there is no actual problem, just a false positive
b.) you can fix the false positive by removing that single comment lineWe will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)
Best regards,
KriesiFebruary 1, 2017 at 11:09 pm #741485PS: version 3.8.5 is out now and can be downloaded on themeforest. it removes the line that triggers the false positive
February 1, 2017 at 11:41 pm #741493586bfd0f-2d8a-4aca-9d61-7cfd699f37a5
One of our purchase codes, hate clients sometimes they forget everything.
I am downloading the version right now. Hope this works my e-mail box is full.Thanks
February 2, 2017 at 1:23 pm #741753 -
AuthorPosts
- You must be logged in to reply to this topic.