-
Posts
-
Hello,
My site was hacked today. The “virus-code” was inside the Enfold theme file “Functions-setaviafrontend.php” and i was told that an out-dated theme might be the reason behind the vulnerability of my site. do you have an updated version (current version is 3.4.7)?
Grüße
JyothisHey Jyothis,
You can download the latest version of the theme from your Themeforest account. http://kriesi.at/documentation/enfold/updating-your-theme-files/
Thanks,
RikardHello Rikard,
I checked and I can confirm that I do have the latest theme. Can you please tell me how the hacker then got into the theme? Am I missing any point?
Grüße
JyothisHey!
Sorry to hear about that. We are frequently checking and improving our themes on both functionality and security aspects.
How did you know that code was in “Functions-setaviafrontend.php” file? We will inform our devs.Regards,
YigitHi Yigit,
I was told by the colleagues from hosting server (One.com) who blocked my website to prevent further attacks. Please keep me posted if there is any update needed.
Grüße
JyothisHey Jyothis!
Thanks for the information. We informed our devs and they are investigating.
Best regards,
YigitHey!
The file is none of ours and was placed into your theme folder by the attacker. However that does not mean that they used an enfold vulnerability to do so. Are you running a lot of plugins? Dont want to point fingers but more often than not the attacker got access by an outdated plugin rather than by the theme. (Usually plugins that allow you to upload files)
If you have any findings how the attacker was able to upload a file into your theme folder please let us know. If its related to enfold we will of course fix it, if its related to a plugin we can contact the plugin author and warn users :)
Regards,
KriesiHello Kriesi,
The file was inside the folder “wpcontent/themes/enfold/framework/php” and file name is “function-set-avia-frontend.php”.
Can you please confirm that this file is not a part of your theme? I can see few others with similar nomenclature; for e.g. “function-set-avia-backend.php”, “function-set-avia-ajax” etc. I had deleted this file but these files came back as a part of re-initiating the website. If you can confirm that these files are not a part of the theme, I will delete it and check the repercussions.
Is it possible for you to provide a list of files and folders that comes a part of the theme?Grüße
JyothisThis is interesting. I have been having a terrible time with hacked sites and need some help
My site(s) were hacked at GoDaddy and I changed the NS to Bluehost and gave them fresh installs there and rebuilt one of them and bought and installed a brand new copy of Enfold. Yesterday, that template wasn’t working and I had a white screen. Bluehost says it’s the template…why would it have been working all week? They won’t help. They say it might be WordPress (don’t think so) and I can’t get it fixed. I also have 4 other sites that are also acting strangely, (older templates, not Enfold) not displaying any slideshows from plugins. This sounds systematic to me. Do I need to move my sites? Have you encountered this? Is it a matter of finding and deleting a file? bluehost isn’t helpful in identifying this for me and I am not sure what to do. The site has the latest version of WordPress. Could this be something in the hosting environment? Help!
Thanks,
JayHey!
“function-set-avia-frontend.php” is one of ours but “Functions-setaviafrontend.php” is not, i guess that is what Kriesi said. I notified him once again.
In the meantime, it seems like you have successfully installed the theme? :)
Cheers!
YigitHi Jyothis!
You wrote earlier that the virus code was placed in this file. do you mind posting us what exactly you think the “virus code” was so we can confirm that this is not part of the template?
Regards,
KriesiHI Guys,
My site has been getting Hacked and I have had to do a restore a few times in the past couple months. I would like to wipe it clean and do a fresh install. My database and media seems fine. Is there a way to overwrite the site without having to recreate it from scratch?
Thanks,
StephanHi Stephan,
Please refer to this for overwriting your theme files via FTP:
http://kriesi.at/documentation/enfold/updating-your-theme-files/
Thanks,
Rikard
- The topic ‘Hacked’ is closed to new replies.