Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • May 16, 2019 at 10:14 pm #1101586
    benq75

    Hi
    I found some malicious code in my Theme folder – not sure if it is something that needs patching or if it was something that attached itself here?
    Sending to you to take a look – I have removed the offending file dummy.php,

    I’ve now scanned the domain and found the below malicious files.

    ‘/home/allbarre/public_html/wp-content/themes/enfold/includes/admin/dummy.php’

    Universal decode regex match = [universal decoder]
    Please remove the file and contact the theme vendor to apply the patches, the ask google to recrawl the site. Normally a site gets vulnerable due to the following reasons:
    Poor/compromised account/FTP password, which allows hackers to guess the password and get unauthorized access.
    User’s computer infected by viruses, which is controlled by hackers. In this situation, customer’s uploads also get infected.
    Poor scripts, which allows hackers to insert various malformed queries and remotely execute the code and perform intended action
    Virus effected theme selection for the application
    Installing application which are downloaded from third party sites.

    May 17, 2019 at 9:38 am #1101697
    benq75

    It would be really useful to get a reply on this – I have over 16 sites running Enfold and they are dropping like flies – I need your feedback if possible, please

    May 17, 2019 at 11:30 am #1101730
    cg

    That’s just a base64 encoded file with the default “dummy”-data for Enfold.
    Nothing to worry about.

    May 18, 2019 at 7:13 am #1101998
    Rikard

    Hi benq75,

    It’s nothing to worry about like @cg pointed out, that file is part of the theme.

    Best regards,
    Rikard

    May 21, 2019 at 10:43 am #1102785
    KELmedia

    Hello @all,
    well “nothing to worry about” is not really true … I have the same issue, found the same thing in both dummy-files (php and xml).
    Question is: If that files are only neccessary to import dummy data after installing Enfold (means: when you need Enfold to load dummy data to make it easier setting up a site) – can one simply delete this files? I mean, I’m sure they will be back again after running a theme update…. But if those files are causing problems, deleting them (and changing passwords for FTP and WP of course) would be a “quick and dirty” solution, wouldn’t it?
    That’s of course only possible, if the site will work without these files, which it does (as another moderator assured in another threat I started concerning this problem.

    Looking forward for answers and suggestions :)
    Kind regards,
    KEL

    May 25, 2019 at 3:59 am #1104121
    Mike

    Hi,
    You can delete the demo files if you wish and don’t plan on installing a demo.

    Best regards,
    Mike

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.