-
AuthorPosts
-
February 26, 2015 at 8:02 pm #402946
Running malware scan on Enfold theme 3.0.4 today 2/26/2015, we discovered a backdoor script: The script is located in:
wp-content/themes/enfold/framework/php/.function-set-avia-ajax.phpDear Kriesi.at,
Can you please examine this vulnerability?Best Regards,
Will Zell- This topic was modified 9 years, 10 months ago by zellous.
February 26, 2015 at 8:14 pm #402951I just noticed that there is a job opening at Kriesi.at for Help Desk person. So perhaps I have a wait ahead of me.
Job description: “Help our customers by answering their support requests in our support forum”February 26, 2015 at 8:27 pm #402962what scan?
February 26, 2015 at 8:45 pm #402975Anti-Malware from GOTMLS.NET a plugin that is on the WP site.
Here is an image for you: http://www.btlt.org/wp-content/uploads/2015/02/questionable-script.png
- This reply was modified 9 years, 10 months ago by zellous.
February 27, 2015 at 6:47 pm #403590Hi!
It’s most likely a false positive with the scanner your using. This happens quite often with malware scanners, etc. Enfold is used on thousands of websites so if there were any problems we would know about it very quickly. Do you have anymore information on what the scanner said?
We went ahead and flagged this for Kriesi though.
Cheers!
Elliott- This reply was modified 9 years, 9 months ago by Elliott.
March 4, 2015 at 10:53 am #405681This reply has been marked as private.March 4, 2015 at 4:31 pm #405845Hi Iwan Szomoru!
Were you using the latest version of Enfold (3.0.8)?
Cheers!
JosueMarch 4, 2015 at 6:43 pm #405957Hi Josue,
I am using version 3.0.4
wordrpress 4.1With regards
Iwan
March 4, 2015 at 9:38 pm #406055Hello,
To prevent this kind of issues please make sure to have the theme updated to its latest version (3.0.8) + any other plugins you may have.
Best regards,
JosueMarch 4, 2015 at 9:49 pm #406066Thank you for this tip. We will continue to keep these themes up to date.
These themes were updated and then the incident occurred. These things just happen is my take on this despite the best intentions of the plugin and theme developer. We all need to have some tolerance that nothing is full-proof and also be sure to have updates of everything just incase we loose our website. Thanks for your help.March 4, 2015 at 10:32 pm #406102Hi!
In this case I’m not sure the plugin to scan/check for issues or potential risks has enough weight to warrant any worry.
Most scanning software will flag a few items within the theme even though they are being escaped correctly.
Either way whenever anyone reports a worry/possible issue Kriesi re-checks through the theme and the specific concerns :)
Best regards,
DevinMarch 5, 2015 at 10:37 am #406312Hi,
Thank you ,
best regards
Iwan
-
AuthorPosts
- The topic ‘New Back Door Script Discovered’ is closed to new replies.