Viewing 12 posts - 1 through 12 (of 12 total)
  • Author
    Posts
  • #402946

    Running malware scan on Enfold theme 3.0.4 today 2/26/2015, we discovered a backdoor script: The script is located in:
    wp-content/themes/enfold/framework/php/.function-set-avia-ajax.php

    Dear Kriesi.at,
    Can you please examine this vulnerability?

    Best Regards,
    Will Zell

    • This topic was modified 9 years, 10 months ago by zellous.
    #402951

    I just noticed that there is a job opening at Kriesi.at for Help Desk person. So perhaps I have a wait ahead of me.
    Job description: “Help our customers by answering their support requests in our support forum”

    #402962

    what scan?

    #402975

    Anti-Malware from GOTMLS.NET a plugin that is on the WP site.

    Here is an image for you: http://www.btlt.org/wp-content/uploads/2015/02/questionable-script.png

    • This reply was modified 9 years, 10 months ago by zellous.
    #403590

    Hi!

    It’s most likely a false positive with the scanner your using. This happens quite often with malware scanners, etc. Enfold is used on thousands of websites so if there were any problems we would know about it very quickly. Do you have anymore information on what the scanner said?

    We went ahead and flagged this for Kriesi though.

    Cheers!
    Elliott

    • This reply was modified 9 years, 9 months ago by Elliott.
    #405681
    This reply has been marked as private.
    #405845

    Hi Iwan Szomoru!

    Were you using the latest version of Enfold (3.0.8)?

    Cheers!
    Josue

    #405957

    Hi Josue,

    I am using version 3.0.4
    wordrpress 4.1

    With regards

    Iwan

    #406055

    Hello,

    To prevent this kind of issues please make sure to have the theme updated to its latest version (3.0.8) + any other plugins you may have.

    Best regards,
    Josue

    #406066

    Thank you for this tip. We will continue to keep these themes up to date.
    These themes were updated and then the incident occurred. These things just happen is my take on this despite the best intentions of the plugin and theme developer. We all need to have some tolerance that nothing is full-proof and also be sure to have updates of everything just incase we loose our website. Thanks for your help.

    #406102

    Hi!

    In this case I’m not sure the plugin to scan/check for issues or potential risks has enough weight to warrant any worry.

    Most scanning software will flag a few items within the theme even though they are being escaped correctly.

    Either way whenever anyone reports a worry/possible issue Kriesi re-checks through the theme and the specific concerns :)

    Best regards,
    Devin

    #406312

    Hi,

    Thank you ,

    best regards

    Iwan

Viewing 12 posts - 1 through 12 (of 12 total)
  • The topic ‘New Back Door Script Discovered’ is closed to new replies.