Tagged: 2019 enfold virus, avia, Avia Layout, avia layout virus, enfold, enfold virus, enfold virus 2019, infection, kriesi, malware, permissions, Security, spyware, virus, worm avia layout framework 2019
-
AuthorPosts
-
September 14, 2015 at 10:25 pm #503042
Hi,
Recently had two sites hacked out of about 60 that I manage. Both were Enfold themes, and while one I suspect may have been a lousy pw, that they were both Enfold causes me concern. I have since learned from my host that the above directory in uploads was set to 777. We’ve changed to 755, but my worry is that updates to theme may also change permissions…Please advise.
September 15, 2015 at 9:45 am #503141Hi babayard!
Thank you for using Enfold.
I’m sorry to hear this. Please change the site’s passwords every now and then. What do you mean by “updates to theme may also change permissions…”? 755 value should work for automatic theme updates. If not, you can update the theme via FTP.
Cheers!
IsmaelSeptember 15, 2015 at 10:25 am #503165Hi Ismael, and thanks for reply.
What I mean to ask is, I have manually set permissions on that directory to 755, because the default setting during installation is 777 as per one of your functions files. So, my question is, if I update the theme, as seems to be happening every few months, will the permissions get changed back to 777 default? If so, might I also ask if you see any problem with setting the default to 755 in your function file in updates, since 755 will work anyway, and according to my webhost, is much less dangerous a setting?
Thanks again.
September 15, 2015 at 7:06 pm #503614Hi!
it should not change to 755 when updating I think. If yes, you can always update via FTP.
Cheers!
AndySeptember 17, 2015 at 12:17 pm #504694Ok, actually it does change to 777 with update of theme. Yes, minimally it seems this will need to be changed every time the theme is updated, but if 755 works, which it seems to, why not change the function file so that it sets it to 755 by default? It is set in framework>php>function-set-avia-backend.php. Used to be on line 690, but now with new version, it is ironically on line 777.
Thank you Devin and eRoxanne: https://kriesi.at/support/topic/dynamic-avia-folder-has-permissions-set-to-777/
Thanks you guys. I love this theme. I’ve had to use others by client request and they don’t compare well to Enfold.
September 18, 2015 at 3:51 pm #505618Hi!
I think Kriesi has some reasons in mind why changing to 777.
However, too bad to read that your clients don’t compare well to Enfold. Let us know in a new ticket if you have some more questions related to the theme. We are happy to assist you.Cheers!
AndySeptember 18, 2015 at 5:27 pm #505701Andy, you misunderstood. I have web clients that choose other themes, and make me use them, and they are terrible themes compared to Enfold. Enfold is clear and easy to use and creates beautiful results.
My webhost and I would love to know the good reason for 777, when 755 works and is much safer.
September 19, 2015 at 7:05 am #505877Hey!
There’s a lot of issues with general styling options not updating because of file permissions. I think this is one of the reasons why Kriesi chose to set it 0777 to give full permission to user groups. There are no sensitive codes or infos in that directory so setting it to 777 is safe. Aside from that directory and the custom fonts, the theme doesn’t create or modify any folders.
Regards,
IsmaelJune 30, 2017 at 9:12 am #814868I also have this issue. I received an email from Dreamhost entitled “DreamHost Malware Remover – Site Compromised”:
The following files/directories had insecure permissions (777), which have been remediated: /wp-content/uploads/dynamic_avia
I raised the issue with Dreamhost support and pointed them to this thread.
Their response:
With the way our system is configured, only your user
has write permissions regardless of how permissions are set, so first
things first, 777 permissions are not necessary for any capacity. As your
site is on a VPS with no other users, it is sandboxed and as such, read
access is not so much of a security risk in this specific case. That
said, in general, for most users that would be running on a shared
server, to say that using a 777 permissions set is “safe” is not a
sentiment I would personally agree with. Additionally, if Group
permissions are the concern of the developer, they should utilize
Owner/Group permissions, as opposed to allowing “Everyone” full
read/write/execute permissions as 777 does.In any application where permissions are concerned, the lowest set of
permissions to allow function should be set. In all but a vary minute
subset of circumstances, this would be 644 for files, and 755 for
directories. If you have any additional questions or concerns, please
feel free to let us know.What do you guys think?
Thanks!
DJuly 3, 2017 at 9:19 pm #816063Hi,
WordPress require at least 775, so please change on that and most probably all of your issues will be solved.
Best regards,
BasilisJuly 4, 2017 at 5:25 am #816144Yeah, that’s great if you only have one install of Enfold, but I’ve licensed on over 10 sites, so every time I update the theme, I have to change permissions, because the permissions do revert to 777. Unfortunately they don’t seem to revert immediately after update. So what this means is that I generally put off updating the theme altogether. Sure wish this could be changed to default to 755 (which works perfectly fine on all my installations) so that I didn’t have to manually track when it reverts to 777, or have my webhost change it and hassle me that I’ve got 777 directories.
July 4, 2017 at 1:48 pm #816322The host says:
” 775 permissions set gives read/write/execute permissions to both “Owner” and “Group” while giving read/execute
permissions to “Everyone”. This is much safer than 777, and on our specific configuration, where your users are assigned to their own
groups, this wouldn’t be a specific security concern, though I cannot speak for the configurations of other providers. That said WordPress, in
general, requires 755 for directories, typically not 775.”July 4, 2017 at 5:34 pm #816426The larger point here seems to be missed. Regardless of what is secure or safe permissions, my webhost does not like me having a directory with 777, which Enfold has. If I don’t change the directory, the webhost does and often reminds me that they did and that I should stay away from 777. That’s fine, I’m happy to do that but every time I update Enfold, the dynamic upload folder reverts at some point to 777 and so a regular routine is that I have to go through all my enfold sites manually on a regular basis to make sure the directory is not 777.
So the larger point is this: Enfold seems to work quite well enough with 755 on the dynamic uploads directory. Why not make that the default? If I knew how, I would do that in my child theme, but I don’t.
July 6, 2017 at 11:09 pm #817528Hi,
There is no way to do the CHMOD from child theme, we are sorry to say that.
Best regards,
BasilisJuly 6, 2017 at 11:13 pm #817530Hi Basilis,
What do you say about the host saying WordPress usually requires 755 for directories, rather than 775?July 6, 2017 at 11:27 pm #817533And can anyone answer the obvious question:
Why – if 777 is NEVER necessary – doesn’t Enfold have this directory’s permissions at 755 or 775 by default?
July 6, 2017 at 11:44 pm #817540Also, in the thread referenced above by babayard:
https://kriesi.at/support/topic/dynamic-avia-folder-has-permissions-set-to-777/
Devin says:
It will set the folder to 777 after its created but looking at the function it doesn’t re-set it afterwards. If the host is worried about it however the function can be taken over from a child theme or you can edit it directly in the theme files. Its on line 690 in framework>php>function-set-avia-backend.php .
Is Devin mistaken that it can be taken over from a child theme?
July 11, 2017 at 8:19 am #819144Hi,
This is the function that creates the folder. Please try it in the child theme’s functions.php file.
function avia_backend_create_folder( &$folder, $addindex = true, $make_unique = false ) { if( false !== $make_unique ) { $i = 1; $orig = $folder; while( file_exists( $folder ) ) { $folder = $orig . "-{$i}"; $i++; } } if( is_dir( $folder ) && $addindex == false ) { return true; } // $oldmask = @umask(0); $created = wp_mkdir_p( trailingslashit( $folder ) ); @chmod( $folder, 0755 ); // $newmask = @umask($oldmask); if($addindex == false) return $created; $index_file = trailingslashit( $folder ) . 'index.php'; if ( file_exists( $index_file ) ) return $created; $handle = @fopen( $index_file, 'w' ); if ($handle) { fwrite( $handle, "<?php\r\necho 'Sorry, browsing the directory is not allowed!';\r\n?>" ); fclose( $handle ); } return $created; }
Best regards,
IsmaelJuly 11, 2017 at 11:50 am #819246Thanks Ismael – I’ve inserted the code and don’t see any problems with the site.
Is it possible to test it by manually changing to 777 and seeing if this function changes it back to 755?
July 11, 2017 at 8:33 pm #819610Hey guys,
First of all, thanks for the code for child theme functions. I inserted it into one of my sites and site seems fine. I also noticed that the dynamic upload folder had reverted to 777, don’t know why – have not updated theme lately, but maybe the recent upload I did is what changed it. I will test this out.Have also made a note about when the functions file was updated and will track it over time to see if and when permissions change to 777… If this new functions file keeps it at 755, will use it for all Enfold sites. I appreciate your time and attention to this problem.
July 12, 2017 at 4:48 am #819768Hi babayard,
Great, thanks for the feedback. We’ll keep the thread open in case you should need any further help on the topic.
Best regards,
RikardSeptember 29, 2017 at 8:11 am #858340I also received the same warning from Dreamhost. I’ve installed Enfold for multiple clients using a variety of hosts (e.g. WPEngine, Digital Pacific, Conetix) and Dreamhost is the only one that has complained about the 777 permission on the dynamic_avia folder. The message they issue sounds dreadful if you’re a non-techie – which my clients are. Hopefully whatever they’ve changed the permission to won’t affect my ability to customise the theme. I’m just glad they didn’t delete the folder!
Cheers
DianaSeptember 29, 2017 at 11:37 am #858434September 29, 2017 at 4:08 pm #858515Here’s the message I get. You’ll notice they say the site “may” be compromised, but like dianado mentions, it’s a bit overwhelming.
I have deleted all or portions of links and paths specific to my account, but hopefully left enough to get the idea:
We have recently scanned one or more users on your DreamHost account for
potential security threats. Unfortunately, we found some potential
indications that your website(s) *may* be compromised.We understand that this may not be the best news you can get. This
notification is intended to help you through the process and serve as a
starting point to assist you in getting your account cleaned and secured.
While we won’t be able to complete these processes for you, if you have
any questions about the items that follow please don’t hesitate to reply
to this email and we will be happy to clarify any points or offer any
further guidance to help you through getting your account back to normal.The following files/directories had insecure permissions (777), which have
been remediated.<deleted path>/wp-content/uploads/dynamic_avia
Additionally, the following steps should be taken to ensure password
security:* Change your users’ password(s) by clicking under the “Action” column
for that user in our Web Panel:
<deleted link>* Change your database password(s) by clicking the database username in
our Web Panel:
<deleted link>IMPORTANT: You may need to modify your site’s configuration file to
reflect the new password.* Use a complex (8-31 characters) password or passphrase that contains
mixed case letters, numbers, and symbols. You should avoid using
dictionary words (in any language), names, dates, addresses, phone
numbers, etc. as these can potentially be guessed or acquired through
other sources. The username that the password is being used for, or the
domain name/site name the user is attached to should never be included
in any part of the password. Also note that it is a good idea to
periodically change your passwords.If you have any questions, please reply to this email and we will be more
than happy to assist you with securing your sites.For general tips on keeping your site secure, please also see Keeping
your website secure
<https://help.dreamhost.com/hc/en-us/articles/214916918_keeping_your_website_sec ure>.If you’d like to receive regular reports of any malware found on your
domains, you might consider signing up for DreamHost’s Malware Remover
service. Our Malware Remover scans your domains on a weekly basis for any
known threats and, if any are found, provides you with instructions for
securing your websites.For more information about the DreamHost Malware Remover, or to sign up,
check out our knowledge base: How do I enable the Malware Remover service
<https://help.dreamhost.com/hc/en-us/articles/226704048-How-do-I-enable-the-Malw are-Remover-service->.If you have any questions or concerns, you can submit a ticket, open a
LiveChat, or request phone support here
<deleted link>Sincerely,
DreamHost Security Bot
September 30, 2017 at 7:26 am #858677Hi,
Thank you for the info. You are safe as long as the site’s security details are not compromised and as long as you’re avoiding unknown plugins. You should ask your hosting provider to whitelist the directory (uploads > dynamic_avia) because it is being used by the current theme.
Best regards,
IsmaelMay 8, 2019 at 6:41 pm #1098540Please help me get my theme uninfected! Same things is happening under mine!
, malware, spyware, virus, kriesi, avia, Avia Layout, avia layout virus, enfold, enfold virus, enfold virus 2019, infection, kriesi virus, spyware, virus, worm avia layout framework 2019, 2019 enfold virus,
Original Thread:
https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990/commentsSo there was serious random damage that showed up in the elements collapsing on the site. I shared the original link in the private details on the thread.
I’ve been posting in the forum for a week but threads have just been disappearing so I bought a new version of the theme in case that was the problem.I just updated that version from envato. It seems you are still hosting old versions of enfold (infected?) at Envato. You need to make sure they are updated. Also The theme syas its the latest version once logged in. That’s not exactly helpful. I didn’t design the theme, If I did, I would not have designed it that way.
I followed this last week and yesterday. Nothing was fixed.
Enfold 4.5 Theme Update “Update Failed: Download failed. A valid URL was not pro
I have manually updated over ftp. Cleared caches, no resolve.
I used this link you gave me:https://kriesi.at/documentation/enfold/how-to-install-enfold-theme/#theme-update,
I have replaced the entIre theme via ftp, and then I used the third party plugin by that other company to try to support the malfunction of the Enfold theme by Kriesi. The old one was deleted first.
What happened to my services page? Why is it collapsed. Is Enfold malware?
This is the last plugin I user, and the page is still in the same condition. Other elements are also wonky on mobile. This has been like this for weeks?Are all versions of enfold infected with this malware, and how can I make sure the appearance goes back to normal?
Original Thread:
https://themeforest.net/item/enfold-responsive-multipurpose-theme/4519990/commentsmalware, spyware, virus, kriesi, avia, Avia Layout, avia layout virus, enfold, enfold virus, enfold virus 2019, infection, kriesi virus, spyware, virus, worm avia layout framework 2019, 2019 enfold virus,
May 8, 2019 at 8:50 pm #1098578Now this is happening on my site ( see private content)
This is not how my site was before!
Why is do these randomly shifting errors now appear. I do not have memory limitations in place that would cause this!
May 9, 2019 at 12:05 pm #1098887Hey!
@nationalintel – I replied to your thread here – https://kriesi.at/support/topic/virus-in-enfold-with-avia-layout-framework/
Let us continue there.Regards,
Yigit -
AuthorPosts
- The topic ‘permissions on dynamic_avia directory’ is closed to new replies.