Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • February 1, 2017 at 8:42 pm #741433
    jamesgeiger

    Hello!
    On my most recent scan (Feb 1, 2017), WordFence detected suspected malware in one of your files. Here’s their message:

    File contains suspected malware URL: /home/gmcla0/public_html/gmcla3/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
    Filename: wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php
    Bad URL: http://www.link.at/
    File type: Not a core, theme or plugin file.
    Issue first detected: 3 mins ago.
    Severity: Critical
    Status New
    This file contains a suspected malware URL listed on Google’s list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://www.link.at/ – More info available at Google Safe Browsing diagnostic page.


    I tried deleting the file through WordFence but that brought my website down. I re-installed the 3.8.4 version of Enfold and ran the scan again – same malware detection.

    My best,

    Jim

    February 1, 2017 at 8:47 pm #741436
    Angiec13

    I have had the exact same scenario and issue as Jim. I found the link in the file on my server… it’s in the linkpicker area (see below). Please advise how we should proceed in fixing this and thanks in advance for your help.

    
   * The linkpicker method renders a linkpicker element that allows you to select a link to a post type or taxonomy type of your choice
         * @param array $element the array holds data like type, value, id, class, description which are necessary to render the whole option-section
         * @return string $output the string returned contains the html code generated within the method
         *
         * @todo: currently only one linkpicker per modal window possible
         */
		static function linkpicker($element)
		{	
			//fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
			if(strpos($element['std'], 'http://') === 0) $element['std'] = 'manually,'.$element['std'];
			
		
			//necessary for installations with thousands of posts
			@ini_set("memory_limit","256M");
			
			$original = $element;
			$new_std = explode(',', $element['std'], 2);
    February 1, 2017 at 9:05 pm #741442
    drboston

    Same problem here on multiple sites that are up-to-date with WP 4.7.2 and Enfold 3.8.4 with no fix or work around.
    Would appriciate your quick follow up on this very concerning issue.
    Thanks!

    February 1, 2017 at 9:15 pm #741452
    Basilis

    Hi!

    Please refer to this post – https://kriesi.at/support/topic/wordfence-found-a-suspected-malware-in-an-enfold-php-file/#post-740608

    Link is in commented line therefore it has no affect but still throws a warning on Wordfence. Applying those changes will fix it. Even if you do not fix it, there is nothing to worry about :)

    Regards,
    Basilis

    February 1, 2017 at 10:34 pm #741480
    jamesgeiger

    Hello all – and thank you for the easy fix!

    February 3, 2017 at 6:13 am #742167
    Rikard

    Hi,

    Glad we could help :-)

    Please let us know if you should need any further help on the topic.

    Best regards,
    Rikard

  • Author
    Posts
Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.