Tagged: , ,

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 14, 2017 at 4:15 pm #746948
    BeeCee

    Hi,

    I have installed Wordfence Security at my site and got this warning today concering the theme file

    /config-templatebuilder/avia-template-builder/php/html-helper.class.php

    “This file contains a suspected malware URL listed on Google’s list of malware sites”

    I downloaded the original theme files today again and checked this special file – and indeed, there is link.at mentioned:

    Any recommendations what to do please?
    Thank you.

    February 14, 2017 at 4:28 pm #746960
    StarryK

    This is what I’m getting on one of my sites too!

    I had it on all 3 sites but it went away on two of them thanks to the update (Enfold 3.8.5)

    But it remains on one of my sites and it’s really bugging me. No amount of reinstalls and new scans is fixing it at all.

    February 14, 2017 at 5:12 pm #746992
    BeeCee

    Thanks, I just re-downloaded it at Themeforest, seems I had not the latest version, my error is fixed with v3.8.5

    — SOLVED —

    February 14, 2017 at 5:28 pm #747002
    Yigit

    Hey!

    Glad you figured it out! For anyone else having this issue:

    Please update Enfold to the latest version 3.8.5 – http://kriesi.at/documentation/enfold/updating-your-theme-files/ and flush browser cache and refresh your page a few times – http://wiki.scratch.mit.edu/wiki/Hard_Refresh

    I am quoting Kriesi’s response on the issue

    I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.

    In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
    //fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
    The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.

    However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since

    a.) there is no actual problem, just a false positive
    b.) you can fix the false positive by removing that single comment line

    We will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)

    Best regards,
    Yigit

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • The topic ‘Wordfence Security: "file contains a suspected malware URL listed on Google"’ is closed to new replies.