Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • February 4, 2014 at 7:56 pm #219598
    slui

    Hi,

    I’m using a plugin called Wordfence. It just recently completed a scan determining whether there was malicious code in my files and it found that the Avia Framework has it. Here is the error code below:


    This file may contain malicious executable code
    Filename: wp-content/themes/enfold/framework/php/function-set-avia-ajax.php
    File type: Not a core, theme or plugin file.
    Issue first detected: 11 secs ago.
    Severity: Critical
    Status New
    This file is a PHP executable file and contains the word ‘eval’ (without quotes) and the word ‘base64_decode(‘ (without quotes). The eval() function along with an encoding function like the one mentioned are commonly used by hackers to hide their code. If you know about this file you can choose to ignore it to exclude it from future scans.

    With this being said, the author has admitted to becoming more aggressive about scanning files because of the increase in hacking attempts.

    Can you please confirm whether your file has been compromised?

    I suggest maybe reaching out to the author and see if there was a way so that you don’t get flagged. I have a number of other themes that I’ve purchased and I have not had this issue.

    sl

    February 4, 2014 at 9:24 pm #219644
    Devin

    Hey slui!

    Looks like its incorrectly flagging the file and instance. While eval is uncommon in this case I don’t think its open for any non theme data to be passed to it.

    The only instance is on line 275 in this function: avia_ajax_save_options_create_array .

    I’ll tag the topic for Kriesi to take a look at however so that he can talk to the author if needed.

    Cheers!
    Devin

    February 5, 2014 at 1:23 am #219721
    Kriesi

    Hi!

    No the file has not been corrupted and the function is protected by a multitude of wordpress security checks :)
    I will take a look if I can find another solution though with one of the next updates…

    Best regards,
    Kriesi

    February 5, 2014 at 2:49 pm #219924
    slui

    Hi Kriesi,

    Thanks for letting me know. Please let me know if you find a solution.

    Since I’ve been using Wordfence along with Limit Logins, the number of successful hacks has dropped to zero. I heavily rely on these plugins along with .htaccess to secure the site.

    Look forward to hearing you soon..

    sl

    February 5, 2014 at 7:00 pm #220056
    Devin

    I’m closing the topic for now since it isn’t something that will be changed in the short term. The plugin is incorrectly flagging the file though if you feel like it isn’t then you can just not use anything that would use that specific effect (the ajax effects of loading content within the page).

    Any change would be done in a theme update though if the author can or has a white list it could be done so in the plugin.

    Regards,

    Devin

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • The topic ‘Malicious Code Found in Avia Framework’ is closed to new replies.