Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • February 23, 2017 at 2:54 pm #750940
    YongyanLi

    Hi,

    in wp-content/themes/enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php

    scan to find there is a bad url : http://www.link.at/

    what is about? should I delete this file?

    February 23, 2017 at 3:55 pm #750960
    Guenni007

    and you recognized it because you are using Wordfence :lol ?

    see here: https://kriesi.at/support/topic/wordfence-critical-issue-with-enfold-theme-file/#post-746534

    so update to 3.8.5 or if you are a paranoid person just put in your domain (because it is commented out – there was no result of what is in there)

    • This reply was modified 7 years, 1 month ago by Guenni007.
    February 23, 2017 at 5:05 pm #750980
    YongyanLi

    Oh..i see.

    Thanks Guenni

    I will update to 3.8.5

    February 28, 2017 at 1:13 pm #752908
    Yigit

    Hi,


    @Guenni007     Thanks for your help! :)

    As @Guenni007 mentioned, we have already fixed the false positive warning.
    I am quoting Kriesi’s response on the issue

    I will explain in a little more detail so you do understand whats going on here. First of all: Basilis is right. There is no security risk at all. Its a false positive.

    In the file that is mentioned by Wordfence and other security tools (enfold/config-templatebuilder/avia-template-builder/php/html-helper.class.php) we got a php comment that explains what one of the functions does. The comment says:
    //fallback for previous default input link elements: convert a http://www.link.at value to a manually entry
    The link that is posted in that file is a generic placeholder for any link used. What we did not know is that actually someone was using the domain “link.at”. Apparently this domain got hacked now and is blacklisted. And this is why Wordfence thinks that the theme has a problem, because there is a link to a hacked domain.

    However: This link is located in a php comment (its not an actual html link) which will never be displayed anywhere, can not be clicked, can not be used at all. It simply a line of non executable text. We will remove this text with the next update, however there is nothing you or your team need to do to your clients servers, theme files or whatnot since

    a.) there is no actual problem, just a false positive
    b.) you can fix the false positive by removing that single comment line

    We will release a small fix for this issue to prevent any further confusion about it. But to be clear once again: this can not be used to hack anyone or anything. It’s a false positive and if you think your site has been hacked its certainly not because of this. (I would also doubt that its because Enfold in general, because there are no known issues with the theme but if you think you have evidence that the opposite is true please share it so we can investigate the issue)

    Best regards,
    Yigit

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.