Before you ask please READ THIS

Skyfashion - Minimalist Wordpress Theme, is reported as malware by my hosting provider.

alswimalswim
edited December 2013 in Skyfashion Posts: 1
My hosting provider reports, that the theme has a dangerous file

"Just before sending this email, our antivirus has detected a infected file has been uploaded to your web space. "(My hosting provide)

Filename: ~/wp-content/themes/skyfashion/common/css/skeleton/index.php


The theme was loaded correctly from the zip, currently the database of my site is empty, no more files, is creating today.

My hosting provider is www.1and1.es
my domain is www.betoperez.es

Want to know how is possible to solve this problem.?
Post edited by alswim on

Comments

  • JosKleverJosKlever
    Posts: 3
    Hi Alswim,

    I've used this theme for 2 websites. This file is in the standard package, but was also detected as a potential risk by WordFence, so I'm investigating this right now. The file seems to be Joomla related, so I'm wondering if this is actually a required file. As soon as I know more, I'll respond to this post.

    Kind regards,

    Jos Klever
  • JosKleverJosKlever
    Posts: 3
    Hi Alswim,

    There's some code in it that uses the eval() function with some variables that are not clear. The file also seems to originate from a Joomla website and most of the code is present twice in the file.
    I tried to find references within the theme to this file, but they don't seem to be there, so I removed the file to see what happened: the first tests are OK, the website is still working.
    This index.php file is no part of the original framework (see http://www.getskeleton.com/).
    I've asked Daniel (from Apollo13) to investigate this and take the necessary steps and (if possible) warn other users, so they can remove this file from the theme.

    Kind regards,
    Jos
  • AirAir
    Posts: 10,970
    I will get my hands on this file and check this later. We have heard in past that our files hosted on free mass upload services are being hacked and recognized as dangerous.

    Thank for info.

    With regards.
  • AirAir
    Posts: 10,970
    Hello

    We have checked and indeed there is dangerous file in skyfashion theme. Must got there with some infected server or computer.

    Anyway: Find file skyfashion/common/css/skeleton/index.php and delete it right away.

    It looks like Joomla file but in line ~89 it has very suspicious code.

    Thanks for pointing this out.

    With regards.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links

Categories

In this Discussion