Before you ask please READ THIS

Virus detected in theme

in Photon Posts: 36
/themes/photon-a13/advance/apollo13.php
$import_data = unserialize( base64_decode( stripslashes( $_POST['a13_import_options_f ...
$import_data = unserialize( base64_decode( file_get_contents( $set ) ) ...
$import_data = unserialize( base64_decode( file_get_contents( $set ) ) );
import_data = unserialize( base64_decode( file_get_contents( $set ) ) );
$import_data = unserialize( base64_decode( file_get_contents( $set ) ) ...
$import_data = unserialize( base64_decode( file_get_contents( $set ) ) );
... ata = unserialize( base64_decode( file_get_contents( $set ) ) );
$current_sidebars = unserialize( $this->theme_options[ $options_name ][ $opt ...
$fh = @fopen( $file, 'w+' );
/themes/photon-a13/advance/cpt_album.php
$output = ob_get_contents();
$output = ob_get_contents();

Comments

  • AirAir
    Posts: 10,970
    Hi there:-)

    This is proper theme code. Can you explain more about this topic that you created?

    With kind regards.
  • Posts: 36
    The fopen and base64 decode is being listed as a warning virus on wordpress. I also read into these lines and they are listed as warnings. The alert only appeared after you had logged on with the temp details I provided. Prior to this all security checks were clean. Hope that helps
  • AirAir
    Posts: 10,970
    SidhuR said: The alert only appeared after you had logged on with the temp details I provided
    Maybe creating of user triggered something, hard to tell. Anyway I have send you PM about FTP access. Please check it out.

    With kind regards.
  • Posts: 36
    I created the user previous to this date. It was only after you had logged in and responded to me. Is the above code the same for everyone esp the fopen and base64 etc
  • AirAir
    Posts: 10,970
    Yes, it is part of code responsible for importing demo data.
    I know that it is now discouraged to use this functions, but when Photon theme was released it was OK to use it.

    I wonder, maybe your antivirus plugin find it suspicious now cause I was in Editor in WordPress, cause I wanted to see if I can debug this issue without FTP access. I don't remember now if I edited anything, but rather not , cause file I was interested in was not visible from editor level.

    I don't know this plugin, so can't tell why it fired after my login.

    Anyway if you don't believe me, then please download again Photon theme from ThemeForest and compare if files are the same as in your installation.

    With kind regards.
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion