I've used this theme for 2 websites. This file is in the standard package, but was also detected as a potential risk by WordFence, so I'm investigating this right now. The file seems to be Joomla related, so I'm wondering if this is actually a required file. As soon as I know more, I'll respond to this post.
There's some code in it that uses the eval() function with some variables that are not clear. The file also seems to originate from a Joomla website and most of the code is present twice in the file. I tried to find references within the theme to this file, but they don't seem to be there, so I removed the file to see what happened: the first tests are OK, the website is still working. This index.php file is no part of the original framework (see http://www.getskeleton.com/). I've asked Daniel (from Apollo13) to investigate this and take the necessary steps and (if possible) warn other users, so they can remove this file from the theme.
I will get my hands on this file and check this later. We have heard in past that our files hosted on free mass upload services are being hacked and recognized as dangerous.
Comments
I've used this theme for 2 websites. This file is in the standard package, but was also detected as a potential risk by WordFence, so I'm investigating this right now. The file seems to be Joomla related, so I'm wondering if this is actually a required file. As soon as I know more, I'll respond to this post.
Kind regards,
Jos Klever
There's some code in it that uses the eval() function with some variables that are not clear. The file also seems to originate from a Joomla website and most of the code is present twice in the file.
I tried to find references within the theme to this file, but they don't seem to be there, so I removed the file to see what happened: the first tests are OK, the website is still working.
This index.php file is no part of the original framework (see http://www.getskeleton.com/).
I've asked Daniel (from Apollo13) to investigate this and take the necessary steps and (if possible) warn other users, so they can remove this file from the theme.
Kind regards,
Jos
Thank for info.
With regards.
We have checked and indeed there is dangerous file in skyfashion theme. Must got there with some infected server or computer.
Anyway: Find file skyfashion/common/css/skeleton/index.php and delete it right away.
It looks like Joomla file but in line ~89 it has very suspicious code.
Thanks for pointing this out.
With regards.