Wordpress Themes - WP Forum at BFA
Click here to register or to donate.
Auto self-registration is not available here - far too many spammers. This forum has many, many backlinks and because of that there is an intense desire among spammers to drop their links here.

Wordpress Themes - WP Forum at BFA » WordPress Themes » Atahualpa 3 Wordpress theme »

GOTMLS aka Anti-Malware flagging css.php


  #1  
Old Jan 20, 2016, 09:30 AM
sawyerjw
 
24 posts · Dec 2010
Eastern PA, USA
I use the GOTMLS Anti-Malware plugin on a number of sites. Within the past few days, it has started flagging css.php as a "known threat". I contacted the developer of GOTMLS and sent him a copy of css.php for evaluation. His response is as follows:

"I just added this definition because I found a new threat that includes a CSS file but the problem is, the CSS file contained malicious code that would then be executed if it was invoked with the include statement. My feeling is that the developers of that theme should change their code because it is a security risk. They should be using the echo file_get_contents instead of include because then there would be no chance of executing PHP code that might be contained in that CSS file. I know that the theme developers will likely disagree with me because they don't want to change anything and they probably think it's fine the way it is but I've seen this exact method get exploited, which is why I added it to my definition."

In the meantime, it is possible to whitelist the file in GOTMLS so until something changes that will have to be my solution. Passing this along FYI Flynn and any users who encounter this issue.

Bookmarks

Tags
anti-malware, css.php, gotmls

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Need help adding anti-spam captcha to comment form Michael4fm Montezuma Theme 3 Jan 19, 2013 07:18 AM
Anti-aliasing on text? Dapizz Header configuration & styling 4 Mar 22, 2012 11:16 AM
Atahualpa 3.5.3 and Anti-Spam Comment Plug Ins ldaily Plugins & Atahualpa 1 Jan 13, 2012 04:07 AM
Malware on my site scrubbs Atahualpa 3 Wordpress theme 6 May 26, 2009 02:01 PM


All times are GMT -6. The time now is 11:34 PM.


Powered by vBulletin® Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.