Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • May 26, 2021 at 6:26 am #61640
    Angel Ivander
    Participant
    Premium Member

    To whom it may concern,

    Not long after my Ashe Pro theme updated, I received a scan report from Jetpack saying I have two potential instances of malicious code patterns on my website that came from the theme.

    The first states:

    Threat found (PHP_Generic_BadPattern_7)

    File: FreemiusBase.php

    This code pattern is often used to run a very dangerous shell program on your server. The code in these files needs to be reviewed, and possibly cleaned.

     

    180          */

    181          $fn = ‘base64’ . ‘decode’;

    182          return $fn( strtr( $input, ‘-‘, ‘+/’ ) );

     

    The second warning said:

    Threat found (PHP_Generic_BadPattern_7)

    File: class-freemius.php

    This code pattern is often used to run a very dangerous shell program on your server. The code in these files needs to be reviewed, and possibly cleaned.

     

    15704          */

    15705          $fn = ‘base64’ . ‘_decode’;

    15706

     

    Should I be alarmed? And if so, what should I do?

    Thank you for reading.

     

    May 26, 2021 at 4:15 pm #61652
    vako
    Keymaster
    WP Royal Team

    Hi Angel,

     

    In order to assist we need to check your website from the back end, please install this 3rd party plugin “Temporary Login Without Password Plugin” which allows us to access your dashboard without sharing access details.

    To better understand how the plugin works, please watch the video guide below: https://www.youtube.com/watch?v=EMu0e78OpJo

    Please make sure to mark your reply as private to hide it from the public.

     

    Kind Regards

    May 26, 2021 at 4:34 pm #61654
    Angel Ivander
    Participant
    Premium Member
    This reply has been marked as private.
    May 26, 2021 at 10:40 pm #61660
    vako
    Keymaster
    WP Royal Team

    Hi Angel,

     

    We need to redirect this topic to our developer’s board, they will check loaded codes and let you know what to do in order to fix them.

     

    Kind Regards

    May 26, 2021 at 11:42 pm #61662
    Angel Ivander
    Participant
    Premium Member

    Thank you. I shall wait patiently until then.

    June 4, 2021 at 9:19 am #61759
    Nick
    Keymaster
    WP Royal Team

    Hi :),

    Nick is here from the DEV team,

    I have contacted to our sales processor company freemius and here is what they answered.

    “The Freemius SDK is used both for plugins and themes. Every theme submitted to WordPress.org is automatically scanned by a plugin called Theme Check which flags base64 functions, since generally, there’s no reason for themes to use those functions. In our case, we use base64 encoding for API signature signing and hiding sensitive info, a use case that was approved by the WordPress.org themes review team. To overcome the false-positive warning by the Theme Check, we were recommended to use that workaround, which is now apparently flagged by Jetpack. We are planning to contact Automattic’s team to see if it can get whitelisted – and if not, explore a way how we can find a workaround to avoid this false-positive alert.”

    So to say shortly this is just simply false positive and you don’t need to worry about this.

     

    Kind Regards,

    Nick

    June 7, 2021 at 4:32 pm #61780
    Nick
    Keymaster
    WP Royal Team

    By the way, I have good news for you  – our reseller contacted us again with great news:

    “We had been in touch with the Jetpack team and I’m happy to share they confirmed that they whitelisted the code so it shouldn’t be flagged anymore.”

    So soon you will not see this notification from the jetpack.

    Kind Regards,

    Nick

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.