Kaptinlin Themes Support

macartist

Running a "Wordfence" security scan on my website, one of the actions is:
"Scanning files for URLs in Google's Safe Browsing List"

The result are the following security concerns:

"File contains suspected malware URL: /hermes/bosweb25a/b71/ipg.graffitilord/wp-content/themes/striking/framework/plugins/Browser.php"
Filename: wp-content/themes/striking/framework/plugins/Browser.php
File Type: Not a core, theme or plugin file.
Severity: Critical
This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://chrisschuld.com/) - More info available at Google Safe Browsing diagnostic page.

"File contains suspected malware URL: /hermes/bosweb25a/b71/ipg.graffitilord/wp-content/themes/striking/fontfaces/Rabiohead-fontfacekit/pizzadude.dk License.txt"
Filename: wp-content/themes/striking/fontfaces/Rabiohead-fontfacekit/pizzadude.dk License.txt
File Type: Not a core, theme or plugin file.
Severity: Critical
This file contains a suspected malware URL listed on Google's list of malware sites. Wordfence decodes base64 when scanning files so the URL may not be visible if you view this file. The URL is: http://pizzadude.dk/ - More info available at Google Safe Browsing diagnostic page.

I just deleted the License.txt file, but tried deleting the url from Browser.php but that has resulted in odd errors and problems.

macartist

I was able to finally delete the urls, but this concerns me that these two urls are being flagged by google as known malware urls.

Websys

It is unknown why Google is doing this, but I would not specifically rely on google or its safe browsing list as the sole barometer of what is safe or not (actually, I personally do not rely on Google for anything whatsoever. I don't use their browser, or their email, or any of their tools - IMO everything from google is suspect, but users like their stuff, so we provide it).

Browser.php and its contents are the script necessary to determine the browser type of your site viewer, on which of course certain other functions that serve up images, layout, etc depend. So if you delete browser.php, your site will not function properly.

There is absolutely no base64 code in the browser.php file, Chris Shuld is the developer of the browser detection script, and his site name is in comments, but is not encoded in any way.

So I have no idea why the comments are being recognized this way by google, probably another google frackup, but here is the code, grabbed right out of the file, which anyone can open and inspect:

	/**
	 * File: Browser.php
	 * Author: Chris Schuld (http://chrisschuld.com/)
	 * Last Modified: August 20th, 2010
	 * @version 1.9
	 * @package PegasusPHP
	 *
	 * Copyright (C) 2008-2010 Chris Schuld  (chris@chrisschuld.com)
	 *
	 * This program is free software; you can redistribute it and/or
	 * modify it under the terms of the GNU General Public License as
	 * published by the Free Software Foundation; either version 2 of
	 * the License, or (at your option) any later version./

There is more, but that is an excerpt from the file and the only place his url is contained in the comments.

Its the same with Jakob Fischer's site - he created the font.

Perhaps at one time or another their host servers or sites were infected by malware and got flagged by google. Who knows?

It is not relevant to Striking in any way, so actually we really don't care.

BTW, all themes are inspected by Themeforest for malware and malicious code. They are not released should they contain any such problems.

Happy Striking
Striking Team
James

macartist

Thanks for the response, I figured it was an oddity and was able to work around it, just thought I would pass it on. Thanks again for the great theme, absolutely the best out there!

Kaptinlin Themes Support

Howdy, Stranger!

Categories

In this Discussion