False Positives? I hope…

Just noticed that Chrome is blocking the plugin page for Revolution Slider on Code Canyon too. That can’t be good.

public_html/wp-content/plugins/revslider/inc_php/revslider_globals.class.php
public_html/wp-content/plugins/revslider/revslider.php
public_html/wp-content/plugins/revslider/rs-plugin/css/settings.css
public_html/wp-content/plugins/revslider/views/templates/sliders.php

I′m using a paid theme (that includes the revolution slider). Anyone could confirm if those alerts are false positives?

Just came here looking for the same thing, also getting malware warnings from WF on revolution ??

Looks like:

www dot themepunch dot com/codecanyon/revolution_wp/

is the culprit? Not sure why their site was flagged by google, it may have gotten hacked.

The reason Sucuri didn’t find anything is because they can’t scan your PHP source code with a remote scan like Wordfence does.

You can either remove the slider or wait this out until the site is fixed and marked clean by google. Keep in mind that if that URL is indexible by Google’s crawlers you may incur an SEO penalty.

Regards,

Mark.

So just to be clear, this is not a false positive from Wordfence since Google has in fact flagged the URL as malware.

Regards,

Mark.

I got the warning this morning on 3 of my sites. I am using Wordfence. You mention above to remove the slider – does that mean deleting the plugin – or just remove the slider from the site pages?

Thanks,

I meant delete the plugin. But before you do that please contact the plugin author for more info. They can probably explain why their site has been flagged and you can probably ignore that warning.

Regards,

Mark.

I have the same warning on https://www.mindfulnessdublin.com. Does anyone have more information?

* File contains suspected malware URL: wp-content/plugins/revslider/inc_php/revslider_globals.class.php
* File contains suspected malware URL: wp-content/plugins/revslider/revslider.php
* File contains suspected malware URL: wp-content/plugins/revslider/rs-plugin/css/settings.css
* File contains suspected malware URL: wp-content/plugins/revslider/views/templates/sliders.php

This is what Themepunch are saying in case anyone else has this problem.
Hi,

Thanks a lot for your question.

First of all i want to tell again, everything is safe and Clean. You dont need to update the Plugin neither to worry about any mailware or similiar viruses or trojans.

None of our plugins or themes was influenced to any time, and all Items and Downloadable files are , were and will be clean !

Some Background information:

We transfered some of our webservers and Domains to a new and better Provider today night, and during this transfer we have been attacked. Some of our Demo content has been influenced.

We fixed the issue in a very short time, however Google Blocked us without any real reason. Google just unlocked the sites, and also decleared all our Content as Clean and safety.

Thanks a lot again and have a great day, and please do not hesitate to contact us any time if you have further questions.

Cheers,

Your ThemePunch

Thank’s for the information Mark and Badex, I was about to write to Themepunch, so it seems we′ll just have to wait till google unflag themepunch…. (i hope)

Hi

I woke up this morning with my WordPress website hacked. They posted a message on my wall saying: Kaiser Malware was Here. I didn’t read the whole message but they were asking money to recover my website.

I didn’t have Wordfence installed but an user from my website saw the post and sent me a private message saying that Revolution Slider was causing a breach on my website and it could be hacked. He even sent me (on the message) my username and password. In fact I had RevSlider installed on my site.

First I deleted all new usernames that were created along with all changes that have been done on the website by the hacker, among them they installed a FTP plugin.

After that I uninstalled Revolution Slider and installed Wordfence. I ran the scan and Wordfence found that my Index.php file had been changed and they included a code starting with “eval”.

Wordfence recovered the original file and deleted the changed one.

Long story short, it was a nightmare, but fortunately it was fixed quickly.

I can’t say that the problem was due to RevSlider or not, but I’m just explaining what happen on my website and according to the user, it was due to RevSlider.

I changed all passwords, installed Wordfence, Installed security manager, and I hope it doesn’t happen again.

I hope it can help.

@jerryaustralia,

this post was concerning a different topic but anyway:

Please update your RevSlider to the latest version. The problem you describe is caused by an oooold version before 4.1.4 , we are currently running on 4.6.

We are really sorry to hear that you have gone through that much trouble with your hacked server. We keep up to the current security standards and your job as user is to keep the plugin up2date (sorry to sound a little bossy here ;))

In general: Please always remember keep all your plugins, themes and your WordPress up2date to retain the best possible security for the whole system!

Cheers, TP

Sucuri Blog Revolution Plugin Critical Vulnerability

Upgrade asap. The revolution slider in older versions is compromised.
Check all your themes if it has the Revolution Slider included. Probably you will have an older version included in the Theme when you bought it.
Check with your theme vendors for an upgraded version or contact Themepunch in order to help you upgrade to a safe version.

Cheers.