Hi, I just got an email from my hosting company about a problem I was having updating Cornerstone. I have been having some issues over the last few updates that fall foul of permissions issues on my hosting account. So naturally when the update did not run I assumed it was the same issue.
However they say there scan says their is Java in the file that should not be there and is causing their system to flag it and not run the update.
Do you have any idea what this could be? Cornerstone was downloaded automatically from you.
Get back to me ASAP
Cheers
David
Hello David,
Thanks for writing in!
It’s false positive, and based on @vchenkoDV’s provided information. It’s related to Typekit, and here is the code
<script id="cs-typekit-loader">(function(d){var config={kitId:'<?php echo $config['typekitKitID']; ?>',scriptTimeout:3000,async:true},h=d.documentElement,t=setTimeout(function(){h.className=h.className.replace(/\bwf-loading\b/g,"")+" wf-inactive";},config.scriptTimeout),tk=d.createElement("script"),f=false,s=d.getElementsByTagName("script")[0],a;h.className+=" wf-loading";tk.src='https://use.typekit.net/'+config.kitId+'.js';tk.async=true;tk.onload=tk.onreadystatechange=function(){a=this.readyState;if(f||a&&a!="complete"&&a!="loaded")return;f=true;clearTimeout(t);try{Typekit.load(config)}catch(e){}};s.parentNode.insertBefore(tk,s)})(document);</script>
The code itself is from Adobe’s https://typekit.com/, and only added dynamically based on the user’s supplied Typekit ID.
Those tools are able to detect the script being added or injected, but they are unable to really check if they are actually malware. Hence, just marked them as malware with javascript injection. Most of them are based on name too so if the name matches then it will be considered malware too since they can’t really tell how the script works. With Typekit, we can’t fix it by changing its name.
Thanks!
@davidwdesign, if you are hosting with LightningBase (as I am), I got them to put a global exception for the file so it won’t be flagged by Imunify360 anymore (that’s the software that is flagging the javascript). I asked for global so it would cover ALL my clients that I host with them that use X theme. If you’re NOT hosting with LightningBase, reach out to the support for your host and see if they can do the same (chances are they are also using Imunify360).
Hey @geekgoddess,
Thanks for chiming in! It’s nice to know and inform other how you have resolved your issue.
Best Regards.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.