https://legacy.forums.gravityhelp.com/topic/site-hacked Gravity Support Forums Topic: site hacked en-US Mon, 20 Apr 2026 05:11:19 +0000 http://bbpress.org/?v=1.0.1 q https://legacy.forums.gravityhelp.com/search.php https://legacy.forums.gravityhelp.com/topic/site-hacked#post-59639 Mon, 21 May 2012 11:47:44 +0000 pattam 59639@https://legacy.forums.gravityhelp.com/ <p>Great thanks for putting my mind at ease and I can cross that one off my list. Cheers. </p> https://legacy.forums.gravityhelp.com/topic/site-hacked#post-59636 Mon, 21 May 2012 11:34:17 +0000 Carl Hancock 59636@https://legacy.forums.gravityhelp.com/ <p>Just wanted to add to what Alex said above, that the screenshot you sent us via Priority Support contains some false positives. It's flagging "doubleval" in the queries contained in your screenshot as being "eval" when it is not. As Alex said, we are using it in a legitimate way and it's not being used in a way that could pose any kind of security risk.</p> <p>Despite the fact some people seem to think ALL eval() usage is evil, bad practice or used to hide malicious code... that is like saying PHP is evil and can be used to hide malicious code. It's a function and when used properly and by a programmer that knows what he is doing, it's just another function that can be used to accomplish a goal. There's nothing bad or malicious about it when used properly. </p> https://legacy.forums.gravityhelp.com/topic/site-hacked#post-59606 Mon, 21 May 2012 10:09:24 +0000 Alex Cancado 59606@https://legacy.forums.gravityhelp.com/ <p>The eval() function in Gravity Forms is legitimate. It is used to perform calculations. We safeguard the eval() call by only allowing numbers and specific math operators (i.e. + - * etc..) to be run through the eval() function, so it can only be used to perform math calculations, and not to execute random code. </p> https://legacy.forums.gravityhelp.com/topic/site-hacked#post-59596 Mon, 21 May 2012 08:27:38 +0000 pattam 59596@https://legacy.forums.gravityhelp.com/ <p>Our website got hacked today and I'm hunting down all the issues that could have been compromised. Installed a plugin called Threat Scan Plugin which looks for exploits and it reported on the the use of eval() function in Gravity Forms code. Are the use of eval() legitimate in Gravity Forms code? If not and I need to reinstall the plugin, is there an easy way to maintain the old setup and database?</p> <p>Cheers. Patrick. </p>