Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on November 19, 2017, 06:04:26 PM

Title: WordPress website with malware or just suspicious?
Post by: polonus on November 19, 2017, 06:04:26 PM

Re: https://www.virustotal.com/nl/url/abbfa0df5cf4ee507af0ab3ec7b6d78f139d213e3b02756d8e342c5e75244e8e/analysis/1511109657/  as 2 detect.
F-grade status and recommendation: https://observatory.mozilla.org/analyze.html?host=fitnesscoach-regensburg.de
Retirable jQuery: http://retire.insecurity.today/#!/scan/ecfbab2dbaa7be6e68157e6a2a1b2f7d177e62243902ffc3e941449b91bc4489

Outdated plug-ins - WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-pagenavi 2.92   latest release (2.92)
http://lesterchan.net/portfolio/programming/php/
all-in-one-cufon   latest release (1.3.0)
http://lizatom.com/wordpress-plugin/all-in-one-cufon/
wp-spamshield   
wordpress-seo 5.7.1   latest release (5.8) Update required
https://yoast.com/wordpress/plugins/seo/
contact-form-7 4.9.1   latest release (4.9.1)
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

24 potentionally suspicious files detected: https://quttera.com/detailed_report/fitnesscoach-regensburg.de
Reason:   Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['#commentform, .comment-respond form, .comment-form, #lostpasswordform, #registerform, #loginform, #l']] of length 142 which may point to obfuscation or shellcode.

Missed detection here: https://sitecheck.sucuri.net/results/fitnesscoach-regensburg.de

polonus (volunteer website security analyst and website error-hunter)