Avast WEBforum
Other => Viruses and worms => Topic started by: contact290 on March 23, 2020, 06:27:00 PM
-
Hi,
Firstly, appreciate the volunteer work the community members do here & hope you're all safe during the coronavirus scare.
Our homepage htxps://royalcbd.com/ is blocked by Avast – as reported by one of our team members earlier this morning when he tried to access the site.
We checked server logs for all unique pages that were visited on our site and ran an analyses on every unique page – found no suspicious files.
Submitted the false positive form – was wondering if there's anything I can do to expedite the process (guessing not) as it's caused a flurry of complaints from customers.
https://sitecheck.sucuri.net/results/royalcbd.com
https://www.urlvoid.com/scan/royalcbd.com/
https://observatory.mozilla.org/analyze/royalcbd.com
Looks like we have some work to do on the last one, but no phishing was found.
Thanks, Alex.
-
Something to fix
https://retire.insecurity.today/#!/scan/2d6c57148cc1fbadded86c45adca1ca5674d395e3556d12acda88352a96476a7
https://www.virustotal.com/gui/url/b37e11a1414578c026b3a988dfd6f54336eeea3e2b3936fa69cbe772ef579f9e/detection
-
Hi,
Firstly, appreciate the volunteer work the community members do here & hope you're all safe during the coronavirus scare.
Our homepage hXXps://royalcbd.com/ is blocked by Avast – as reported by one of our team members earlier this morning when he tried to access the site.
We checked server logs for all unique pages that were visited on our site and ran an analyses on every unique page – found no suspicious files.
Submitted the false positive form – was wondering if there's anything I can do to expedite the process (guessing not) as it's caused a flurry of complaints from customers.<snip>
Looks like we have some work to do on the last one, but no phishing was found.
Thanks, Alex.
No other way to expedite the process, I would assume that they work through them in FIFO order
You may have some more work to do:
See https://webhint.io/scanner/7c66f94c-ed5d-4db8-803b-8851f41cbfc5
-
Insecure tracking: Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -royalcbd.com to fix it.
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
-royalcbd.com__cfduid
-d4caad975332e7cd32XXXXXXXXXX36fef1583162006 ajax.cloudflare.com__cfduid
Tracking IDs could be sent safely if this site was secure.
Vulnerable PHP: PHP, headers - 7.2.27
6.4
CVE-2020-7061
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
6.4
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
5
CVE-2018-19935
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
4.3
Some work to do for those website developers and - admins sitting at home to get such websites a tad more secure
The following plugins were detected by reading the HTML source of the WordPress sites front page.
affiliate-wp
shopkeeper-extender
woo-gutenberg-products-block 2.5.14 latest release (2.5.14)
https://github.com/woocommerce/woocommerce-gutenberg-products-block
yith-woocommerce-waiting-list-premium
jetpack 8.3 latest release (8.3)
https://jetpack.com
woocommerce-gateway-authorize-net-cim
contact-form-7 5.1.7 latest release (5.1.7)
https://contactform7.com/
elementor-pro
klaviyo 2.1.7 latest release (2.1.7)
https://wordpress.org/plugins/klaviyo/
ultimate-elementor
woocommerce 4.0.1 latest release (4.0.1)
https://woocommerce.com/
js_composer
age-gate latest release (2.5.0)
https://agegate.io/
yith-woocommerce-anti-fraud-premium 1.2.9
yith-woocommerce-wishlist latest release (3.0.9)
https://yithemes.com/themes/plugins/yith-woocommerce-wishlist/
woocommerce-all-products-for-subscriptions 3.1.6
woo-variation-swatches latest release (1.0.78)
https://wordpress.org/plugins/woo-variation-swatches/
elementor 2.9.6 latest release (2.9.6)
https://elementor.com/
shopkeeper-deprecated
woocommerce-square 2.1.1 latest release (2.1.1)
https://woocommerce.com/products/square/
wc-aelia-foundation-classes
shopkeeper-portfolio
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths using a dedicated tool.
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklis: OK
polonus (volunteer 3rd party cold rec on website security analyst and website error-hunter)