Avast WEBforum
Other => Viruses and worms => Topic started by: ext237 on August 14, 2020, 02:40:04 AM
-
Hello, the Ecwid eCommerce plugin for websites are now all blocked. This prevents companies that use the Ecwid stores form processing sales. Please look into this because we can't tell our customers to uninstall your software in order to shop with us. Example stores:
calidoguitars.com
houstonphotowalks.com
-
Reporting Possible False Positive File or Website - https://www.avast.com/false-positive-file-form.php (https://www.avast.com/false-positive-file-form.php).
-
8 detections for pages that communicate with IP: -calidoguitars.com ->
https://www.virustotal.com/gui/ip-address/192.124.249.58/detection
-> https://www.virustotal.com/gui/ip-address/192.124.249.58/relations
On Word Press CMS settings: Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
Path Tested Status
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Wait for a final verdict from avast team,
polonus (volunteer 3rd part cold recon website security analyst and website error-hunter)
-
L.S.
Do not see those pages blocked anymore. Like: -houstonphotowalks.com (not found any DOM-XSS issues).
Opened the website on an avast protected machine.
polonus