Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
PHISH-website, outdated CMS, site probably compromised *.
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: PHISH-website, outdated CMS, site probably compromised *. (Read 1110 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
PHISH-website, outdated CMS, site probably compromised *.
«
on:
September 01, 2015, 10:05:25 AM »
See:
https://www.virustotal.com/nl/url/a74319a03458df92108565ce4c41bbec9f5b74b5a72da98d6920d963da492f8c/analysis/1441093394/
and blaclisted external link/domain: -http://www.bialystokbiega.pl/
Web application details:
Application: WordPress 4.2.3 - -http://www.wordpress.org
Web application version:
WordPress version: WordPress 4.2.3
Wordpress Version 4.1 based on: -http://bialystokbiega.pl/wp-includes/js/autosave.js
All in One SEO Pack version: 2.2.7.1
WordPress directory: -http://bialystokbiega.pl/wp-content
WordPress theme: -http://bialystokbiega.pl/wp-content/themes/bialystokpolmaraton/
Wordpress internal path: /home/fundacjabb/ftp/bialystokbiega.pl/wp-content/themes/bialystokpolmaraton/index.php
WordPress Version
4.2.3
Version does not appear to be latest 4.3 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
ml-slider 3.3.3 latest release (3.3.4.1) Update required
https://www.metaslider.com
jquery-colorbox 4.6 latest release (4.6)
http://www.techotronic.de/plugins/jquery-colorbox/
all-in-one-seo-pack latest release (2.2.7.1)
http://semperfiwebdesign.com
the-countdown 1.1.6 latest release (1.1.6)
http://zourbuth.com/
WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /
Warning User Enumeration is possible
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.
-https://www.youtube.com/embed/yvyv1cbFQv4
Bia 1.0http://r1media.pl ->
http://toolbar.netcraft.com/site_report?url=http://r1media.pl
Re: -http://XXXXXXX/www.bialystokbiega.pl ->
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.bialystokbiega.pl
Also consider:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbialystokbiega.pl%2Fwp-content%2Fthemes%2Fbialystokpolmaraton%2Fjs%2Fhtml5.js
going to -http://detraplift.blogspot.nl/js/cookiechoices.js
APO URL shortener malcode! *
polonus (volunteer website security analyst and website error-hunter)
«
Last Edit: September 06, 2015, 12:58:50 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
PHISH-website, outdated CMS, site probably compromised *.