Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Outdated CMS, malware on hostile website...
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Outdated CMS, malware on hostile website... (Read 1300 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Outdated CMS, malware on hostile website...
«
on:
November 12, 2015, 10:49:48 PM »
See:
https://www.virustotal.com/nl/url/70a0dd38d3eac8be3b179615771be14daeb25c95bbf1e8024b0da421aeb195bc/analysis/1447364406/
Known javascript malware. Details:
http://labs.sucuri.net/db/malware/mwjs-iframe-injected530?web.js.malware.pwframe.001
Qualified as a dangerous website:
https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=ft-lauderdale-roofing.com
Malware flagged here:
http://urlquery.net/report.php?id=1447364534927
-http://ft-lauderdale-roofing.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://ft-lauderdale-roofing.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.2 : -http://ft-lauderdale-roofing.com/wp-includes/js/jquery/jquery.js?ver=1.11.2
1 vulnerable library detected
WordPress Version
4.2.5
Version does not appear to be latest 4.3.1 - update now.
WP Theme: D5 Smartia 2.5http://d5creation.com/theme/smartia/
Warning Directory Indexing Enabled
In the test it was attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
8 malicious files detected:
http://quttera.com/detailed_report/ft-lauderdale-roofing.com
Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Detected Malicious JavaScript Injection See attached image..
polonus (volunteer website security analyst and website error hunter)
«
Last Edit: November 12, 2015, 10:54:16 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 34051
malware fighter
Re: Outdated CMS, malware on hostile website...
«
Reply #1 on:
November 12, 2015, 11:10:27 PM »
When you do not train and educate your website owners, admins, hoster staff and act pro-actively where website security is concerned, we will see further truck-loads of compromised websites with WordPress CMS. This is a serious problem as 25 percent of all websites on earth run WP.
When are we gonna educate the masses or alert them to this existing situation
?
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Outdated CMS, malware on hostile website...