Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
SERP-hijacking on site detected?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: SERP-hijacking on site detected? (Read 1443 times)
0 Members and 2 Guests are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34054
malware fighter
SERP-hijacking on site detected?
«
on:
December 06, 2014, 01:30:58 AM »
See:
http://killmalware.com/pdroma.it/#
See:
http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fpdroma.it%2F&useragent=Fetch+useragent&accept_encoding=
Malware on site:
http://sitecheck.sucuri.net/results/pdroma.it/#sitecheck-details
6 instances of malware-entry-mwhjck3123 according to Sucuri's.
Known javascript malware. Details:
http://sucuri.net/malware/malware-entry-mwhjck3123
Set-Cookie: USERID=twotime; path=/
Here we get search results for such an attack:
https://www.google.nl/search?q=Set-Cookie%3A+USERID%3Dtwotime%3B+path%3D%2F&oq=Set-Cookie%3A+USERID%3Dtwotime%3B+path%3D%2F&aqs=chrome..69i57j69i58&sourceid=chrome&es_sm=93&ie=UTF-8
Likewise attack described here:
http://sakrare.ikyon.se/log.php?id=86996
-
http://www.blackabacus.com/header_values/view/371781
What has led to such an attack:
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.0
Outdated Web Server Apache Found: Apache/2.2.26 and excessive header info proliferation ->
Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 ?
Present redirects may differ...
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
SERP-hijacking on site detected?
