« previous next »
Pages: [1]   Go Down

Author Topic: Infostealer and PHISH on insecure Word Press site.  (Read 1095 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Infostealer and PHISH on insecure Word Press site.
« on: June 09, 2017, 11:41:32 PM »
See retirable jQuery libraries: http://retire.insecurity.today/#!/scan/c97af80e4608f7253466908317cf39c0e070538d535c4edd18a9c38bf5b8a214
See F-status and recommendations: https://observatory.mozilla.org/analyze.html?host=wildfield.pl

See where it is being flagged: http://urlquery.net/report.php?id=1497038836493
and as a known infection source: https://www.virustotal.com/pl/url/3ec458750579cd5623ef7b1cf2482342453af65ce262022e2de994e4cdb7efc0/analysis/1497042156/

Probably that is why the malcreants scored A-status here: https://sritest.io/#report/61ad3917-53bd-4f45-8811-25c6f604ac2d
so no one interfered with their schemes. List of blacklisted external links: 1937

Blacklisted on various lists. Word Press version outdated: WordPress Version
4.5.9

WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

woocommerce 2.6.4   latest release (3.0.8) Update required
https://woocommerce.com/
woocommerce-currency-switcher 1.1.7   latest release (1.1.9) Update required
http://currency-switcher.com/
yith-woocommerce-wishlist   latest release (2.1.2)
http://yithemes.com/themes/plugins/yith-woocommerce-wishlist/
js_composer   
contact-form-7 4.5   latest release (4.8) Update required
https://contactform7.com/
revslider   
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.

ID   User   Login
1   None   malyglod
2   None   wildheart
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

11 blank lines in the source code...

polonus

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »