Author Topic: WordPress website with malware or just suspicious?  (Read 1108 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
WordPress website with malware or just suspicious?
« on: November 19, 2017, 06:04:26 PM »
Re: https://www.virustotal.com/nl/url/abbfa0df5cf4ee507af0ab3ec7b6d78f139d213e3b02756d8e342c5e75244e8e/analysis/1511109657/  as 2 detect.
F-grade status and recommendation: https://observatory.mozilla.org/analyze.html?host=fitnesscoach-regensburg.de
Retirable jQuery: http://retire.insecurity.today/#!/scan/ecfbab2dbaa7be6e68157e6a2a1b2f7d177e62243902ffc3e941449b91bc4489

Outdated plug-ins - WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

wp-pagenavi 2.92   latest release (2.92)
http://lesterchan.net/portfolio/programming/php/
all-in-one-cufon   latest release (1.3.0)
http://lizatom.com/wordpress-plugin/all-in-one-cufon/
wp-spamshield   
wordpress-seo 5.7.1   latest release (5.8) Update required
https://yoast.com/wordpress/plugins/seo/
contact-form-7 4.9.1   latest release (4.9.1)
https://contactform7.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

24 potentionally suspicious files detected: https://quttera.com/detailed_report/fitnesscoach-regensburg.de
Reason:   Detected procedure that is commonly used in suspicious activity.
Details:   Too low entropy detected in string [['#commentform, .comment-respond form, .comment-form, #lostpasswordform, #registerform, #loginform, #l']] of length 142 which may point to obfuscation or shellcode.

Missed detection here: https://sitecheck.sucuri.net/results/fitnesscoach-regensburg.de

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!