Author Topic: Outdated Word Press site plug-ins, hardening proposals...  (Read 1073 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33866
  • malware fighter
Outdated Word Press site plug-ins, hardening proposals...
« on: June 03, 2023, 03:38:07 PM »
Re: Plugin   Update Status   About
wp-fastest-cache 1.1.0   Warning   latest release (1.1.6)
http://wordpress.org/plugins/wp-fastest-cache/
wordpress-seo 20.0   Warning   latest release (20.8)
https://yoa.st/1uj
formidable 5.5.6   Warning   latest release (6.3.1)
https://formidableforms.com/    Outdated versions detected.

Externally linkes host - goomedia.digitaal-magazine.nl   AMAZON-02

At what site? -> https://sitecheck.sucuri.net/results/teleplaza.nl   (redhat nginx website)

Hardening proposals: see: https://sitecheck.sucuri.net/results/teleplaza.nl

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33866
  • malware fighter
Re: Outdated Word Press site plug-ins, hardening proposals...
« Reply #1 on: June 03, 2023, 06:13:41 PM »
But potentially malicious script detected on same IP at website -https://aika.fiber.nl/

What? Detected Potentially Suspicious Files by Quttera's.
File name   /assets/index-3bb9e352.js
Threat name   PS.SuspScript.gen
File type   ASCII
Reason   Detected hidden call to replace.
Details   Detected potentially suspicious content.
Threat dump XXXXX[[constt=Ve(Ho),n=Ve(Xh),r=Lt(()=>t.resolve(Is(e.to))),s=Lt(()=>{const{matched:c}=r.value,{length:a}=c,u=c[a-1],f=n.matched;if(!u||!f.length)return-1;constd=f.findIndex(rs.bind(null,u));if(d>-1)returnd;consth=uf(c[a-2]);returna>1%26%26uf(u)===h%26%26f[f.length-1].path!==h?f.findIndex(rs.bind(null,c[a-2])):d}),i=Lt(()=>s.value>-1%26%26cb(n.params,r.value.params)),o=Lt(()=>s.value>-1%26%26s.value===n.matched.length-1%26%26Qh(n.params,r.value.params));functionl(c={}){returnlb(c)? XXXX t[Is(e.replace)?"replace":"push"](Is(e.to)).catch(Us)]]
Threat MD5   63B0995854A8AE1AB3F6CD6BCA2AC381
File MD5   ACFD0BC080EC2B73325ABA8F0F345345
Line   Available via API only.

Solution: use replace when redirecting from an invalid url....

polonus
« Last Edit: June 03, 2023, 06:47:20 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33866
  • malware fighter
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!