A customer using avast was so kind to report virus infection:
Please check www.mastering-academy.de and www.mastering-academy.com
My virus program and and online virus scan can´t find any problems.
But I would like to get rid of that problem.
Can you give me advice which file may be infected or is causing this problem so that I can figure out to remove it manually.
Thank you for your support.
Friedemann Tischmeyer
what does the message from avast say?
→ https://sitecheck.sucuri.net/results/www.mastering-academy.de/
→ https://sitecheck.sucuri.net/results/www.mastering-academy.com/
HTML code scan
I see two vulnerable libraries flagged here:
-http://www.mastering-academy.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.mastering-academy.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://www.mastering-academy.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
jquery.prettyPhoto - 3.1.2 : (active1) -http://www.mastering-academy.com/wp-content/themes/infocus/lib/scripts/prettyphoto/js/jquery.prettyPhoto.js?ver=2.3
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
(active) - the library was also found to be active by running code
2 vulnerable libraries detected
Isue and warning here: https://mxtoolbox.com/domain/www.mastering-academy.com/
This link? → http://toolbar.netcraft.com/site_report?url=http://online-sale24.com is flagged:
Javascript included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2
Javascript: online-sale24.com but it does not resolve now, no response: https://urlquery.net/report.php?id=1455281096382
So I see no active malware now.
CMS issues to mitigate:
WordPress Version
4.4.1
Version does not appear to be latest 4.4.2 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
jquery-featured-content-gallery latest release (1.2)
http://www.cibydesign.co.uk/resources-and-downloads/
all-in-one-seo-pack 2.2.7.5 latest release (2.2.7.6.2) Update required
http://semperfiwebdesign.com
facebook-likes-you 1.5.4 latest release (1.5.4)
http://wolnaelekcja.pl/wp-facebook-likes-you
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 None wp_admin :o Should come disabled.
Another issue: 50% of the trackers on this site could be protecting you from NSA snooping. Tell mastering-academy.com to fix it.
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d5fb79cb40414a3091dxxxxxxxxae2ac1a1445965753 local.adguard.com __cfduid
At least 8 third parties know you are on this webpage.
-Google
-Google
-Facebook
-Google
-www.mastering-academy.com
-online-sale24.com (this was at the culprit of your malware infection, Avast flagged as HTML:Script-inf, aka Sucuri’sreports at: http://sucuri.net/malware/entry/MW:BLK:2 )
-local.adguard.com
-www.mustbebuilt.co.uk -www.mustbebuilt.co.uk
polonus (volunteer website security analyst and website error-hunter)
F-Secure lab confirms infections
==========================================================
The file you sent (academy.com) was found to be malicious.
The file you sent (academy.de) was found to be malicious.
It says: Infection Type: HTML:Script-inf
The complete message is German. It says that the URL has a malicious code
Well, the infection has been confirmed, you’ve to clean it.
if you need help Sucuri will do it for a fee >> https://sucuri.net