Avast is reporting JS:Redirector-NT [Trj on my site , can you please take a look and point me what code may be wrong ? the site is WEBKINSON.COM
What code is supposed to be wrong ?
Avast is reporting JS:Redirector-NT [Trj on my site , can you please take a look and point me what code may be wrong ? the site is WEBKINSON.COM
What code is supposed to be wrong ?
@true_indian,
The user opened up a new topic because his was just added to another user’s. Why do you interfere, as you do not understand what is going on?
@ 3ukman
This part of your code is found suspicious:
-www.webkinson.com/wp-content/themes/inspire/includes/js/jquery.prettyPhoto.js?ver=3.3.1 suspicious
[suspicious:2] (ipaddr:74.53.187.69) (script) -www.webkinson.com/wp-content/themes/inspire/includes/js/jquery.prettyPhoto.js?ver=3.3.1
status: (referer=-WEBKINSON.COM/)saved 31837 bytes 999f6c5b54e2cbc923bb8c1f42f396748d43fb8f
info: [img] -www.webkinson.com/wp-content/themes/inspire/includes/js/
info: [embed] -www.webkinson.com/wp-content/themes/inspire/includes/js/{path}
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
suspicious:
pol
Hello ,
We were in touch with woothemes a very reputable themes provider for wordpress. And they have numerous websites using the theme but the problem is only present on my site at webkinson.com
For example this demo site also uses the same code but is not being reported as a virus.
http://demo.woothemes.com/inspire/
Is it possible it is another part of the code that is fishy ?
Hi 3ukman, thank you for making your own thread, it makes it easier to follow the topic
This issue results in a script being added near the top of pages that are loaded…(seen in the image)
From what I can tell from another thread or two…it could be related to theming…and one thread suggested that it was a file called timthumb.php (this has come up before, and was the result of a lot of detections)
Polonus had a link to a scanner that helped identify the issue, it may be of some help to you:
Scott
Hi 3ukman,
Next to what spg SCOTT reports I see the following:
Sucuri gives out a warning on: -home/ukman3/public_html/webkinson.com/wp-content/themes/inspire/index.php
I get a “Call to undefined function get_header() in -/home/ukman3/public_html/webkinson.com/wp-content/themes/inspire/index.php”
Your site apparently was Tag_blue hacked…
There is a link to referer=figu.at.vc/in.cgi?2 see: GET /in.cgi?2 HTTP/1.1 Host: -figu.at.vc flagged by avast webshield as JS:redirector-NT[Trj]]
redirectiong to spamming from v i a g r a l e v i t r a testosterone dot com
See here for the evidence: http://urlquery.net/report.php?id=20366
I get this at wepawet analysis: -http://figu.at.vc/in.cgi?2 Empty N/A Could be that “figu dot at vc” is not longer responding or was taken down.
The in.cgi2 hack was an intrusion via an injected iFrame.
but you have to cleanse and remove that vulnerability, then there was network activity for about:blank 200 text/html (not longer there),
polonus
Hey Polonus,
There is an active link that slipped through there
You got it before my post
Scott
Hi spg SCOTT,
Well broke it as soon as I spotted it, thanks for the heads up and all your valuable script analysis contributions. So you must have seen that the php security of this site has been questionable for quite some time. That is what caused these the various issues in the first place - a hacker got a tiny foothold to further invade the website with additional malcode. There are more vulnerabilities than that active malicious one that avast webshield flags. RFI malware is becoming a trend, we see loads of vicitim sites affected here in the “virus and worms”, as we also see a lot of so-called “weak PHP hacks”, like small PHP etc. etc… So, dear webmasters, check the integrity of your code continuously against malcode intrusing input!
polonus