Outdated CMS, malware on hostile website...

polonus · 2015-11-12T21:49:48.000Z

See: https://www.virustotal.com/nl/url/70a0dd38d3eac8be3b179615771be14daeb25c95bbf1e8024b0da421aeb195bc/analysis/1447364406/
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected530?web.js.malware.pwframe.001
Qualified as a dangerous website: https://www.google.com/transparencyreport/safebrowsing/diagnostic/index.html#url=ft-lauderdale-roofing.com
Malware flagged here: http://urlquery.net/report.php?id=1447364534927
-http://ft-lauderdale-roofing.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://ft-lauderdale-roofing.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.2 : -http://ft-lauderdale-roofing.com/wp-includes/js/jquery/jquery.js?ver=1.11.2
1 vulnerable library detected
WordPress Version
4.2.5
Version does not appear to be latest 4.3.1 - update now.
WP Theme: D5 Smartia 2.5http://d5creation.com/theme/smartia/

Warning Directory Indexing Enabled

In the test it was attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled

8 malicious files detected: http://quttera.com/detailed_report/ft-lauderdale-roofing.com
Detected encoded JavaScript code commonly used to hide malicious behaviour.
Details: Detected Malicious JavaScript Injection See attached image…

polonus (volunteer website security analyst and website error hunter)

polonus · 2015-11-12T22:10:27.000Z

When you do not train and educate your website owners, admins, hoster staff and act pro-actively where website security is concerned, we will see further truck-loads of compromised websites with WordPress CMS. This is a serious problem as 25 percent of all websites on earth run WP. :o
When are we gonna educate the masses or alert them to this existing situation? :o

polonus

Announcements