See: https://app.webinspector.com/public/reports/42166582?cache=true
See: https://sitecheck.sucuri.net/results/www.enginshoes.com
Hidden Iframes. Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202?v04
There are two causes for this:
One, is that your webserver (probably Apache) has write access to the core files. This happens a lot in shared hosting, where the Apache process runs as your user login. In general, this is a bad thing. . Normally, you just want to give Apache write access to sites/default/files and your private and tmp directories (wherever they are defined).Quote info credits go to: mpdonadio on Drupal groups.Two, is that your hosting provider or your server is probably running an outdated version of PHP. Again, this tends to happen a lot with shared hosts (many are reluctant to keep up with latest security versions). Many outdated versions of PHP have security vulnerabilities in them, which lets attackers construct bad URLs and write to files on the filesystem. Adding code to template files is low hanging fruit that a lot of people don’t notice.
polonus
Update: https://www.virustotal.com/nl/url/24454096f28cc27c88f19301f84fdd8ac140f6ae2ae34b4b1969160cea9a77bb/analysis/1444668729/
plugins/system/rokbox/rokbox.js
Severity: Potentially Suspicious
Reason: Detected potentially suspicious content.
Details: Detected potentially suspicious initialization of function pointer to JavaScript method write __tmpvar1530976633 = write;
Threat dump: See: https://sitecheck.sucuri.net/results/www.mmasport.it
Threat dump MD5: A5EE45F9A5AD8053DA56CAB26EF21FC5
File size[byte]: 20280
File type: ASCII
Page/File MD5: 2089714D3A3033069E28360505C233B4
Scan duration[sec]: 1.227000
Also see: https://forum.avast.com/index.php?topic=176205.0
polonus
See: http://urlquery.net/report.php?id=1444913118917
Bitdefender TrafficLight flags.
Seems this malware is back (or has it ever been away?) → Known javascript malware. Details: http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole1?v282.2
WordPress Version
4.0.8
Version does not appear to be latest 4.3.1 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
custom-contact-forms 5.1.0.5 latest release (6.9.0) Update required
http://www.taylorlovett.com
vipers-video-quicktags latest release (6.5.2)
http://www.viper007bond.com/wordpress-plugins/vipers-video-quicktags/
WordPress Theme
The theme has been found by examining the path /wp-content/themes/ theme name /
Twenty Twelve 1.7https://wordpress.org/themes/twentytwelve/
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 None admin
2 None gerard
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
On PHP version: https://forums.cpanel.net/threads/is-it-already-dangerous-keeping-php-5-2-17-on-production.267442/
polonus