His second post here.
Again using bad language.
And he never responded to his previous post.
If he is the admin/webmaster, he should change his attitude imho.
I made my post yesterday evening giving the OP plenty of time to respond. I did so knowing that there
are plenty of forum members able to run the many tests to check his website. Instead of getting his
issue cleared up he wanted to rant. Personally I wanted to do some website analysis for my own
curiousity.
Potential suspicious file flagged by Quttera’s: /wp-content/plugins/fckeditor-for-wordpress-plugin/ckeditor/ckeditor.js?ver=3.5.1
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘<a id=“cke_elementspath_undefined_18446744073709551615” href="javascript:void('_cke_real_element_ty’]] of length 177590 which may point to obfuscation or shellcode. *
Threat dump: View code - http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Felpaso.oagroups.org%2F&useragent=Fetch+useragent&accept_encoding=
Threat dump MD5: CA7EA1A52E036B0B7E65C3D630548131
File size[byte]: 268039
File type: ASCII
MD5: 0EB8C0D4FF340B1BDD7FA209D6121A05
Scan duration[sec]: 73.920000
Reason for infection outdated CMS, that is outdate - WordPress version: WordPress 3.5.1
Wordpress version from source: 3.5.1
Wordpress Version 3.5 based on: htxp://elpaso.oagroups.org//wp-admin/js/common.js
WordPress theme: htxp://elpaso.oagroups.org/wp-content/themes/twentyten/
WordPress version outdated: Upgrade required.
Well Eddy, we could even be somewhat more precise and bet on this wordpress theme - themes/twentyten/ -
and it is a truly a good candidate to get us into trouble.
Read how that came backdoored, yep, by the developer I mean: http://wordpress.org/support/topic/security-issue-with-twentyten
So with free themes we have to be extremely cautious what we are actually installing :