Website hacked and defaced, DROWn vulnerable nameserver detected...

See: http://toolbar.netcraft.com/site_report?url=http://teatrandersena.pl because of:
http://killmalware.com/teatrandersena.pl/

Nameserver DROWn exploit vulnerable: https://test.drownattack.com/?site=ns1.nazwa.pl

See code attached…Google Font Api hack…
Re: http://tools.seobook.com/general/spider-test/index.php?c=1&url=http://teatrandersena.pl

polonus

In the mean time site has been cleansed, but gross CMS and other insecurities remained.
Re: -http://teatrandersena.pl
Detected libraries:
jquery - 1.11.3 : -http://teatrandersena.pl/wp-content/themes/Avada-Child-Theme/jq.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
jquery-migrate - 1.4.0 : -http://teatrandersena.pl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.0
jquery - 1.12.3 : (active1) -http://teatrandersena.pl/wp-includes/js/jquery/jquery.js?ver=1.12.3
(active) - the library was also found to be active by running code
1 vulnerable jQuery library detected

WordPress issues with plug-ins:
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

the-events-calendar-category-colors latest release (4.4.5)
https://github.com/afragen/the-events-calendar-category-colors
events-calendar-pro 4.0.3
knews 1.8.0 latest release (1.8.0)
http://www.knewsplugin.com
ultimate-posts-widget 2.0.5 latest release (2.0.5)
http://wordpress.org/plugins/ultimate-posts-widget/
qtranslate-x 3.4.6.4 latest release (3.4.6.7) Update required
http://wordpress.org/plugins/qtranslate-x/
revslider

Warning User Enumeration is possible :o
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None
2 None redaktor
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

75% of the trackers on this site could be protecting you from NSA snooping. Tell teatrandersena.pl to fix it.

All trackers
At least 4 third parties know you are on this webpage.

Google
Google
shaaaaaaaaaaaaa.com
-teatrandersena.pl -teatrandersena.pl

See where this lands: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fteatrandersena.pl%2Fwp-content%2Fthemes%2FAvada-Child-Theme%2Fscripts.js+

Code error detected here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fteatrandersena.pl%2Fwp-content%2Fthemes%2FAvada%2Fassets%2Fjs%2Frespond.js

 error: line:136: SyntaxError: missing ; before statement:
          error: line:136:                          errorMessage = "<span style="font-size:16px;color:#BC0C06;">" + errorMessage + "</span>";
          error: line:136: .......................................................^
     error: line:3: SyntaxError: missing = in XML attribute:
          error: line:3: <!DOCTYPE html>
          error: line:3: ..............^

polonus (volunteer website security analyst and website error-hunter)

Added, apply this critical update: https://wordpress.org/news/2016/05/wordpress-4-5-2/
Because of two critical holes attackers could take over your website when WordPress version is not updated.
Also mentioned here: https://www.us-cert.gov/ncas/current-activity/2016/05/09/WordPress-Releases-Security-Updates

pol