Website with script errors abused in content-spam abuse...

Viruses and worms
1

The spammer: https://www.shodan.io/host/94.102.49.159 & https://www.projecthoneypot.org/ip_94.102.49.83
Sample spam and keywords listing, from that:
errors: [quote]
Warning: require(./wp-blog-header.php) [function.require]: failed to open stream: No such file or directory in /home2/dreamb0y/public_html/index.php on line 17

Warning: require(./wp-blog-header.php) [function.require]: failed to open stream: No such file or directory in /home2/dreamb0y/public_html/index.php on line 17

Warning: require(./wp-blog-header.php) [function.require]: failed to open stream: No such file or directory in /home2/dreamb0y/public_html/index.php on line 17

Fatal error: require() [function.require]: Failed opening required ‘./wp-blog-header.php’ (include_path=‘.:/opt/php52/lib/php’) in /home2/dreamb0y/public_html/index.php on line 17 [quote]

Confirmed here: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=aHt8bHRoeWxbZntzdHlsey5tey51a2A%3D~enc
and here: https://sitecheck.sucuri.net/results/healthylifestyle.me.uk

polonus (volunteer 3rd party cold recon website security analyst and website error-hunterO)

2

Even big sites can struggle with internal errors and misconfigured settings.
We see this often with php-driven CMS, like with this website:

https://urlscan.io/result/acaac891-5728-4cc6-b781-54b980581579/ SERVER DETAILS Web Server: nginx/1.14.0 (Ubuntu) IP Address: 99.84.112.117 Hosting Provider: AMAZON-02 Shared Hosting: 1 sites found (use Reverse IP to download list) Title: Daily-Stuff.com News, Gadgets, Entertainment, Business and much more

User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.

Username Name
ID: 1 nikki-maghinang
ID: 2 phelia-cantara
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Linked Sites
Reputation checks have been performed on the IP address for each of the linked sites. Hosts found on blacklists with poor reputation may be a threat to users of the site. Hosting and locations are also included in the results.

Externally Linked Host Hosting / Company Netblock
-www.heraldweekly.com AMAZON-02
-www.domesticatedcompanion.com AMAZON-02
-www.daily-choices.com AMAZON-02
-www.facebook.com FACEBOOK

	   	JS Link	Hosting / Company Netblock

-https://www.daily-stuff.com///www.daily-stuff.com/wp-json/cmg-setup-manager/load-js/pr-djs-production-cmgid-27dbe5… AMAZON-02
-https://www.daily-stuff.com///bundle.daily-stuff.com/bundle/v8/app.js?v=p200614101809-28www.daily-stuff.com AMAZON-02
-https://www.daily-stuff.com/wp-content/themes/cortado/includes/dest/deffered-tasks.min.js?ver=0.0.4.7828340465ab00… AMAZON-02
-https://www.daily-stuff.com///www.daily-stuff.com/wp-json/cmg-setup-manager/load-js/pr-djs-production-cmgid-e95912… AMAZON-02
-https://www.daily-stuff.com/wp-content/themes/cortado/includes/js/jquery.js?v=0.0.4.7828340465ab006d19f5775f9654243bwww.daily-stuff.comhttps://www.daily-stuff.com/wp-content/themes/cortado/includes/js/jquery.js?v=0.0.4.7828340465ab006d19f5775f965424… AMAZON-02
-https://www.daily-stuff.com///securepubads.g.doubleclick.net/tag/js/gpt.js AMAZON-02
-ttps://www.daily-stuff.com///www.daily-stuff.com/wp-json/cmg-setup-manager/load-js/pr-djs-production-cmgid-b5cb05… AMAZON-02
-https://www.daily-stuff.com///www.daily-stuff.com/wp-content/plugins/cmg-prebid/prebid.js?v=p200614101809-28www.da… AMAZON-02
-https://www.daily-stuff.com///www.daily-stuff.com/?wordfence_syncAttackData=1592723428.4073 AMAZON-02
-https://www.daily-stuff.com/wp-content/themes/cortado/includes/dest/menu.min.js?ver=0.0.4.7828340465ab006d19f5775f… AMAZON-02
-https://www.daily-stuff.com///www.daily-stuff.com/wp-json/cmg-setup-manager/load-js/pr-djs-production-cmgid-adfd5b… AMAZON-02

Error: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I3xbbHktc3R1ZmYuXl1t~enc

Site issues and outdated software detected: https://sitecheck.sucuri.net/results/www.daily-stuff.com

Retirable jQuery: jquery 1.12.4 Found in -https://www.daily-stuff.com/wp-content/themes/cortado/includes/js/jquery.js?v=0.0.4.7828340465ab006d19f5775f9654243bwww.daily-stuff.com
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium Regex in its jQuery.htmlPrefilter sometimes may introduce XSS
jquery 3.4.0 Found in -https://www.daily-stuff.com/wp-content/themes/cortado/includes/js/jquery.js?v=0.0.4.7828340465ab006d19f5775f9654243bwww.daily-stuff.com
Vulnerability info:
Medium Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

SyntaxError: Unexpected token ‘<’
/?wordfence_syncAttackData=1592676105.0158:1

0 of 5 domains are tracking. Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -daily-stuff.com to fix it.

Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d08314d2-7de7-XXXX-e421-911c0b450b24 -cmgl.daily-stuff.combruid
Legend

Tracking IDs could be sent safely if this site was secure.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)