Word Press website with malware and insecurity!

Viruses and worms
1

See malware in wp-content: http://urlquery.net/report/117c975b-a751-45e0-b3e1-d9591b50debf
Not flagged by Sucuri’s: https://sitecheck.sucuri.net/results/www.kravitzlaw.com

Word Press plug-ins to check: vamtam-push-menu & revslider…
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 gabriel gabriel
2 Admin Afiliazon afiliazon
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Cloudflare nginx abuse…
http://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.kravitzlaw.com%2Fwp-content%2Fthemes%2Flawyers-attorneys%2Fwpv_theme%2Fassets%2Fcss%2Fselect2.css%3Fver%3D4.8

Retirable libraries: -https://www.kravitzlaw.com
Detected libraries:
bootstrap - 3.3.7 : https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js?ver=4.8
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
jquery-migrate - 1.4.1 : -https://www.kravitzlaw.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
jquery - 1.12.4 : (active1) -https://www.kravitzlaw.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
backbone.js - 1.3.3 : (active1) -https://www.kravitzlaw.com
(active) - the library was also found to be active by running code
2 vulnerable libraries detected

F-Grade and recommendations: https://observatory.mozilla.org/analyze.html?host=www.kravitzlaw.com

Google mapping as -https://maps.googleapis.com/maps/vt?pb=!1m4!1m3!1i15!2i9084!3i13955!1m4!1m3!1i15!2i9085!3i13955!1m4!1m3!1i15!2i9084!3i13956!1m4!1m3!1i15!2i9085!3i13956!2m3!1e0!2sm!3i386081012!3m9!2sen-US!3sUS!5e18!12m1!1e68!12m3!1e37!2m1!1ssmartmaps!4e3!12m1!5b1&callback=xdc._fnbnwj&token=99252

polonus (volunteer website security analyst and website error-hunter)

2

Another malicious website with Word Press CMS and blocked as malware domain by adblockers, known PHISH also…
5 to flag: https://www.virustotal.com/pl/url/cd41bc86b168993c8e4b10709234a6088a60873364b93423a83c6e9ad6833d7d/analysis/1501452959/

Google Safe Browser has not blacklisted this website.
Configuration error: Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 admin admin
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

2 vulnerable libraries: http://retire.insecurity.today/#!/scan/2a184feb20eaf17aa1940c830479dd335dd71575bcec15bea39df02f9cfc0dee

Domain Validated SSL
No information about the site has been validated. Your data is protected, but providing personal and financial information is not recommended.

/wp-content/themes/maxx-wp/js/scripts.js?ver=1.0 Severity: Potentially Suspicious Reason: Detected procedure that is commonly used in suspicious activity. Details: Too low entropy detected in string [['titleundefinedtitle</option']] of length 101 which may point to obfuscation or shellcode.
/wp-content/themes/maxx-wp/js/jquery.skitter-min.js?ver=3.8 Severity: Potentially Suspicious Reason: Detected procedure that is commonly used in suspicious activity. Details: Too low entropy detected in string [['(q($){f 2Q=0,5I=[];$.2o.45=q(D){11 c.3F(q(){$(c).8d(\'8e\',2Q);5I.5J(2K $3e(c,D,2Q));++2Q})};f 5K={1']] of length 30217 which may point to obfuscation or shellcode.
suspicious code found by Quttera's ...
Pages not found: -http://www.tarteelequran.com.au/wp-includes/images/ -http://www.tarteelequran.com.au/wp-includes/images/skype:tarteelequran1?call. etc. also link not found to -www.trustwave.com/ -http://www.tarteelequran.com.au/wp-includes/images/

-http://www.tarteelequran.com.au/wp-includes/images/skype:tarteelequran1?call.
image file (alt text: “skype”)
-http://www.tarteelequran.com.au/wp-includes/images/
-https://www.tarteelequran.com.au/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au
-http://www.tarteelequran.com.au/wp-includes/images/skype:tarteelequran1?call./
TarteeleQuran
-http://www.tarteelequran.com.au/wp-includes/images/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/mission/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/mission/
-https://www.tarteelequran.com.au/tajweed/
Advance Tajweed Course
-https://www.tarteelequran.com.au/mission/
-https://www.tarteelequran.com.au/applied-tajweed-course/
Applied Tajweed Course
-https://www.tarteelequran.com.au/mission/
-https://www.tarteelequran.com.au/learn-ten-qirat-online
Learn Ten Qirat Online
-https://www.tarteelequran.com.au/mission/
-https://www.tarteelequran.com.au/basic-tajweed/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/basic-tajweed/
-https://www.tarteelequran.com.au/quran-reading-with-tajweed/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/quran-reading-with-tajweed/
-https://www.tarteelequran.com.au/learn-quran-online-for-beginners/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/learn-quran-online-for-beginners/
-https://www.tarteelequran.com.au/memorize-quran-online/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/memorize-quran-online/
-https://www.tarteelequran.com.au/pillars-of-islam/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/pillars-of-islam/
-https://www.tarteelequran.com.au/learn-daily-supplication-online/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/learn-daily-supplication-online/
-https://www.tarteelequran.com.au/fee-schedule/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/fee-schedule/
-https://www.tarteelequran.com.au/privacy-policy/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/privacy-policy/
-https://www.tarteelequran.com.au/contact-us/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/contact-us/
-https://www.tarteelequran.com.au/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/mission/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/mission/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/tajweed/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/tajweed/
-https://www.tarteelequran.com.au/applied-tajweed-course/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/applied-tajweed-course/
-https://www.tarteelequran.com.au/learn-ten-qirat-online/skype:tarteelequran1?call.
image file (alt text: “skype”)
-https://www.tarteelequran.com.au/learn-ten-qirat-online
-https://www.tarteelequran.com.au/learn-ten-qirat-online/
TarteeleQuran
-https://www.tarteelequran.com.au/learn-ten-qirat-online
-https://www.tarteelequran.com.au/basic-tajweed/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/basic-tajweed/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/quran-reading-with-tajweed/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/quran-reading-with-tajweed/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/learn-quran-online-for-beginners/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/learn-quran-online-for-beginners/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/memorize-quran-online/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/memorize-quran-online/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/pillars-of-islam/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/pillars-of-islam/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/learn-daily-supplication-online/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/learn-daily-supplication-online/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/fee-schedule/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/fee-schedule/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/privacy-policy/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/privacy-policy/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/contact-us/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/contact-us/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/tajweed/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/tajweed/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/applied-tajweed-course/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/applied-tajweed-course/skype:tarteelequran1?call.
-https://www.tarteelequran.com.au/learn-ten-qirat-online/skype:tarteelequran1?call./
TarteeleQuran
-https://www.tarteelequran.com.au/learn-ten-qirat-

For all these links we met a 404 by cold reconnaissance scanning using online ninja scan.

SQL-probe seen lately from that IP: https://www.abuseipdb.com/check/184.164.137.162 and exploited host (July 10th lately).

polonus (volunteer website security analyst and website error-hunter)