Word press security-report-www.fansandfollowers.org

2,085 views
2,051 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,085
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Word press security-report-www.fansandfollowers.org

  1. 1. HackerTarget.com Wordpress Security Report Wordpress Security Report HackerTarget.com HackerTarget.com is the world leader in online open source intelligence and security assessments. All scanning tools are on-line for easy and convenient access.HackerTarget.com Vulnerability Scan options include:Server / IP Web Sites Intelligence CMSNmap Port Scan WhatWeb Site Fingerprint DomainProfiler WordPress ScanOpenVas Scan SQL Injection Test Fierce Domain Scan Joomla ScanSSL Check Nikto Web Scan Hosting Server Info Drupal Scan BlindElephant Scan This report is autogenerated using various sources and scripts. No guarantee is made to the accuracy of the information found. See http://hackertarget.com for full Terms of Service. Design and Layout is licensed under a Creative Commons Attribution 3.0 Unported License.Wordpress Security Scan by HackerTarget.com LLC 1 of 10
  2. 2. HackerTarget.com Wordpress Security Report Table of Content Wordpress Security Report 1 HackerTarget.com 1 Table of Content 2 Wordpress Site Info 3 Domain Reputation Check 3 Default Login Page 3 Robots.txt found 3 Site Link Review 4 External Site Links 4 Internal Site Links 4 Plugins, Theme and Javascript 5 Javascript links and Scripts found 5 iframes found in pages 6 WPScan Results 6 Hosting Information for www.fansandfollowers.org 8 Websites sharing the same IP address 8 Appendix A : Additional Resources 10 The Basics 10 Advanced Security Testing 10 Further Information 10Wordpress Security Scan by HackerTarget.com LLC 2 of 10
  3. 3. HackerTarget.com Wordpress Security Report This report is based on an automated security scan perfomed by hackertarget.com. It was generated on Wed Nov 14 21:58:22 2012 More InformationWordpress Site Info www.fansandfollowers.org/ Wordpress Version: 3.4.2 Good the version of Wordpress is current. It is recommended to always upgrade to the latest version. Web Server: Apache MetaGenerator: Nova v.2.2,WordPress 3.4.2 Buy Instagram Followers,Get more Instagram Page Title: Followers,Buy Instagram Likes,Instagram Followers,how to get followers on instagramDomain Reputation CheckThe site www.fansandfollowers.org has been checked against web reputation services Ref Service Site Check Result Google Safebrowsing finds this site as safe SAFE MyWot has rated the sites trustworthiness as Very Poor 1Default Login Page The WordPress administration login page is at the default location http://www.fansandfollowers.org//wp-admin/This is not a critical risk however it should be understood that brute force attacks against WordPress login accountsincluding the admin account are not difficult. A strong password on the admin accounts is vital. It is recommended torename the default admin account to a non-generic name.Robots.txt foundThe robots.txt is used to tell search engines to ignore parts of your site. It can also be used by attackers to find stuff youmay not want to be public and other interesting directories. raw file User-agent: * Disallow: /wp-admin/ Disallow: /wp-includes/ Sitemap: http://www.fansandfollowers.org/sitemap.xml.gzWordpress Security Scan by HackerTarget.com LLC 3 of 10
  4. 4. HackerTarget.com Wordpress Security ReportSite Link ReviewUse this section to understand a sites link structure and the reputation of linked sites.External Site LinksThese links have been found to external sites. They have been assessed for reputation using the Google Safe Browse andMyWOT reputation services. link Google MyWOT http://twitter.com/share SAFE 95Internal Site LinksThese are the links from the main index page to other pages within the website. links http://www.fansandfollowers.org http://www.fansandfollowers.org/ http://www.fansandfollowers.org/contact-2/ http://www.fansandfollowers.org/instagram-followers/ http://www.fansandfollowers.org/instagram-likes/ http://www.fansandfollowers.org/instagram-popular-page/ http://www.fansandfollowers.org/purchase-agreement/ http://www.fansandfollowers.org/terms-of-service/ http://www.fansandfollowers.org/twitter-followers-2/ http://www.fansandfollowers.org/wp-content/uploads/2012/08/Buy-instagram-followers.jpg http://www.fansandfollowers.org/your-name-on-cappuccino/ http://www.fansandfollowers.org/youtube-views/ http://www.fansandfollowers.org/z-faq/Wordpress Security Scan by HackerTarget.com LLC 4 of 10
  5. 5. HackerTarget.com Wordpress Security ReportPlugins, Theme and JavascriptWordPress plugins and Themes should be monitored for updates. Security vulnerabilities are often fixed in updates.Javascript and iframes of unknown origin should be checked to ensure they are legmitimate. A compromised site will usethese as vectors in order to deliver malware against client systems.Javascript links and Scripts foundWP Theme: NovaGoogle Analytics Account ID : UA-30553062-1WordPress Plugins Detected name version latest announcer 3.4.2 arconix-shortcodes floating-menu jetpack 3.4.2 1.5 shortcodes-ultimate 3.9.5 3.9.5 skype-online-status 2.8.6 strx-magic-floating-sidebar-maker 3.4.2 These plugins were detected passively from a sample of sites pages. This is not a full audit of the plugins installed.The WPScan Active scan option can detect plugins more aggressively. Regular monitoring of plugins should be undertakenand fixes applied when released.Internally Linked Javascript link http://www.fansandfollowers.org/wp-content/plugins/announcer/public/announcer-js.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/plugins/floating-menu/js/jquery.easing.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/plugins/floating-menu/js/jquery.floater.2.2.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/plugins/floating-menu/js/jquery.hoverIntent.minified.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/init.js?ver=3.9.5 http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/jcarousel.js?ver=3.9.5 http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/jwplayer.js?ver=3.9.5 http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/js/nivoslider.js?ver=3.9.5 http://www.fansandfollowers.org/wp-content/plugins/skype-online-status/js/skypeCheck.js?ver=2.8.6 http://www.fansandfollowers.org/wp-content/plugins/strx-magic-floating-sidebar-maker/js/debounce.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/plugins/strx-magic-floating-sidebar-maker/js/strx-magic-floating-sidebar-maker.js?ver=3.4.2 http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4 http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 http://www.fansandfollowers.org/wp-content/themes/Nova/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.8 http://www.fansandfollowers.org/wp-content/themes/Nova/js/Colaborate-Thin_400-Colaborate-Medium_400.font.js http://www.fansandfollowers.org/wp-content/themes/Nova/js/DD_belatedPNG_0.0.8a-min.js http://www.fansandfollowers.org/wp-content/themes/Nova/js/cufon-yui.js http://www.fansandfollowers.org/wp-content/themes/Nova/js/jquery.cycle.all.min.js http://www.fansandfollowers.org/wp-content/themes/Nova/js/jquery.easing.1.3.js http://www.fansandfollowers.org/wp-content/themes/Nova/js/superfish.jsWordpress Security Scan by HackerTarget.com LLC 5 of 10
  6. 6. HackerTarget.com Wordpress Security Report http://www.fansandfollowers.org/wp-includes/js/comment-reply.js?ver=3.4.2iframes found in pagesThese iframe links should be checked to ensure they are legitimate. Malware and compromised hosts can be linked bymalicious iframes link Google MyWOT http://www.facebook.com/plugins/like.php? href=http%3A%2F%2Fwww.fansandfollowers.org%2F&layout=standard&show_faces=false&width=450 SAFE 90 &action=like&colorscheme=light&height=80 http://www.facebook.com/plugins/like.php? href=http%3A%2F%2Fwww.fansandfollowers.org%2Finstagram- SAFE 90 followers%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height= 80 http://www.facebook.com/plugins/like.php? href=http%3A%2F%2Fwww.fansandfollowers.org%2Finstagram- SAFE 90 likes%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=80 http://www.facebook.com/plugins/like.php? href=http%3A%2F%2Fwww.fansandfollowers.org%2Fyoutube- SAFE 90 views%2F&layout=standard&show_faces=false&width=450&action=like&colorscheme=light&height=80WPScan ResultsThe following results have been returned by the active WPScan. WPScan Output WordPress Security Scanner by ethicalhack3r.co.uk Sponsored by the RandomStorm Open Source Initiative _____________________________________________________ | URL: http://www.fansandfollowers.org/ | Started on Wed Nov 14 21:58:45 2012 [!] The WordPress theme in use is called Nova v2.2 [!] The WordPress "http://www.fansandfollowers.org/readme.html" file exists [!] WordPress version 3.4.2 identified from meta generator [+] Enumerating plugins from passive detection ... 6 found : | Name: announcer | Location: http://www.fansandfollowers.org/wp-content/plugins/announcer/ | Name: shortcodes-ultimate | Location: http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/ | Name: jetpack | Location: http://www.fansandfollowers.org/wp-content/plugins/jetpack/ | | [!] WordPress jetpack plugin SQL Injection Vulnerability | * Reference: http://www.exploit-db.com/exploits/18126/ | Name: arconix-shortcodes | Location: http://www.fansandfollowers.org/wp-content/plugins/arconix-shortcodes/ | Name: strx-magic-floating-sidebar-maker | Location: http://www.fansandfollowers.org/wp-content/plugins/strx-magic-floating-sidebar-maker/ | Name: floating-menu | Location: http://www.fansandfollowers.org/wp-content/plugins/floating-menu/ [+] Enumerating installed plugins ... [+] We found 11 plugins:Wordpress Security Scan by HackerTarget.com LLC 6 of 10
  7. 7. HackerTarget.com Wordpress Security Report | Name: skype-online-status | Location: http://www.fansandfollowers.org/wp-content/plugins/skype-online-status/ | Directory listing enabled? Yes. | Name: bulletproof-security | Location: http://www.fansandfollowers.org/wp-content/plugins/bulletproof-security/ | Directory listing enabled? Yes. | | [!] WordPress BulletProof Security <= 0.47 Cross Site Scripting | * Reference: http://packetstormsecurity.org/files/112618/ | Name: shortcodes-ultimate | Location: http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/ | Directory listing enabled? Yes. | Name: clickdesk-live-support-chat-plugin | Location: http://www.fansandfollowers.org/wp-content/plugins/clickdesk-live-support-chat-plugin/ | Directory listing enabled? Yes. | Name: 6scan-protection | Location: http://www.fansandfollowers.org/wp-content/plugins/6scan-protection/ | Directory listing enabled? No. | Name: wp-post-date-remover | Location: http://www.fansandfollowers.org/wp-content/plugins/wp-post-date-remover/ | Directory listing enabled? Yes. | Name: simple-page-ordering | Location: http://www.fansandfollowers.org/wp-content/plugins/simple-page-ordering/ | Directory listing enabled? Yes. | Name: wordpress-simple-paypal-shopping-cart | Location: http://www.fansandfollowers.org/wp-content/plugins/wordpress-simple-paypal-shopping- cart/ | Directory listing enabled? Yes. | Name: quick-chat | Location: http://www.fansandfollowers.org/wp-content/plugins/quick-chat/ | Directory listing enabled? Yes. | Name: share-buttons-simple-use | Location: http://www.fansandfollowers.org/wp-content/plugins/share-buttons-simple-use/ | Directory listing enabled? No. | Name: image-banner-widget | Location: http://www.fansandfollowers.org/wp-content/plugins/image-banner-widget/ | Directory listing enabled? Yes. [+] Enumerating timthumb files... [+] We found 1 timthumb file/s: [!] http://www.fansandfollowers.org/wp-content/plugins/shortcodes-ultimate/lib/timthumb.php * Reference: http://www.exploit-db.com/exploits/17602/ [+] Enumerating usernames... We found the following 1 username/s: admin [+] Finished at Wed Nov 14 22:17:43 2012Wordpress Security Scan by HackerTarget.com LLC 7 of 10
  8. 8. HackerTarget.com Wordpress Security ReportHosting Information for www.fansandfollowers.orgThe following details about the server and hosting provider have been discovered. Domain: www.fansandfollowers.org IP: 66.147.244.99 Organization: Bluehost AS Name: BLUEHOST-AS-2 ISP: BLUEHOST INC. City: Provo Country: United StatesWebsites sharing the same IP addressThese sites have been found to be sharing the servers IP address, the primary source for this data is a Bing IP addresssearch. Reputation is checked using the Google Safe Browse and MyWOT services. link Page Title Google MyWOT www.festiveeffects.com Festive Effects - Creative Balloon Decorations and Family ... SAFE ??? stoltzfus.com Stoltzfus Enterprises, Ltd. - Builder of Custom Homes ... SAFE 70 www.iimn.org Home | International Institute of Minnesota SAFE 71 www.fingerfoodjewelry.com Fingerfood Jewelry - Miniature Food Jewelry Made From Polymer Clay SAFE ??? melissaoyler.com Melissa Oyler Designs, LLC SAFE ??? www.sindhar.com Sindhar SAFE 73 delicatesales.com Delicate Sales SAFE ??? icarusconsultants.com Icarus Consultants: Pharma Biotech Marketing Strategy, New ... SAFE 70 jassdevelopers.com Jass Developers, Residential Apartments, Flats, Individual houses ... SAFE ??? stewartlandscape.com Stewart Lawn & Landscape :: Home SAFE 70 www.skatalites.com SKATALITES | The Foundation of Ska, Rock Steady & Reggae SAFE 78 alkiautobody.com Fix Auto South Seattle SAFE ??? www.kimassociates.com Elizabeth H. Kim & Associates, PLLC - Attorneys and Counselors at Law SAFE ??? heliotech-eg.com Home - HelioTech SAFE ??? rockford-id.com Rockford ID Shop, Inc. SAFE ??? joy-liu.com joy-liu.com | visual communication SAFE ??? www.schnellcontracting.com Schnell Contracting - Home SAFE ??? www.leafpile.com Leafpile: Henry & Kathleens Website SAFE 72 www.saloneast316.com Salon East 316 SAFE ??? biancasrestaurant.com Welcome to Biancas Italian Eatery! SAFE 70 johnnygalbraith.com Johnny Galbraith .:. Copywriter Portfolio SAFE ??? www.groupxcel.com GroupXcel.com - Facility Services Experts, Janitorial, HVAC ... SAFE ??? www.alpinaautobodyshop.com Auto repair portland oregon | Auto body painting SAFE ??? www.willboisture.com WillBoisture.com SAFE ??? www.vdaconsulting.com Roofing Consultants: Waterproofing, Inspections SAFE ??? www.eitacp.com EIT | Excellence In Teaching SAFE ??? www.jennifer-renee.com Jennifer Renee Photography SAFE ??? www.mrhomeinspector.net Home Inspection SAFE ??? www.aromaglass.com Wholesale Aroma Jewelry - AromaGlass SAFE ???Wordpress Security Scan by HackerTarget.com LLC 8 of 10
  9. 9. HackerTarget.com Wordpress Security Report www.jobless-movie.com Jobless Short Film SAFE ??? www.bettefrankleahy.com bette frank leahy SAFE ??? kyungheetkd.com Kyung Hee Tae Kwon Do SAFE ??? fifteenminutefitness.com fifteen minute fitness: chico, ca SAFE ??? www.theairking.com The Air King Inc. SAFE ??? awakeningcharlotte.com Natural Awakenings Magazine Charlotte SAFE ??? estherprosser.com Esther Prosser Real Estate SAFE ??? biotechstrategyblog.com Biotech Strategy Blog - Science, Innovation, New Products SAFE ??? www.beaconfwb.org Beacon Free Will Baptist Church SAFE ??? sistercitiesoffishers.org Sister Cities Association of Fishers SAFE ??? saraandrocky.com sara & rocky :: texas wedding photographers SAFE ??? www.truckfarmchicago.org Truck Farm Chicago | The Farm-on-Wheels SAFE ??? www.imanor.org Immacolata Manor Immacolata Manor l A Quiet Point of Pride SAFE ??? joeleenworld.com/Home.html Official WebSite of Joeleen "Welcome to my World" DownLoad her New ... SAFE ??? revelcaffe.com Revel Caffe | independent coffee for a Revolution. SAFE ??? www.stcatherinercc.org St. Catherine of Siena Roman Catholic Church SAFE ??? wisewomanwellness.com Wise Woman Wellness, LLC SAFE ??? mosaic-salon.com Mosaic Salon - Greenville, WI SAFE ??? www.goldentouchpetsalon.com Golden Touch Pet Salon SAFE ??? www.vinyloutlet.net Home page [www.vinyloutlet.net] SAFE ??? pharmastrategyblog.com Pharma Strategy Blog SAFE ???Wordpress Security Scan by HackerTarget.com LLC 9 of 10
  10. 10. HackerTarget.com Wordpress Security ReportAppendix A : Additional ResourcesWordPress is a stable and easy to use blogging platform that has a good level of security provided a few easy steps aretaken.The Basics* Back It Up - Be ready to lose it all at anytime. If you have an up to date backup restoring is much easier* Keep WordPress System up to date* Keep all Plugins up to date* Beware of untrusted Themes* Rename admin account to a non-generic name* Use strong passwords ( a dictionary word with a number after it is not a strong password! )* Keep your password safe! Do not re-use it on other sites.* Ensure you have up to date AV on your Windows Machine. Malware collects passwords.* The underlying server must be well managed and in a secure state* VPS or Dedicated server? Set up server monitoring (http://www.ossec.net is a good start)Advanced Security TestingThis report has been generated using automated scripts and tools, while it providesa good overview of the general security of the site and any obvious problems, it isfar from a comprehensive security assessment.HackerTarget.com has a comprehensive security assessment offering that is ineffect a simulated hacker attack against the target system. This assessment by itsnature is much more aggressive than the automated review you are looking at now,and provides a full report with any security holes found along with recommendationsfor increasing the security of the system.Alternatively there is a collection of security tools available for free and online for testing at HackerTarget.com.Further InformationThere are a thousand and one guides for wordpress security tips. Some of the best information is from the source.* Hardening WordPress* FAQ My Site Was HackedWordpress Security Scan by HackerTarget.com LLC 10 of 10

×