search

gangplank / gangplank-theme

0 stars 1 forks source link

site is compromised #3

Open chuckreynolds opened 6 years ago

chuckreynolds commented 6 years ago

Probably because GD hosts it but heads up to whomever is supposed to be paying attention to this stuff. I let Benner know to pass it on but still looks hacked.

https://sitecheck.sucuri.net/results/gangplankhq.com

screen shot 2018-03-08 at 2 25 56 pm
refriedchicken commented 6 years ago

Chuck,

I will pass this on to Chris who has been helping take care of these issues.

From: Chuck Reynoldsmailto:notifications@github.com Sent: Thursday, March 8, 2018 3:26 PM To: gangplank/gangplank-thememailto:gangplank-theme@noreply.github.com Cc: Subscribedmailto:subscribed@noreply.github.com Subject: [gangplank/gangplank-theme] site is compromised (#3)

Probably because GD hosts it but heads up to whomever is supposed to be paying attention to this stuff. I let Benner know to pass it on but still looks hacked.

https://sitecheck.sucuri.net/results/gangplankhq.com

[screen shot 2018-03-08 at 2 25 56 pm]https://user-images.githubusercontent.com/46185/37180095-a530da84-22dc-11e8-9845-dbcc31204817.png

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHubhttps://github.com/gangplank/gangplank-theme/issues/3, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AADg5v0nh9iGrVIsxK3evPi1qtSz2AhQks5tcbARgaJpZM4Sjcuq.

cklosowski commented 6 years ago

@chuckreynolds I removed that last night, it never made the repo, had gotten injected. I killed it this morning and removed a ton of plugins last night.

cklosowski commented 6 years ago

The issue isn't the host, we had some really out of date plugins that were not being used and were still active and didn't have a license key to get an update. I've removed any plugins we're not using, added in some sanitization functions and killed that code that was injected into the footer.php file.

davis9001 commented 6 years ago

I refreshed the Securi scan and there's one item left from what I can see:

https://gangplankhq.com/404javascript.js

screen shot 2018-03-08 at 3 47 29 pm

cklosowski commented 6 years ago

@iwantdavid I actually reached out to GoDaddy and Securi on this and they stated that it's simply our site not properly handling javascript 404's correctly. The file mentioned does not exist on the server, and there are no references to it. I've gone through a WordFence scan and had the Securi team look at it and they don't see anything wrong on the site so they mentioned it's likely related to something on our site reporting a 500 error. I'll keep digging further, but if the Securi team themselves don't see anything wrong, it appears to be a bad scan.