Предупреждение от хостинга

(@alexander70)

Доброе время суток!

Только что пришло письмо от хостинга, типа не нравятся им некоторые файлы wordpress:

Hosting has detected software vulnerabilities in PHP scripts on your web hosting package. To prevent system abuse resulting from exploitation of these vulnerabilities, these should be addressed as quickly as possible. This concerns the following vulnerabilities:

XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/twitch.min.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/twitch.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/soundcloud.min.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/soundcloud.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/facebook.min.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/facebook.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/dailymotion.min.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/dailymotion.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/zh.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/zh-cn.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/uk.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/sv.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/sk.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ru.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ro.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/pt.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/pl.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/nl.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ko.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ja.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/it.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/hu.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/hr.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/fr.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/fa.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/es.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/de.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/cs.js
XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
/home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ca.js

These are scheduled to be automatically patched with in 48 hours. However you can take actions such as updating the install to address these.

Что это означает? Хостинг перестраховывается? Действительно ли там опасные файлы?

Тема изменена 5 лет, 4 месяца назад пользователем SeVlad. Причина: Правила форума, п7

Просмотр 12 ответов — с 1 по 12 (всего 12)

O
(@perdyllo)

5 лет, 4 месяца назад
Доброе время суток!

И вам не хворать.

Но надо указывать адрес сайта, весию WP, используемую тему … и вообще вот здесь посмотрите
- Ответ изменён 5 лет, 4 месяца назад пользователем O.
- Ответ изменён 5 лет, 4 месяца назад пользователем O.
O
(@perdyllo)

5 лет, 4 месяца назад

Но даже я, человек далекий от знания английского, понял что речь идет о наличии на сайте потенциально опасных Flash элементов. Не знаю что именно там у вас установлено, но хостинг по своему прав да и вообще Flash это уже позавчерашний день. Даже современные браузеры перестают поддерживать эту технологию и включают Flash только после предупреждения http://joxi.ru/RmzEN7auWbWYyr

Flector
(@flector)

5 лет, 4 месяца назад

в 4.9.2 этих файлов больше нет.
раз хостинг у вас ругается — значит движок у вас не обновлен до последней версии или обновлен криво. а может просто уведомление с опозданием пришло, кто его знает.

в любом случае — просто выполните переустановку движка из консоли.

Модератор Yui
(@fierevere)

永子

5 лет, 4 месяца назад

Действительно ли там опасные файлы?

версия 4.9.2 исправляет некоторые проблемы с безопасностью (XSS), как раз в этих файлах
при корректном обновлении у вас части файлов быть уже не должно, остальные должны быть исправлены

Автор alexander70
(@alexander70)

5 лет, 4 месяца назад

Спасибо, наверное, действительно обновление плохо прошло. Попробую заново переустановить движок.

Модератор Yuri
(@yube)

5 лет, 4 месяца назад

Попробую заново переустановить движок.

Обновить и переустановить — две большие разницы. Переустановка предполагает очистку БД, т.е. удаление всех настроек и контента. Оно Вам надо?

Автор alexander70
(@alexander70)

5 лет, 4 месяца назад

Я понял в чем была проблема. Это была моя тестовая установка вордпресс, на которой планировал обкатывать новые плагины, темы и т.д. Так как никто не посещал тестовый сайт, он автоматически не обновился до 4.9.2. Пока что за ненадобностью вообще удалил эту папку, сделаю тестовый сайт на другом хостинге, не таком бдительном 🙂

Webliberty
(@webliberty)

5 лет, 4 месяца назад

сделаю тестовый сайт на другом хостинге, не таком бдительном

А бдительность в данном случае разве плохо?

SeVlad
(@sevlad)

5 лет, 4 месяца назад

А бдительность в данном случае разве плохо?

Если я правильно понял последнюю фразу сообщения хостера — файлы будут изменены/удалены, то да. Это не бдительность, а автоматическая паранойя.

alexander70, что за хостинг, интересно?

Автор alexander70
(@alexander70)

5 лет, 4 месяца назад

Этот форум тоже бдительный 🙂 Написал название хостинга, вышло: Это сообщение было помещено автоматической системой в очередь для проверки. Оно будет проверено в течение 72 часов.

Хостинг интерсервер нет

Flector
(@flector)

5 лет, 4 месяца назад

Написал название хостинга, вышло

акисмет крайне не любит ссылок в сообщениях.
особенно, если эти ссылки были уже помечены спамом на каких-либо форумах или сайтах.

Автор alexander70
(@alexander70)

5 лет, 4 месяца назад

Вскоре после того письма у них сервер вообще накрылся, так что не советую. Буду уходить от них.

Просмотр 12 ответов — с 1 по 12 (всего 12)

Тема «Предупреждение от хостинга» закрыта для новых ответов.