• Доброе время суток!

    Только что пришло письмо от хостинга, типа не нравятся им некоторые файлы wordpress:

    Hosting has detected software vulnerabilities in PHP scripts on your web hosting package. To prevent system abuse resulting from exploitation of these vulnerabilities, these should be addressed as quickly as possible. This concerns the following vulnerabilities:
    
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/twitch.min.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/twitch.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/soundcloud.min.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/soundcloud.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/facebook.min.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/facebook.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/dailymotion.min.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/renderers/dailymotion.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/zh.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/zh-cn.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/uk.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/sv.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/sk.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ru.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ro.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/pt.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/pl.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/nl.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ko.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ja.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/it.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/hu.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/hr.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/fr.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/fa.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/es.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/de.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/cs.js
    XSS vulnerability in WordPress (An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that was included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.)
    /home/audioboo/public_html/testsite/wp-includes/js/mediaelement/lang/ca.js
    
    These are scheduled to be automatically patched with in 48 hours. However you can take actions such as updating the install to address these. 

    Что это означает? Хостинг перестраховывается? Действительно ли там опасные файлы?

    • Тема изменена 6 лет, 4 месяца назад пользователем SeVlad. Причина: Правила форума, п7
Просмотр 12 ответов — с 1 по 12 (всего 12)
  • Доброе время суток!

    И вам не хворать.

    Но надо указывать адрес сайта, весию WP, используемую тему … и вообще вот здесь посмотрите

    • Ответ изменён 6 лет, 4 месяца назад пользователем O.
    • Ответ изменён 6 лет, 4 месяца назад пользователем O.

    Но даже я, человек далекий от знания английского, понял что речь идет о наличии на сайте потенциально опасных Flash элементов. Не знаю что именно там у вас установлено, но хостинг по своему прав да и вообще Flash это уже позавчерашний день. Даже современные браузеры перестают поддерживать эту технологию и включают Flash только после предупреждения http://joxi.ru/RmzEN7auWbWYyr

    в 4.9.2 этих файлов больше нет.
    раз хостинг у вас ругается — значит движок у вас не обновлен до последней версии или обновлен криво. а может просто уведомление с опозданием пришло, кто его знает.

    в любом случае — просто выполните переустановку движка из консоли.

    Модератор Yui

    (@fierevere)

    永子

    Действительно ли там опасные файлы?

    версия 4.9.2 исправляет некоторые проблемы с безопасностью (XSS), как раз в этих файлах
    при корректном обновлении у вас части файлов быть уже не должно, остальные должны быть исправлены

    Спасибо, наверное, действительно обновление плохо прошло. Попробую заново переустановить движок.

    Модератор Юрій

    (@yube)

    Попробую заново переустановить движок.

    Обновить и переустановить — две большие разницы. Переустановка предполагает очистку БД, т.е. удаление всех настроек и контента. Оно Вам надо?

    Я понял в чем была проблема. Это была моя тестовая установка вордпресс, на которой планировал обкатывать новые плагины, темы и т.д. Так как никто не посещал тестовый сайт, он автоматически не обновился до 4.9.2. Пока что за ненадобностью вообще удалил эту папку, сделаю тестовый сайт на другом хостинге, не таком бдительном 🙂

    сделаю тестовый сайт на другом хостинге, не таком бдительном

    А бдительность в данном случае разве плохо?

    А бдительность в данном случае разве плохо?

    Если я правильно понял последнюю фразу сообщения хостера — файлы будут изменены/удалены, то да. Это не бдительность, а автоматическая паранойя.

    alexander70, что за хостинг, интересно?

    Этот форум тоже бдительный 🙂 Написал название хостинга, вышло: Это сообщение было помещено автоматической системой в очередь для проверки. Оно будет проверено в течение 72 часов.

    Хостинг интерсервер нет

    Написал название хостинга, вышло

    акисмет крайне не любит ссылок в сообщениях.
    особенно, если эти ссылки были уже помечены спамом на каких-либо форумах или сайтах.

    Вскоре после того письма у них сервер вообще накрылся, так что не советую. Буду уходить от них.

Просмотр 12 ответов — с 1 по 12 (всего 12)
  • Тема «Предупреждение от хостинга» закрыта для новых ответов.