Navigation
Archive / Cornerstone plugin files are showing up as "suspicious"
This is archived content. Visit our new forum.

Tagged: 

  • Author
    Posts
  • July 18, 2016 at 12:48 pm #1092198

    jtrajewski
    Participant

    Hello,

    My site is being blacklisted due to some code found in this file on my site

    here is a link to the report

    https://quttera.com/detailed_report/www.jonrajewski.com

    here are the details

    Alert: Potentially Suspicious Content Detected On This Website!

    Malicious files: 0
    Suspicious files: 0
    Potentially Suspicious files: 1
    /wp-content/plugins/cornerstone/assets/dist/js/site/cs-body.min.js?ver=1.3.0
    Severity: Potentially Suspicious
    Reason: Detected procedure that is commonly used in suspicious activity.
    Details: Too low entropy detected in string [[‘0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000’]] of length 100 which may point to obfuscation or shellcode.
    Threat dump: View code
    ×
    File name: /wp-content/plugins/cornerstone/assets/dist/js/site/cs-body.min.js?ver=1.3.0

    [[i){e.strings.push(t(i).html())})}this.init()},typewrite:function(t,e){if(this.stop!==!0){varn=Math.round(70*Math.random())+this.typeSpeed,i=this;i.timeout=setTimeout(function(){varn=0,a=t.substr(e);if(“^”===a.charAt(0)){varo=1;/^\^\d+/.test(a)%26%26(a=/\d+/.exec(a)[0],o+=a.length,n=parseInt(a)),t=t.substring(0,e)+t.substring(e+o)}if(“html”===i.contentType){vars=t.substr(e).charAt(0);if(“<“===s||”%26″===s){varr=””,l=””;for(l=”<“===s?”>”:”;”;t.substr(e).charAt(0)!==l;)r+=t.substr(e).charAt(0),e++;e++,r+=l}}i.timeout=setTimeout(function(){if(e===t.length){if(i.options.onStringTyped(i.arrayPos),i.arrayPos===i.strings.length-1%26%26(i.options.callback(),i.curLoop++,i.loop===!1||i.curLoop===i.loopCount))return;i.timeout=setTimeout(function(){i.backspace(t,e)},i.backDelay)}else{0===e%26%26i.options.preStringTyped(i.arrayPos);varn=t.substr(0,e+1);i.attr?i.el.attr(i.attr,n):i.isInput?i.el.val(n):”html”===i.contentType?i.el.html(n):i.el.text(n),e++,i.type]]

    I haven’t done much customization if not any outside of what x/cornerstone offers. Can you please help?

    July 18, 2016 at 1:11 pm #1092218

    Rupok
    Member

    Hi there,

    Thanks for writing in! There is nothing wrong with the code that should be blacklisted. I am not sure why the website you mentioned think it’s “Potentially Suspicious”. Would you clarify where your site “is being blacklisted”?

    Cheers!

    July 18, 2016 at 1:13 pm #1092220

    Darshana
    Moderator

    Hi there,

    Thanks for writing in! Could you please try deleting your Cornerstone folder by connecting to your FTP account “/wp-content/plugins/cornerstone/” and install a fresh copy by head over to X Addons section within your WordPress backend.

    Let us know how it goes.
    Thanks!

    July 18, 2016 at 1:30 pm #1092241

    jtrajewski
    Participant

    Rupok,

    It’s the corporate web filters. Right now I’m talking with Senderbase.org (cisco).

    July 18, 2016 at 1:46 pm #1092266

    jtrajewski
    Participant

    Darshana,

    I just did what you said and rescanned – still coming up as negative.

    help!

    Jon

    July 18, 2016 at 2:33 pm #1092342

    Nico
    Moderator

    Hi There,

    Would you mind sharing us your admin credentials and FTP so we could check your setup closer.

    Don’t forget to set it as private reply.

    I have also encountered this kind suspicious however there is nothing suspicious there that might be a issue.

    Thanks.

    July 19, 2016 at 2:25 pm #1094055

    jtrajewski
    Participant

    The company has manually reviewed the site and confirmed everything is good. Thanks for your help.

    July 19, 2016 at 2:35 pm #1094066

    Joao
    Moderator

    Glad to hear it.

    Let us know if we can help with anything else.

    Joao

  • Author
    Posts