Page 1

 

Attention: Have  You  Heard   Project  Name:  Vodacom  Color  Super  Peers  Wordpress  Upgrades   Date:  11  June  2013  

Wordpress security fixes, Malware removal, Upgrades and Backups Have You  Heard  is  soliciting  proposals  for  fixing  and  upgrade  of  Malware  infected  website:   http://www.colorsuperpeers.co.za/     Please  see  our  proposal  below.  

Solution: After conducting  a  preliminary  site  scan  of  http://www.colorsuperpeers.co.za/  we  have  ascertained  a  number  of  malware   scripts,  security  fixes  and  upgrades  required  to  restore  the  site  to  a  healthy  secure,  functioning  state.  Please  see  scan  results   and  recommendations  below.   A  full  breakdown  of  remedies  is  included  in  the  attached  quotation.    

Recommendations: • • • • • • •

Upgrade wordpress  core  files   Remove  Malware  iframes  from  pages  in  security  scan   Add  Wordpress  security  fixes   Remove  wp-­‐admin  and  login.php  pages  from  directory  –  rename  and  re-­‐instatiate  links.   Block  user  login  attempts  over  3    -­‐  and  throttle  or  block  phishing  /  password  retrieval     Install  BRAVE  backup  software  –  backup  database,  theme  and  core  files  offsite  –  run  weekly  backup  schedule.   Fix    /  remove  header  includes  in  the  http://www.colorsuperpeers.co.za/subscribe/  page.  This  causing  double   iframes  being  loaded  onto  Vodacom  colors  site.  

Site Scan Results: The Plugin  "Custom  Login  lite"  needs  an  upgrade.   Plugin  Name:   Custom  Login  lite   Plugin  Website:   http://austinpassy.com/wordpress-­‐plugins/custom-­‐login  Current  Plugin  Version:  1.1.4   New  Plugin  Version:   2.1.5   Severity:   Critical   Status   New     The  Plugin  "Facebook"  needs  an  upgrade.  

Plugin Name:  

Facebook th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


Plugin Website:   http://wordpress.org/extend/plugins/facebook/ Current  Plugin  Version:  1.2.3   New  Plugin  Version:   1.4   Severity:   Critical   Status   New     The  Plugin  "Google  Analytics  for  WordPress"  needs  an  upgrade.  

Plugin Google  Analytics  for  WordPress   Name:   Plugin   http://yoast.com/wordpress/google-­‐ Website:   analytics/#utm_source=wordpress&utm_medium=plugin&utm_campaign=wpgaplugin&utm_content=v420 Current   Plugin   4.2.8   Version:   New     Plugin   4.3.3   Version:   Severity:   Critical   Status   New    

You need  to  upgrade  "Google  Analytics  for  WordPress"  to  the  newest  version  to  ensure  you  have  any  security  fixes  the   developer  has  released.       The  Plugin  "Twitter  Feed  for  WordPress"  needs  an  upgrade.   Plugin  Name:  Twitter  Feed  for  WordPress   Plugin   http://3doordigital.com/wordpress/plugins/wp-­‐twitter-­‐ Website:   feed/?utm_source=WordPress&utm_medium=Admin&utm_campaign=Twitter%2BFeed Current   Plugin   1.2.2   Version:   New  Plugin     Version:   2.0.1   Severity:   Critical   Status   New    

You need  to  upgrade  "Twitter  Feed  for  WordPress"  to  the  newest  version  to  ensure  you  have  any  security  fixes  the   developer  has  released.         The  Plugin  "Wordpress  Logging  Service"  needs  an  upgrade.   Plugin  Name:   Wordpress  Logging  Service   Plugin  Website:   http://wordpress.org/extend/plugins/wordpress-­‐logging-­‐service Current  Plugin  Version:  1.5.1   New  Plugin  Version:   1.5.3   Severity:   Critical     Status   New    

You need  to  upgrade  "Wordpress  Logging  Service"  to  the  newest  version  to  ensure  you  have  any  security  fixes  the   developer  has  released.       th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


File contains  suspected  malware  URL:  /var/www/vhosts/colorsuperpeers.co.za/httpdocs/wp-­‐links-­‐opml.php   Filename:   wp-­‐links-­‐opml.php   Bad  URL:   http://vcminden.de/mzmd.html?i=3291751   File  type:   Not  a  core,  theme  or  plugin  file.   Issue  first  detected:  a  moment  ago.   Severity:   Critical     Status   New     This  file  contains  a  suspected  malware  URL  listed  on  Google's  list  of  malware  sites.   http://vcminden.de/mzmd.html?i=3291751  -­‐  More  info  available  at  Google  Safe  Browsing  diagnostic  page.         File  contains  suspected  malware  URL:  /var/www/vhosts/colorsuperpeers.co.za/httpdocs/wp-­‐login.php   Filename:   wp-­‐login.php   Bad  URL:   http://recruitingpartners.com/hehd.html?i=3291751   File  type:   Not  a  core,  theme  or  plugin  file.   Issue  first  detected:  a  moment  ago.   Severity:   Critical     Status   New     This  file  contains  a  suspected  malware  URL  listed  on  Google's  list  of  malware  sites.  The  URL  is:   http://recruitingpartners.com/hehd.html?i=3291751  -­‐  More  info  available  at  Google  Safe  Browsing  diagnostic  page.        

WordPress core  file  modified:  wp-­‐links-­‐opml.php   Filename:   wp-­‐links-­‐opml.php   File  type:   Core   Issue  first  detected:  20  secs  ago.   Severity:   Critical     Status   New     This  WordPress  core  file  has  been  modified  and  differs  from  the  original  file  distributed  with  this  version  of  WordPress.        

WordPress core  file  modified:  wp-­‐login.php   Filename:   wp-­‐login.php   File  type:   Core   Issue  first  detected:  20  secs  ago.   Severity:   Critical     Status   New     This  WordPress  core  file  has  been  modified  and  differs  from  the  original  file  distributed  with  this  version  of  WordPress.         th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


WordPress core  file  modified:  readme.html   Filename:   readme.html   File  type:   Core   Issue  first  detected:  1  min  ago.   Severity:   Critical     Status   New     This  WordPress  core  file  has  been  modified  and  differs  from  the  original  file  distributed  with  this  version  of  WordPress.         User  "fantastic"  with  'subscriber'  access  has  a  very  easy  password.   Issue  first  detected:  a  moment  ago.   Login  name:   fantastic   User  email:   nkosi_maphumulo@yahoo.com   Full  name:   Nkosi  Maphumulo   Severity:   Warning   Status   New       A  user  with  'subscriber'  access  has  a  password  that  is  very  easy  to  guess.  Please  either  change  it  or  ask  the  user  to  change   their  password.     Tools:  Edit  this  user     Resolve:  I  have  fixed  this  issue  Ignore  this  weak  password  Ignore  all  this  user's  weak  passwords          

Estimated Budget and Timeline Please note:     -­‐

Total time  estimated  at  3  days  from  acceptance  of  the  quotation.  

-­‐

Timings below  are  detailed  separately,  but  there  will  be  substantial  overlap  throughout  the  project  with  certain   tasks  running  concurrently.    

-­‐

Hourly allocations  are  estimates  only  based  on  past  experience  –  requests  to  reduce  overall  pricing  by  reducing   hours  spent  on  a  particular  line  item  is  not  feasible  or  possible  at  this  early  stage  of  costing.  If  the  reduction  of  any   hourly  allocations  is  possible,  these  will  only  be  evident  at  the  time  of  development  at  which  point  any  savings  or   additional  spends  will  be  brought  to  your  attention  before  commencing  with  additional  development.  

-­‐

Estimated costs  are  based  on  a  flat  hourly  rate  of  R675  per  hour  

  Additional  costs:  

th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


1.

Weekly backups,  Security  updates,  uptime  maintenance  is  charged  at  R2  500  per  month  (depending  on  amount  of   content,  this  fee  can  go  up  and  will  be  assessed  once  the  site  is  complete  and  will  be  reviewed  and  revised  every  3   months  in  case  of  major  site  changes)  

   

About Brave Brave Digital  is  a  full  service  digital  agency  that  specialises  in  the  development  of  insightful  digital  strategy,  creative   conceptualisation  and  design,  expert  development,  seamless  execution  and  efficient  maintenance  of  online  campaigns.     Brave  History:     Our  Brave  beginnings  date  back  to  2002,  when  our  partners  founded  Max  Definition  in  London.  Max  Definition  found  a  niche   in  enterprise-­‐level  online  solutions  in  Flash  and  Coldfusion  for  blue-­‐chip  clients  such  as  British  Telecoms,  Macromedia  (now   Adobe),  Yahoo  and  Philips  Electronics.  We  specialised  in  ultra-­‐light  Flash  websites,  applications  and  solutions.     After  relocating  back  to  South  Africa  in  2004,  our  focus  shifted,  in  response  to  changes  in  the  Marketing  industry,  to  specialist   digital  email  marketing  and  communications  –  and  our  sister  company,  Mailgloo  was  born.     As  our  clients’  need  for  full-­‐service  creative  digital  development  grew,  our  Brave  team  grew  too,  learning  and  up-­‐skilling   along  the  way  whilst  inviting  competent  and  passionate  experts  into  our  work  family.  Today,  our  well-­‐rounded,  dynamic   team  comprises  a  wealth  of  multi-­‐disciplinary  experience  and  complimentary  skills.     Our  Experience:     Brave  Digital  Agency  has  worked  across  a  variety  of  industry  sectors  and  our  experience  includes  both  project  and  retainer   work  with  the  following  clients:       Pfizer  Consumer  Healthcare  (Caltrate  and  Centrum),  Virgin  Money,  Mazda  Wildlife  Fund,  Yellow  Pages,  Omage,  Telkom,   VentureWeb,  Discovery  Health,  Imperial,  Continental  Tyres,  Hilton  Hotels,  Lucozade,  Orbit  chewing  gum.     Our  strengths  and  core  competencies  include:   Website  Development,  Digital  Strategy,  Email  Marketing,  Mobile  Development,  Application  Development,  Social  Marketing,   Game  development,  Viral  Marketing,  Augmented  Reality,  Online  Advertising  and  Media,  Microsites  and  Campaigns.     Meet  Our  Core  Team:    

th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


Grant Mills    

Managing Director  

Ryan Hudson-­‐Bennett    

Creative Technologist  

Julia Redelinghuys      

Account Director  /  Strategist  

Michael Pote      

Senior Developer  

Miranda Sherry    

Content /  Social  Media  Director    

Maleke Phakoe    

Senior Designer  

Della Stapleton    

Senior Interface  Developer  

The  main  point  of  contact  for  this  account  will  be  Julia  Redelinghuys,  working  closely  with  Ryan  Hudson-­‐Bennett  to  ensure   efficient  account  management,  timeous  project  management,  detailed  communication  and  comprehensive  development   solutions.    

Our Experience: Website  development  we  are  proud  of:     1.  Centrum  Guardian  Project   www.centrumguardian.com         Brave  Digital  has  been  responsible  for  all  digital  development  and  campaign  management  on  the  Centrum  Guardian  Project   for  the  last  5  years.  Our  website  includes  a  voting  engine  for  the  project  finalists  and  was  developed  to  work  across  desktop,   tablet,  Facebook  and  mobi  versions  allowing  users  to  vote  across  a  number  of  platforms.  Individual  votes  were  tracked   across  the  platforms  limiting  users  to  10  votes  per  platform.  Voter  information  is  stored  in  a  secure  database  with  full   validation  and  reporting.    Each  year,  the  campaign  includes  a  number  of  phased  web  changeovers,  rich  media  integration   and  social  media  sharing  and  integration.     2.  Omage   www.omage.com     Omage  is  the  2nd  largest  events  company  in  South  Africa.  Our  challenge  was  to  create  a  media  rich  environment  to   showcase  their  eventing  portfolio  and  experience.  The  site  needed  to  appeal  to  both  South  African  and  an  international   market  which  meant  we  had  to  ensure  optomisation  of  the  sites  for  differing  download  speeds.  The  website  was  coded  to   adapt  responsively  to  various  platform  (desktop,  mobi,  tablet)  .  To  test  the  responsive  nature,  drag  the  right  hand  corner  of   the  open  webpage  to  see  how  the  site  responsively  adjusts  according  to  the  page  size.  Our  development  included  1   centralised  content  management  system  allowing  both  client  and  or  editors  to  upload,  edit  and  manage  content  acfross  all  3   platforms.     3.  Virgin  Money  Extra  Extra  

th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


http://www.extraextra.co.za/  

Virgin Extra  Extra  is  a  monthly  communication  channel  betweem  Virgin  Money  and  their  customers.  Content  includes  topical   information  relating  to  their  range  of  services,  advertising  and  promotions,  competitions  and  updates  for  customers  on   relevant  product  information.  We  developed  an  online  centralised  hub  to  index  and  archive  the  newsletters  in  a  searchable,   trackable  SEO  friendly  mannor,  resulting  in  organic  search,  customer  retention  and  realtime  communication  with  their   customers.          4.  Fada  Viad   http://braveclients.com/fadaviad/category/publications/  (project  still  in  development)   Fada  Viad  is  the  Wits  University  Research  and  Academic  Alumni  website  portal.  The  portal  provides  a  platform  for  alumni  to     connect  and  upload  information,  research,  dissertations,  events,  publications,  news  etc.  All  alumni  have  user  profiles   allowing  publication  of  information  under  a  single  user.  The  development  ensured  that  on  the  frontened  users  are  able  to   search  for  information  and  on  the  backend  a  full  content  management  system  was  developed  that  allows  not  only  uploads  of   content  but  also  cross  linking,  tagging,  categorising  and  publishing.     5.  Mazda  Wildlife   http://mazdawildlifephotography.com/     Over  the  past  3  years,  Brave  Digital  has  been  managing  the  Mazda  Wikldlife  photographic  competition,  seeing    thousands  of   submissions  and  awarding  well-­‐deserving  monthly  winners.  Until  August  2012,  the  competition  was  solely  run  on  our   Facebook  application.  Recently  we  developed  a  website  with  the  dual-­‐functionality  of  visually  showcasing  all  the  images  that   have  been  entered  and  allowing  a  smooth  entry  mechanism  and  account  management.  Our  website  allows  users  to  create,   manage  and  edit  their  accounts,  and  upload  photos,  using  Facebook  Connect  integration  to  create  accounts  and  authorise   users  (whilst  capturing  all  information  in  a  living  database).  In  addition,  our  development  allows  opengraph  sharing  of   activity  on  the  website  by  automatically  posting  to  users  walls,  driving  further  traffic  and  engagement.  Our  site  is  fully   responsive,  allowing  seamless  viewing  on  web,  tablet,  mobile  and  facebook.     6.  Imperial  Truck  Rental   http://www.imperialtruckrental.co.za/     For  the  Imperial  Truck  Rental  website,  Brave  Digital  worked  closely  with  the  Client  to  ensure  accessible  adaptation  of  their   corporate  brand  CI  for  the  web  environment.  The  website  features  an  online  catalogue  of  their  fleet  including  pricing,   features,  contact  information,  signup  and  booking  functionality  which  is  sent  directly  to  client  and  stored  in  their  database   for  future  lifecycle  marketing  efforts.        

References 1. Sheila  McGillivray  

th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com


Managing Director:  One  Lady  and  a  Tribe  Advertising  Agency     Email:  sheila@tribeatsticksa.co.za    

Tel: 011  996  3420     2.  Sue  Cartwright     Marketing  Manager:  Pfizer  Consumer  Healthcare   Email:  Sue.Cartwright@pfizer.com     Tel:  011  320  6376     3.  Heidie  Aitken   Marketing  Manager:  Virgin  Money   Email:  heidie.aitken@virginmoney.co.za     Tel:  011  881  5915    

th

Visit www.braveagency.com I 47 6 Street, Parkhurst, Johannesburg I 011 447 9452 I hello@braveagency.com

0076 inv scope vodacom color super peers  
Read more
Read more
Similar to
Popular now
Just for you