Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on October 22, 2017, 02:09:34 PM

Title: Tracking observatory.mozilla.org via sshscan.rubidus.com/gettin valuable alerts
Post by: polonus on October 22, 2017, 02:09:34 PM

See: https://github.com/mozilla/ssh_scan_api/issues/97 (with possible fingerprinting detected).
See PrivacyScore: https://privacyscore.org/site/30833/json/
One should use a dockerized way in stead: https://github.com/mozilla/ssh_scan_api
as the other method is abusable enough to get being blocked.

Take this with a grain of salt, but it is an indication, example scan: for our avast forum website, I have checked on...
https://privacyscore.org/site/33642/
3rd party embeds, 3rd party trackers,
4 issues on unreliable encryption - HSTS and HSTS pre-loading not installed, not using Public Key pinning.
No check on mixed content and no check for CSS attempts and ticketbleed (experimental).
No protection found against LOGJAM attacks. More unreliable checks issues...

Another lesson learned....

polonus (volunteer website security analyst and website error-hunter)

Title: Re: Tracking observatory.mozilla.org via sshscan.rubidus.com/gettin valuable alerts
Post by: polonus on March 12, 2019, 10:58:33 PM

UPDATE:

Just came back to this as I detected the filter of Negotiator extension in chromium browser.
Track from -observatory.mozilla.org to -sshscan.rubidus.com
Consider: https://privacyscore.org/site/128404/
C+ grade security: https://observatory.mozilla.org/analyze/sshscan.rubidus.com
Error: Invalid certificate chain encountered during redirection (because sub.domain chain);
Check: https://hstspreload.org/?domain=rubidus.com
Outcome: Error: Cannot connect using TLS

polonus (volunteer website security analyst and website error-hunter)