« previous next »
Pages: [1]   Go Down

Author Topic: Defacement on website....  (Read 1166 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34052
  • malware fighter
Defacement on website....
« on: November 14, 2015, 02:50:03 PM »
See: http://killmalware.com/grasolutions.com/#  &  http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fgrasolutions.com&useragent=Fetch+useragent&accept_encoding=
Clickjacking vulnerability: Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An "X-Frame-Options" header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.

Result
It doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

See: http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2Fgrasolutions.com

Server abuse: https://www.mywot.com/en/scorecard/p3nlhg114c1114.shr.prod.phx3.secureserver.net?utm_source=addon&utm_content=rw-viewsc  GoDaddy abuse coming from  leniency in Scottsdale....
sl-cert: Subject: commonName=-p3nlhftpg051.shr.prod.phx3.secureserver.net/organizationName=GoDaddy Software Inc./stateOrProvinceName=Arizona/countryName=US
Website security risk status 7 red out of 10: http://toolbar.netcraft.com/site_report?url=http://p3nlhg114c1114.shr.prod.phx3.secureserver.net   
Web site defaced. Details: http://sucuri.net/malware/entry/MW:DEFACED:01
      <title>Hacked By Prosox</title> index.html
Severity:   Malicious
Reason:   Detected malicious PHP content
Details:   Website Potentially Defaced
hacked and Defaced Site on Apache and Google+1
At least 2 third parties know you are on this webpage.

p3nlhg114c1114.shr.prod.phx3.secureserver.net 
& p3nlhclust404.shr.prod.phx3.secureserver.net

IP mentioned in PHISHing list: http://permalink.gmane.org/gmane.comp.security.phishings/67404
-> IP-badness history: https://www.virustotal.com/nl/ip-address/72.167.1.128/information/

reported by polonus (volunteer website security analyst and website error hunter)

Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »