Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Defacement on website....
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Defacement on website.... (Read 1166 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34052
malware fighter
Defacement on website....
«
on:
November 14, 2015, 02:50:03 PM »
See:
http://killmalware.com/grasolutions.com/#
&
http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fgrasolutions.com&useragent=Fetch+useragent&accept_encoding=
Clickjacking vulnerability: Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An "X-Frame-Options" header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.
Result
It doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
See:
http://toolbar.netcraft.com/site_report/?url=http%3A%2F%2Fgrasolutions.com
Server abuse:
https://www.mywot.com/en/scorecard/p3nlhg114c1114.shr.prod.phx3.secureserver.net?utm_source=addon&utm_content=rw-viewsc
GoDaddy abuse coming from leniency in Scottsdale....
sl-cert: Subject: commonName=-p3nlhftpg051.shr.prod.phx3.secureserver.net/organizationName=GoDaddy Software Inc./stateOrProvinceName=Arizona/countryName=US
Website security risk status 7 red out of 10:
http://toolbar.netcraft.com/site_report?url=http://p3nlhg114c1114.shr.prod.phx3.secureserver.net
Web site defaced. Details:
http://sucuri.net/malware/entry/MW:DEFACED:01
<title>Hacked By Prosox</title> index.html
Severity: Malicious
Reason: Detected malicious PHP content
Details: Website Potentially Defaced
hacked and Defaced Site on Apache and Google+1
At least 2 third parties know you are on this webpage.
p3nlhg114c1114.shr.prod.phx3.secureserver.net
& p3nlhclust404.shr.prod.phx3.secureserver.net
IP mentioned in PHISHing list:
http://permalink.gmane.org/gmane.comp.security.phishings/67404
-> IP-badness history:
https://www.virustotal.com/nl/ip-address/72.167.1.128/information/
reported by polonus (volunteer website security analyst and website error hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Defacement on website....