Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Hacked and defaced website on DROWn vulnerable nameserver!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Hacked and defaced website on DROWn vulnerable nameserver! (Read 991 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34067
malware fighter
Hacked and defaced website on DROWn vulnerable nameserver!
«
on:
April 27, 2016, 11:23:57 PM »
When a nameserver is vulnerable to DROWn all further "up" becomes vulnerable as well:
https://test.drownattack.com/?site=dns1.namecheaphosting.com
so reverse DNS is also vulnerable, let's see: dang! ->
https://test.drownattack.com/?site=p28.web-hosting.com
Where is this insecurity:
http://killmalware.com/klovni.com/
->
http://toolbar.netcraft.com/site_report?url=http://klovni.com
So we check this uri:
http://p28.web-hosting.com/cgi-sys/defaultwebpage.cgi
See:
https://documentation.cpanel.net/display/CKB/How%20To%20Clear%20Your%20DNS%20Cache
See:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fklovni.com%2F
and
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fp28.web-hosting.com%2Fcgi-sys%2Fdefaultwebpage.cgi
For IP badness see:
https://www.virustotal.com/nl/ip-address/198.54.116.13/information/
polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Hacked and defaced website on DROWn vulnerable nameserver!