« previous next »
Pages: [1]   Go Down

Author Topic: Server error after cleansing defacement hack...Fake Googlebot detected!  (Read 1068 times)

0 Members and 1 Guest are viewing this topic.

Online polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34060
  • malware fighter
Server error after cleansing defacement hack...Fake Googlebot detected!
« on: August 23, 2016, 09:34:04 PM »
Re: http://killmalware.com/sabet.ir/#
jQuery library to be retired: -http://sabet.ir
Detected libraries:
jquery - 1.11.0 : (active1) -http://sabet.ir/vendor/jquery-1.11.0.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected

Server error: HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.

See: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fsabet.ir%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Re: http://toolbar.netcraft.com/site_report?url=http://sabet.ir   -> Default IIS website = http://server78.bertina.us/
IIS 7.5, Microsoft ASP.NET, Windows Server, AddThis.

Custom errors:Fail and two wanings on: https://asafaweb.com/Scan?Url=server78.bertina.us
Custom errors: Fail

Requested URL: http://server78.bertina.us/< | Response URL: http://server78.bertina.us/< | Page title: Runtime Error | HTTP status code: 400 (Bad request) | Response size: 3,420 bytes | Duration: 106 ms
Overview
Custom errors are used to ensure that internal error messages are not exposed to end users. Instead, a custom error message should be returned which provides a friendlier user experience and keeps potentially sensitive internal implementation information away from public view.

Result
It looks like custom errors are not correctly configured as the requested URL contains the heading "Server Error in".

Custom errors are easy to enable, just configure the web.config to ensure the mode is either "On" or "RemoteOnly" and ensure there is a valid "defaultRedirect" defined for a custom error page as follows:

<customErrors mode="RemoteOnly" defaultRedirect="~/Error" />
Only access-control-allow-origin header properly returned according to best practices known.

Hetzner Online abuse -> http://www.dnsinspect.com/sabet.ir/1471980700

reported by,

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »