When you detect website malware every day all of the day, like I do, I'd also like to test a domainn for SSL Protocol Support.
We can test here:
https://foundeo.com/products/iis-weak-ssl-ciphers/test.cfm?test_domain=m-pathy.comNice candidates for weaknesses are to be found here:
https://www.eff.org/https-everywhere/atlas/domains/m-pathy.com.htmlThat is why I haven't set hhtps as per default.
Browser JSGuard is an extension that will alert you when your log-in data go in plain txt over the wire.
For instance what is wrong here:
https://www.m-pathy.com/Well let us start here and that is not encouraging:
HTTP Server: Apache HTTP Server 2.4.10
PHP Version: 5.3.26 (Outdated)
The protocol settings:
Protocol Status Recommendation
SSLv2 SSLv2 is Disabled SSLv2 is weak and should be disabled. More information.
SSLv3 SSLv3 is Disabled Consider disabling SSLv3 to mitigate the POODLE attack. Should be disabled for PCI DSS 3.1 Compliance
TLSv1 TLSv1 is Enabled TLSv1 may be enabled for existing implementations, however PCI DSS 3.1 § 2.2.3 states that: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS
TLSv1.1 TLSv1.1 is Enabled TLSv1.1 may be enabled for existing implementations, however PCI DSS 3.1 § 2.2.3 states that: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. Prior to this date, existing implementations that use SSL and/or early TLS must have a formal Risk Mitigation and Migration Plan in place. Effective immediately, new implementations must not use SSL or early TLS. Some assert that the term early TLS includes both TLS 1.0 and 1.1, check with your PCI QSA.
TLSv1.2 TLSv1.2 is Enabled TLS 1
Certicate problem for one IP:
https://www.ssllabs.com/ssltest/analyze.html?d=m-pathy.comE-commerce Safety Information
Transaction Protection
Certified SSL is used to encrypt transactions
SSL Issuer: AlphaSSL CA - SHA256 - G2
SSL Expires: 2018-02-19 01:26:54 UTC
See also:
http://toolbar.netcraft.com/site_report?url=https://www.m-pathy.compolonus