Author Topic: Was this site hacked?  (Read 1146 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Was this site hacked?
« on: March 05, 2015, 10:41:46 PM »
See: http://killmalware.com/gbconsultoria.com.br/  nada
Google labels this site might have been hacked.
It is a new site under construction. Nothing: http://quttera.com/detailed_report/gbconsultoria.com.br
Two warnings: https://asafaweb.com/Scan?Url=gbconsultoria.com.br
Has open Pop-up code:
Code: [Select]
function OpenPopup (pwr,vtop,vleft,vwidth,vheight, vscrollbars)Has this regular expression in code:
http://regexlib.com/REDetails.aspx?regexp_id=26&AspxAutoDetectCookieSupport=1
See for mail
http://www.justinmind.com/help/topic/com.justinmind.prototyper.infocenter/html/expression_builder_regex.html
Here
Code: [Select]
var tmp1=/(@.*@)|(\.\.)|(@\.)|(^\.)/;

  var tmp2=/^.+@(\[?)[a-zA-Z0-9\-\.]+\.([a-zA-Z]{2,3}|[0-9]{1,3})(\]?)$/;

website technology from htxp://www.sekuraequipamentos.com.br/enviar_contato/  used

Three warnings: https://asafaweb.com/Scan?Url=gbconsultoria.com.br

DOM XSS vuln.: Results from scanning URL: htxp://gbconsultoria.com.br/
Number of sources found: 3
Number of sinks found: 6

Security header status - either missing or with warning, view here: https://www.uploady.com/download/lTdFQF5mewJ/Ht0MQ8_2QWEqXVEi

Warning insecurity: WARNING: Name servers software versions are exposed:
177.12.162.2: "King-9.4"
177.12.162.3: "King-9.4"
189.38.95.2: "np"
189.38.95.3: "np"  (hosted by dns2.uni5.net)

Found stealth name servers: WARNING: Found stealth name servers:
-dns3.ith2o.net.br.
-dns4.ith2o.net.br.

Fail - Recursive errors: I could use the nameservers listed below to performe recursive queries. It may be that I am wrong but the chances of that are low. You should not have nameservers that allow recursive queries as this will allow almost anyone to use your nameservers and can cause problems. Problem record(s) are:
177.12.162.2
189.38.95.2
189.38.95.3

Fail: Missing nameservers reported by parent   FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
-dns4.ith2o.net.br

Warning: Your SOA RETRY value is: 14400. That is NOT OK
* Info from 3rd party scan at http://intodns.com/ith2o.com

Site has 53/tcp open  domain

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!