« previous next »
Pages: [1]   Go Down

Author Topic: Yandex blacklisted site - risks from outdated PHP etc.  (Read 839 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Yandex blacklisted site - risks from outdated PHP etc.
« on: October 10, 2015, 06:21:18 PM »
The site was found for unblocking here: http://unblk.net/unblock
Is that a sign of possible abuse?
Yandex has the site blacklisted: https://www.virustotal.com/nl/url/5e810f330c0305de5127827bd261f64179312a8a97f04c46482c64aecc092838/analysis/1444492405/
No alerts here: https://urlquery.net/report.php?id=1444492529044
But the IP has been found to harbor info stealers and local FTP client software credentials harvesters. etc.
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ftriton.url.com.tw%2Fsq%2Fsrc%2Flogin.php

Insecure Web Mail log-in detected: Welcome to mOffice - 登入 padlock icon
-triton.url.com.tw
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://triton.url.com.tw/sq/src/redirect.php
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted

Outdated PHP: HTTP Server: Apache HTTP Server
PHP Version: 5.2.17 * (Outdated)
* It is already dangerous to keep this version on production, folks.
https://www.exploit-db.com/exploits/29290/

O.K. here: http://toolbar.netcraft.com/site_report?url=http://triton.url.com.tw
Blacklist status: https://yandex.com/infected?l10n=en&url=7199.com.tw&redircnt=1444494036.1

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: October 10, 2015, 06:26:34 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »