Cześć szczurekPROS,
As I told you and Pondus shows unsafe scripts detected by Avast as what it flags.
Pondus thanks for that link
When that is your overall position on that Dutch hoster, and you are aware of this being the case,
then move to a hoster that does not spread malware or condones such practices by others.
Else you are stuck with this situation.
Also on a shared IP address with bad neighbors.
Może to oznaczać zwykły skok z deszczu pod rynnę!
Warnings for HTTP only cookies: Warning
Requested URL:
https://szczurekpros.pl/GET | Response URL:
https://szczurekpros.pl/GET | Page title: RATzone Community | HTTP status code: 200 (OK) | Response size: 4,747 bytes (gzip'd) | Duration: 931 ms
Overview
Cookies not flagged as "HttpOnly" may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the "HttpOnly" flag is missing it is due to oversight rather than by design.
Result
It looks like a cookie is being set without the "HttpOnly" flag being set (name : value):
rcksid : HvmHaHJWmPp1Y5mLfMkVxCIuC2y4jftusTAo48x5BQx8HRuRSxovEvsaHfJaZ6yx
Unless the cookie legitimately needs to be read by JavaScript on the client, the "HttpOnly" flag should always be set to ensure it cannot be read by the client and used in an XSS attack.
Secure cookies: Warning
Requested URL:
https://szczurekpros.pl/GET | Response URL:
https://szczurekpros.pl/GET | Page title: RATzone Community | HTTP status code: 200 (OK) | Response size: 4,747 bytes (gzip'd) | Duration: 931 ms
Overview
Cookies served over HTTPS but not flagged as "secure" may be sent over an insecure connection by the browser. Often this may be a simple request for an asset such as a bitmap file but if it's on the same domain as the cookie is valid for then it will be sent in an insecure fashion. This poses a risk of interception via a man in the middle attack.
Result
It looks like a cookie is being served over HTTPS without the "secure" flag being set (name : value):
rcksid : HvmHaHJWmPp1Y5mLfMkVxCIuC2y4jftusTAo48x5BQx8HRuRSxovEvsaHfJaZ6yx
Unless the cookie needs to be sent over an insecure connection, the "secure" flag should always be set to ensure it can only be sent with an HTTPS request.
Clickjacking Warning:
Overview
Websites are at risk of a clickjacking attack when they allow content to be embedded within a frame. An attacker may use this risk to invisibly load the target website into their own site and trick users into clicking on links which they never intended to. An "X-Frame-Options" header should be sent by the server to either deny framing of content, only allow it from the same origin or allow it from a trusted URIs.
Result
It doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.
pozdrawiam,
polonus
