Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Server error after cleansing defacement hack...Fake Googlebot detected!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Server error after cleansing defacement hack...Fake Googlebot detected! (Read 1069 times)
0 Members and 3 Guests are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 34061
malware fighter
Server error after cleansing defacement hack...Fake Googlebot detected!
«
on:
August 23, 2016, 09:34:04 PM »
Re:
http://killmalware.com/sabet.ir/#
jQuery library to be retired: -http://sabet.ir
Detected libraries:
jquery - 1.11.0 : (active1) -http://sabet.ir/vendor/jquery-1.11.0.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected
Server error: HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.
See:
https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fsabet.ir%2F&ref_sel=GSP2&ua_sel=ff&fs=1
Re:
http://toolbar.netcraft.com/site_report?url=http://sabet.ir
-> Default IIS website =
http://server78.bertina.us/
IIS 7.5, Microsoft ASP.NET, Windows Server, AddThis.
Custom errors:Fail and two wanings on:
https://asafaweb.com/Scan?Url=server78.bertina.us
Custom errors: Fail
Requested URL:
http://server78.bertina.us/
< | Response URL:
http://server78.bertina.us/
< | Page title: Runtime Error | HTTP status code: 400 (Bad request) | Response size: 3,420 bytes | Duration: 106 ms
Overview
Custom errors are used to ensure that internal error messages are not exposed to end users. Instead, a custom error message should be returned which provides a friendlier user experience and keeps potentially sensitive internal implementation information away from public view.
Result
It looks like custom errors are not correctly configured as the requested URL contains the heading "Server Error in".
Custom errors are easy to enable, just configure the web.config to ensure the mode is either "On" or "RemoteOnly" and ensure there is a valid "defaultRedirect" defined for a custom error page as follows:
<customErrors mode="RemoteOnly" defaultRedirect="~/Error" />
Only access-control-allow-origin header properly returned according to best practices known.
Hetzner Online abuse ->
http://www.dnsinspect.com/sabet.ir/1471980700
reported by,
polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Server error after cleansing defacement hack...Fake Googlebot detected!