« previous next »
Pages: [1]   Go Down

Author Topic: Word Press site with vulnerable CMS and various security issues...  (Read 1810 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Word Press site with vulnerable CMS and various security issues...
« on: December 23, 2018, 04:04:40 PM »
Malicious activity reported by MalwareURL.
Blacklisted and outdated software found: https://sitecheck.sucuri.net/results/skybankinter.com
Consider: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c2t5Ynxua1tudHt9Ll5dbQ%3D%3D~enc
Extensive Webserver Info Proliferation: Web Server:
Apache/2.4.33 (cPanel) OpenSSL/1.0.2o mod_bwlimited/1.4 Phusion_Passenger/5.1.12
Shared Hosting:
1649 sites found on 207.174.213.126
146 recommendations: https://webhint.io/scanner/4fad6a45-fd47-44db-abc2-40f64073fdb4
56 security related: https://webhint.io/scanner/4fad6a45-fd47-44db-abc2-40f64073fdb4#Security

Related scan: scanning URL: -http://deargeek.com/__media__/js/netsoltrademark.php?d=www.searchpainting.com%2Fuser_detail.php%3Fu%3Dbertelsendaugherty0
Number of sources found: 30
Number of sinks found: 568
& scanning URL: -https://skybankinter.com/wp-content/themes/tm-finance/assets/libs/countdown/jquery.countdown.js?ver=1.5
Number of sources found: 19
Number of sinks found: 6
& Results in scanning URL: -https://skybankinter.com/wp-content/plugins/login-sidebar-widget/js/jquery.validate.min.js?ver=4.8.1
Number of sources found: 41
Number of sinks found: 17

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Word Press site with vulnerable CMS and various security issues...
« Reply #1 on: December 23, 2018, 05:33:36 PM »
Less vulnerabilities and configuration errors, still with recommendations for improvement:
IDS alert for  dot ga domain: https://urlquery.net/report/488df649-90ab-43de-b1d3-ffce36b0f675
Re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=I318cF0uZ3w%3D~enc
Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
nginx
X-Powered-By:
PHP/7.2.13, PleskLin
IP Address:
-160.16.137.239
Hosting Provider:
SAKURA Internet Inc. 
Shared Hosting:
1 sites found on -160.16.137.239

Quote
   Externally Linked Host   Hosting Provider   Country   

-dorapo.ga   Verza Facility Management BV   Netherlands      

-ja.wordpress.org   SingleHop   United States      

-dorapo.ml   Verza Facility Management BV   Netherlands      

-dorapo.gq   Verza Facility Management BV   Netherlands      

-dorapo.cf   Verza Facility Management BV   Netherlands      

-drapo.gq   SAKURA Internet Inc.   Japan      

-dorapo.tk   Verza Facility Management BV   Netherlands      

-drapo.cf   SAKURA Internet Inc.   Japan      

-drapo.ml   SAKURA Internet Inc.   Japan      

DOM-XSS : htxps://drapo.ga/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Number of sources found: 41
Number of sinks found: 17

204 recommendations for improvement: https://webhint.io/scanner/98d9ff66-7744-491f-83c5-0b40252d007d

Quote
Security Checks for https://drapo.ga
(6) Susceptible to man-in-the-middle attacks
Insecure SSL/TLS versions available
HTTP Strict Transport Security (HSTS) not enforced
HSTS header does not contain max-age
HSTS header does not contain includeSubDomains
HSTS header not prepared for preload list inclusion
Secure cookies not used
Vulnerabilities can be uncovered more easily
X-Powered-By header exposed
Vulnerable to cross-site attacks
HttpOnly cookies not used
(2) Unnecessary open ports
Mail ports open
File sharing ports open
DNS is susceptible to man-in-the-middle attacks
DNSSEC not enabled


1 vuln. jQuery library detected: https://retire.insecurity.today/#!/scan/13e341dde7a7dd0ea570bdf1347626a51e752d678ad02ff8774a1a69bc8c2ed3
from this a vuln. in Results from scanning URL: hxtp://p-tweets.com/ClaudFirman76
Number of sources found: 16
Number of sinks found: 36

polonus (volunteer 3rd party cold reconnaissance website security analyst and website-error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Word Press site with vulnerable CMS and various security issues...
« Reply #2 on: December 29, 2018, 10:49:16 PM »
Another one, but with klnown malware: https://sitecheck.sucuri.net/results/blog.melifluo.pl
Re 160 recommendations: https://webhint.io/scanner/4bc8ee4a-b25e-463f-aa06-bea8399bcb8f
Susceptible to MiM attacks and open ports detected: https://webscan.upguard.com/#/blog.melifluo.pl
Detected and alerted for: https://urlquery.net/report/9806e01f-2702-4998-a526-aaa2a45efe23
Web Server:
Apache
X-Powered-By:
None
IP Address:
-86.111.240.137
Hosting Provider:
IQ PL Sp. z o.o. 
Shared Hosting:
563 sites found on -86.111.240.137

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »