« previous next »
Pages: [1]   Go Down

Author Topic: Rightly configurated Word Press site, still vulnerable to threats...  (Read 932 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33903
  • malware fighter
Rightly configurated Word Press site, still vulnerable to threats...
« on: March 03, 2019, 11:32:35 PM »
See 196 improvement recommendations: https://webhint.io/scanner/7603e608-8550-49e4-a020-6c2e2aa984af
Security Checks for http://www.ushistory.org/
(6) Susceptible to man-in-the-middle attacks
(4) Domain at risk of being hijacked
(2) Vulnerabilities can be uncovered more easily
(2) Emails can be fraudulently sent
DNS is susceptible to man-in-the-middle attacks  (threat info credits should go to UpGuard scanner).
F-grade scan results here: https://observatory.mozilla.org/analyze/www.ushistory.org
3 retirable libraries detected: https://retire.insecurity.today/#!/scan/5a849dedfdc4c18d0be679d663ba57a0fa1d715e5103b2f14300f21e4526a146

Checks OK: Reputation Check
PASSED
Google Safe Browse: OK
Spamhaus Check: OK
Compromised Hosts: OK
Dshield Blocklist: OK
Shadowserver C&C: OK
Web Server:
Microsoft-IIS/6.0
X-Powered-By:
ASP.NET
IP Address:
8.20.79.22
Hosting Provider:
Level 3 Parent 
Shared Hosting:
1 sites found on 8.20.79.22  vulnerabilties - -https://www.shodan.io/host/8.20.79.22

Given the OK here: http://www.isithacked.com/check/http%3A%2F%2Fwww.ushistory.org%2F
loaded resources all OK:
Loaded Resources
Compromised sites will often be linked to malicious javascript or iframes in an attempt to attack users of your WordPress installation. Look over the listed resources, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.

-http://www.ushistory.org/
OK
    Load:
262ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css
OK
    Load:
21ms   Server: 209.197.3.15
None   ASN: 20446 United-States
Highwinds Network Group, Inc.   Reverse DNS:
-vip0x00f.map2.ssl.hwcdn.net
-https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js
OK
    Load:
38ms   Server: 172.217.7.170
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad30s09-in-f170.1e100.net
-http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js
OK
    Load:
32ms   Server: 209.197.3.15
None   ASN: 20446 United-States
Highwinds Network Group, Inc.   Reverse DNS:
-vip0x00f.map2.ssl.hwcdn.net
-http://www.ushistory.org/styles/styles.css
OK
    Load:
248ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://www.ushistory.org/styles/home-styles.css
OK
    Load:
241ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://www.ushistory.org/engine1/style.css
OK
    Load:
247ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://www.ushistory.org/engine1/jquery.js
OK
    Load:
293ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://www.ushistory.org/engine1/wowslider.js
OK
    Load:
15ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://www.ushistory.org/engine1/script.js
OK
    Load:
234ms   Server: 8.20.79.22
Microsoft-IIS/6.0   ASN: 3356 United-States
Level 3 Parent, LLC   Reverse DNS:
-ushistory.org
-http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js *
OK (however -> Results from scanning URL: * -//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Number of sources found: 38 ; number of sinks found: 21
and has been prevented for me from loading by uMatrix.
    Load:
39ms   Server: 172.217.7.162
cafe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad30s09-in-f162.1e100.net
-http://www.google.com/cse/api/branding.css
OK
    Load:
20ms   Server: 172.217.164.164
sffe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad23s69-in-f4.1e100.net
-https://cse.google.com/cse/api/branding.css
OK
    Load:
40ms   Server: 172.217.7.206
pfe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad30s10-in-f14.1e100.net
-https://adservice.google.com/adsid/integrator.js?domain=www.ushistory.org
OK
    Load:
41ms   Server: 172.217.7.162
cafe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad30s09-in-f162.1e100.net
-http://pagead2.googlesyndication.com/pagead/js/r20190227/r20190131/show_ads_impl.js
OK
    Load:
38ms   Server: 172.217.7.162
cafe   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad30s09-in-f162.1e100.net
-http://www.google-analytics.com/analytics.js
OK
    Load:
9ms   Server: 172.217.7.174
Golfe2   ASN: 15169 United-States
Google LLC   Reverse DNS:
-iad30s09-in-f14.1e100.net

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
« Last Edit: March 03, 2019, 11:38:50 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »