Seeing a lot of examples where CloudFlare enabled websites won't resolve DNS.
Example found lately:
https://sritest.io/I get a
Error 1001 Ray ID: 2c48982096d52c78 • 2016-07-18 20:14:28 UTC
DNS resolution error
Do not see a reverse DNS here:
http://toolbar.netcraft.com/site_report?url=https://sritest.ioAlso see here:
http://www.dnsinspect.com/sritest.io/1468872908Issue with the Comodo Certificate allthough it has been installed properly:sritest.io
This is not a Symantec certificate.
Please contact the Certificate Authority for further verification.
This server cannot be scanned for these vulnerabilities:
Heartbleed. See possible causes.
Poodle (TLS). See possible causes.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended.
Common name:
sni154156.cloudflaressl.com
SAN:
sni154156.cloudflaressl.com, *.alexamaster.com, *.denisha.review, *.funnelproducer.com, *.garnettrowand.xyz, *.ouemceeii.cf, *.platypuslovescrypto.party, *.privacyforjournalists.org.au, *.savingnh.com, *.sifoilxi.cf, *.skachat-besplatno-balloon.accountant, *.sritest.io, *.superagency.ru, *.tadra.us, *.thingsandservices.com, *.whitehatmatrix.com, alexamaster.com, denisha.review, funnelproducer.com, garnettrowand.xyz, ouemceeii.cf, platypuslovescrypto.party, privacyforjournalists.org.au, savingnh.com, sifoilxi.cf, skachat-besplatno-balloon.accountant, sritest.io, superagency.ru, tadra.us, thingsandservices.com, whitehatmatrix.com
Valid from:
2016-Jul-18 00:00:00 GMT
Valid to:
2017-Jan-22 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Organizational unit:
PositiveSSL Multi-Domain,Domain Control Validated
City/locality:
State/province:
Country:
Certificate Transparency:
Not embedded in certificate
Serial number:
2edd615acf8a11663b75fe0037e2d6d7
Algorithm type:
SHA256withECDSA
Key size:
256
Certificate chainShow details
COMODO ECC Certification AuthorityIntermediate certificate
COMODO ECC Domain Validation Secure Server CA 2Intermediate certificate
sni154156.cloudflaressl.comTested certificate
Server configuration
Host name:
104.24.122.240
Server type:
cloudflare-nginx
IP address:
104.24.122.240
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
comodo scan gives: E-commerce Safety Information
Transaction Protection
Analysis has failed to complete. Sorry, The connection timed out before all (any?) content was returned! (Note: As a part of their security measures some shared hosting services will block this type of tool from scanning the sites they host. -- some things to try
Scripts resolve normally:
https://seomon.com/domain/sritest.io/performance/Just does not like the oversight at these large cloud blulk hosters, (my remark - pol).
Is this because of recently found cgi vulnerabilities in certain applications, and has this to be mitigated? Anyone?
polonus (volunteer website security analyst and website error-hunter)
