Important to have proper back-end security on Magento webshop sites.,
hundreds of which have been compromised lately:
https://sansec.io/labs/2019/05/10/magento-2-hacks/because the cybercriminals automated these hacks to quite an extent:
https://twitter.com/gwillem/status/1138818632409145344In such cases it is best to have additional security measures taken,
cloudhosting and hiding your back-end to attackers,
an example: cloudflare//support.coudflare.com ->
http://sitemeer.com/# http://HTTPS://www.interviewcoder: in 8443
IP 83.217.93.87: 8080 or 8880 https app deployment on Cloudflare,
in this case check shodan.io not for weaknesses but in stead for stabler security (pol)
website:
https://hairsuite.nl:8443Foud retirable jQuery libraries: Retire.js
jquery-ui-dialog 1.10.4 Found in -https://hairsuite.nl:8443/static/version1559290779/base/Magento/base/default/jquery/jquery-ui.js
Vulnerability info:
High CVE-2016-7103 281 XSS Vulnerability on closeText option 123
jquery 1.12.4 Found in -https://hairsuite.nl:8443/static/version1559290779/base/Magento/base/default/jquery/jquery.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Compare:
https://www.magereport.com/scan/?s=https://hairsuite.nl:s/outside of the store not much to be scanned
Security Checks for -https://hairsuite.nl
(3) Susceptible to man-in-the-middle attacks
Vulnerable to cross-site attacks
DNS is susceptible to man-in-the-middle attacks
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
