Defacement and server misconfiguration...

polonus · 2015-09-19T12:42:32.000Z

Custom errors:Fail and warnings: https://asafaweb.com/Scan?Url=sabrashop.net
See: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fsabrashop.net%2Findex.html
See: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fsabrashop.net%2F
IP badness history: https://www.virustotal.com/en/ip-address/212.235.71.211/information/
Avast detects HTML:Iframe-LX [Trj] on IP.
DNS manipulation? → FAIL: While quering domain’s records, some of your name servers didn’t responded. Name servers which didn’t responded:
udp4:212.235.71.215 → http://www.dnsinspect.com/sabrashop.net/1442666019
WARNING: Couldn’t connect using TCP protocol:
tcp4:212.235.71.215Name Servers Agreement on Serial Number
WARNING: We found different serial numbers on your name servers, it’s OK if you had modified your zone recently.
212.235.71.211: 2011102018
212.235.71.214: 2011102018
212.235.71.215: 0
Re: http://whois.domaintools.com/sabrashop.net

polonus

polonus · 2015-09-19T13:34:04.000Z

A good read about preventing of this annoyment can be found here: http://www.decision-web-design.com/security-hacking-articles/prevention
Joomla checklist: https://docs.joomla.org/Security_Checklist/You_have_been_hacked_or_defaced
and here: https://www.stopthehacker.com/2012/06/19/cleaning-up-malware-infected-websites/
Always fully update and patch, monitor, have back-ups ready.

polonus

Announcements