Defacement campaign on Dutch websites...

polonus · 2017-03-14T15:44:49.000Z

Look here a vulnerable library:
jquery - 1.9.1 : (active1) https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/

F-status: https://observatory.mozilla.org/analyze.html?host=versio.nl

Content security is certainly below par- re: security headers…misconfigurations: https://www.htbridge.com/ssl/?id=d7ca42465a672dd2b7a053131b99a4d11156b97698b621bc5ae8d54b2054f942

Here it could go wrong: -http://cdn.livechatinc.com/tracking.js

AS Name: DENKERSICT-AS Denkers-ICT B.V.
IPs allocated: 2304
Blacklisted URLs: 3 Badware & spam activity.

And again WordPress CMS at the core of the problems, creating the problems for this AS and others:
-studio-ex.nl/wp-content/plugins/display-widgets/3 en domain now being blacklisted.

How many times we have reported these WP & PHP driven problems here? Thousands of times,
and Eddy and little old me, still preaching for the choir. Not a soul seems to care one hoot.
Nobody listens.

Then you should get what you deserve, multifold insecurity and being defaced out of your proverbial socks.

Building websites is not for amateurs, insecure use of PHP neither!

polonus (volunteer website security analyst and website error-hunter)

polonus · 2017-03-14T16:08:37.000Z

On the Reverse DNS: -s02-out.spamexperts.axc dot nl
We did a 3rd party SSL Server Security Test
For the SPF we checked on the following qualifier: a → https://www.htbridge.com/ssl/?id=b4f0a3e3402d752f94032b3c62d5d68ffb4c9720e28d5c90b946cdb8e8d2e364
The server supports cipher suites that are not approved by NIST guidelines and HIPAA guidance.

Misconfiguration and weakness: Server sends an unnecessary root certificate.
The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection.

polonus (volunteer website security analyst and website error-hunter)

polonus · 2017-03-15T18:24:16.000Z

What could have gone wrong when so many sites can be hacked, defaced, abused?
Just to mention a couple of issues that may cause this:

Insecure hosting (bulk hosting, many domains on one IP, cheap hosting, non-dedicated hosting)
Wrong Installation of WordPress
Bad username/password combination (can be hacked through brute-forcing)
Insecure plug-ins and themes
Outdated version of WordPress
Wrong file rights’ settings
Uneccessary excess files and retirable script libraries.

No Table-prefix used with wp-name files, so they could be easily guessed.
Change in wp-config.php but not if you already have an existing configuration.

Use random names in your database: https://www.random.org/strings/ & http://installatron.com/
and use: https://strongpasswordgenerator.com/

Use unique keys and salts in the config.php file to protect against cookie-hacks.

Never use admin, if already in use change for a normal user name, and use administrator as the admin account.

Never use the name of your site, remember you can use spaces now to make passwords look like sentences.

Update core software version, plug-ins and themes and use reliable ones that are maintained, see reviews.

Reset file rights from standard 644 wp-includes, root website. wp-admin, wp-content to 755 'htaccess to 644,
readme.html could be deleted when it shows a version number.

One could consider to use security plug-ins like iThemes Security, Wordfence or Bulletproof Security.

Tips credits go to - frankwatching dot com

Follow Eddy’s and my advice, when we spotted insecurity on your website.

polonus (volunteer website-security analyst and website error-hunter)

Announcements