https//somewebsite :2222/r/nx-use-https:

Going over an extensive https://www.shodan.io/host/
IP scan look-up for a particular IP I stumbled upon an online direct DirectAdmin Login Page :o

No, I am not gonna mention that particular IP nor that host concerned,
as that is not allowed nor ethical even for a 404 apache server page,
for a sub-domain that no longer exists.

But if so hackers would find more info via an earlier https://qanator.com/ scan,
and so I won’t give that either. I just want to report the general vulnerability :o I stumbled upon online.
It is just beyond believe for professionals to leave that open and accesible online :-X

Good there is no WordPress page actually running and no user enumeration or directory listing enabled,
but for a renowed Dutch webpage builder to leave this publicly available for eventual hackers in
Found\r\nServer: DirectAdmin Daemon v1.53.0\r\nLocation is bad, it is very bad even, folks,
from a security point of view.

Why, for instance, read: forum.directadmin.com/showthread.php?t=53710 (various exploits exist).
And what if someone used this as a means to an end in: htxps://github.com/anarcoder/google_explorer

It is an insecure world out there, my good friends here, be aware of it.

polonus (volunteer website security analyst and website error-hunter)

One could meet similar problems with “Service Info: OSs: Unix, Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7 MariaDB servers” Apache/2 upgrade - moreover remote code execution exploits exist.

polonus