Going over an extensive https://www.shodan.io/host/
IP scan look-up for a particular IP I stumbled upon an online direct DirectAdmin Login Page :o
No, I am not gonna mention that particular IP nor that host concerned,
as that is not allowed nor ethical even for a 404 apache server page,
for a sub-domain that no longer exists.
But if so hackers would find more info via an earlier https://qanator.com/ scan,
and so I won’t give that either. I just want to report the general vulnerability :o I stumbled upon online.
It is just beyond believe for professionals to leave that open and accesible online :-X
Good there is no WordPress page actually running and no user enumeration or directory listing enabled,
but for a renowed Dutch webpage builder to leave this publicly available for eventual hackers in
Found\r\nServer: DirectAdmin Daemon v1.53.0\r\nLocation is bad, it is very bad even, folks,
from a security point of view.
Why, for instance, read: forum.directadmin.com/showthread.php?t=53710 (various exploits exist).
And what if someone used this as a means to an end in: htxps://github.com/anarcoder/google_explorer
It is an insecure world out there, my good friends here, be aware of it.
polonus (volunteer website security analyst and website error-hunter)