polonus
1
Re: SURICATA TLS invalid record/traffic SURICATA TLS invalid handshake message
Given here: https://urlquery.net/report/cd412a24-e894-4a4f-9603-23f23dc26de3
CMS alerts: WordPress Version
3.6.1
Version does not appear to be latest 4.8.1 - update now.
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 lrem1029 lrem1029
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Reverse DNS:
temp-leahremini.com
No cloaking, no spammy looking links no iframes
F-Grade status: https://securityheaders.io/?q=http%3A%2F%2Fwww.leahremini.com%2F&followRedirects=on
F-Grade-status and recommendation: https://observatory.mozilla.org/analyze.html?host=www.leahremini.com
Insecure TLS
F-status with various recommendations: https://observatory.mozilla.org/analyze.html?host=www.leahremini.com#ssh
Configuration leak: MySQL (3306) 3306 Port open. Server response: J 5.5.23¯¡æi5h0S4GHÿ÷����r’i\rGM-9sZImysql_native_password
Sender Policy Framework check Warning SPF record for the domain not found. An SPF record is a type of Domain Name Service (DNS) record that identifies which mail servers are permitted to send email on behalf of your domain. Mail sent from the servers without SPF record could get into spam folder.
DMARC check Warning Domain-based Message Authentication, Reporting and Conformance (DMARC) record not found for the domain. DMARC is an email-validation system designed to detect and prevent email spoofing. It is intended to combat certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations
Modernity last best practices check only reached a meagre 20% → https://en.internet.nl/site/www.leahremini.com/91993/
C-Grade sec: https://tls.imirhil.fr/https/www.leahremini.com
SRI-hash issues: https://sritest.io/#report/2cd0659a-6d61-485c-9ef5-a176d9766e6d
consider: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.randomhousebooks.com%2Fembeddabook%2Fembeddabook.js
and http://retire.insecurity.today/#!/scan/b32ec77a8afa2d969dfcdd52b69a3d8305b92895667402b2ceee8f6bc0f7590b
(protected from same origin)…
However not flagged as malicious nor suspicious: https://www.virustotal.com/#/url/08504ec2a84e797a440f1599e87cef2a792c83bffd71c919a4fa6eacad2280e1/detection
polonus (volunteer website security analyst and website error-hunter)
polonus
2
ssl/http Apache httpd (PleskLin) - consider: https://blog.rapid7.com/2013/07/10/good-exploits-never-die/
Now let us look at latest best practices score, not much chance with 20% score: https://en.internet.nl/domain/leahremini.com/92059/
→ http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.leahremini.com
Insecure connection - privacy in danger…http://toolbar.netcraft.com/site_report?url=https://www.leahremini.com
Poodle vulnerable…
Self-signed certificate is installed
2 errors
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
The certificate has expired.
The certificate has expired. This server is not secure.
Warnings
RC4
Your server’s encryption settings are vulnerable. This server uses the RC4 cipher algorithm which is not secure. More information.
SSLv3
Your server’s encryption settings are vulnerable. This server uses the SSLv3 protocol, which is not secure. More information.
Root installed on the server.
For best practices, remove the self-signed root from the server.
This server is vulnerable to:
Poodle (SSLv3 protocol)
This server is vulnerable to a Poodle (SSLv3) attack. More information.
Certificate information
Common name:
Parallels Panel
SAN:
Valid from:
2012-Apr-02 22:07:38 GMT
Valid to:
2013-Apr-02 22:07:38 GMT
Certificate status:
Unknown
Revocation check method:
Not available
Organization:
Parallels
Organizational unit:
Parallels Panel
City/locality:
Herndon
State/province:
Virginia
Country:
US
Certificate Transparency:
Not embedded in certificate
Serial number:
4f7a2329
Algorithm type:
SHA1withRSA
Key size:
2048
Certificate chainShow details Parallels Panel Root Certificate
Compare: http://toolbar.netcraft.com/site_report?url=https://www.leahremini.com
polonus (volunteer website security analyst and website error-hunter)
