Outdated software detected and unknown_html_RFI_shell flagged at website!

Viruses and worms
1

System Details:
Running on: nginx/1.4.1
Outdated Web Server Nginx Found: nginx/1.4.1
No third party scripts detected.
Website risk status: 1 red out of 10: http://toolbar.netcraft.com/site_report?url=http://notage.org
The malware entry is cached and may not reflect the current status of the domain!
Complaint on IP:
-188.226.187.1381 month 1 week 4 days 10 hours 14 minutes ago
Open Proxy Detection by IP2Proxy.com
This IP address has been detected as open or anonymous proxy. Please visit http://ip2proxy.com for more information.
Reported on 18 Aug, 2015 12:32:22 AM
robots.txt file is missing, website outlay very poor:
Render blocking resources The elements below are blocking the “above the fold” rendering.
The CSS files below are blocking the rendering.
-http://notage.org/assets/pica/stylesheet.css
-http://notage.org/assets/english/stylesheet.css
-http://notage.org/assets/english_italic/stylesheet.css
-http://notage.org/assets/charter/stylesheet.css
Inline.css should be avoided. Images are not compressed, optimized.
Just a few javascripts detected and javascript is minified.

external link to -http://gabi.is/ also on outdated server software HTTP Server: nginx 1.4.1 (Outdated)
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fgabi.is no JS minifying found.
NoTracking on website and no Google Tag manager used.

polonus (volunteer website security analyst and website error-hunter)

2

Another example of an site with outdated software and outdated CMS - jQuery script dating back to 2010 where things could go wrong (or already has been backdoored - see the SPOF code links :frowning: )
HTTP Server: Apache HTTP Server 2.2.9 (Outdated)
Operating System: Debian 5 (lenny) (Unsupported)
PHP Version: 5.2.6-1+lenny16 (Outdated)
Python Version: 2.5.2 (Outdated)
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.druckerei-hachenburg.de%2F
Re: http://stackoverflow.com/questions/2322261/jquery-vulnerability-nvd-cve-2007-2379
For the website technology let us go over an 8 months’ old report, still very actual: https://seoceros.com/en/druckerei-hachenburg.de
meta tag - not ready for viewing on mobile.
Outlay errors and security issues as well:
Not all images have alt tag
Both URLs -with and without www- are accessible
No sitemap found
Error! No language localisation is found. Alles ohne Hochdeutsch :wink:
Header 2 is missing
Error! Hyphen (-) is a better solution than underscore (_) in the URLs
-http://www.druckerei-hachenburg.de/download_support.php (“Download & Support”)
-http://www.druckerei-hachenburg.de/druckerei_zertifikate.php (“Zertifikaten”)
-http://www.druckerei-hachenburg.de/kontakt_ansprechpartner.php (“ANSPRECHPARTNER”)
-http://www.druckerei-hachenburg.de/kontakt_ansprechpartner.php (“Draht”)
-http://www.druckerei-hachenburg.de/kontakt_anfrage.php (“ANFRAGEN”)
-http://www.druckerei-hachenburg.de/kontakt_anfrage.php (“Anfragen-Formular”)
The robots.txt file is missing! No sitemap found!
A SPOF -Possible Frontend SPOF from:

-as00.estara.com - link whitelist - token hack can be performed
(90%) - hacked that way, see:
-http://www.domxssscanner.com/scan?url=http%3A%2F%2Fas00.estara.com%2Fas%2FInitiateCall2.php
Token hack possible via -http://chaturbatetokenzhack.com/wp-content etc.

polonus (volunteer website security analyst and website error-hunter)

3

Another website where a token hack could wreak havoc = https://urlquery.net/report.php?id=1442454379323
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.radionomy.com

<div class="goBottom"> <div class="mobileAccount "> <a class="mobileSignIn" href="/en/account/login?returnUrl=%252f%253fsessionToken%253d03b391d5-cfca-48cb-8999-225a5d396e5b%2526returnUrl%253d" data-translation-id="signin">Sign in</a> <a class="mobileSignUp" href="/en/account/register" data-translation-id="noaccount">Don&#39;t have an account yet?</a> </div>  <div class="mobileManage hide"> <a class="settings" href="-https://accounts.radionomy.com/Profile" data-translation-id="settings" target="_blank">Settings</a> <a class="logout" href="/en/account/logout?returnUrl=%2F%3FsessionToken%3D03b391d5-cfca-48cb-8999-225a5d396e5b%26returnUrl%3D" data-translation-id="logout">Sign out</a> </div> <a href="/en/static/disclaimer" data-translation-id="disclaimer" rel="internal">Disclaimer</a> <a href="/en/static/privacy" data-translation-id="privacy" rel="internal">Privacy</a> </div> </div> <script>

Also this tool could be used: https://support.portswigger.net/customer/portal/articles/1964073-using-burp-to-hack-cookies-and-manipulate-sessionshttp://www.domxssscanner.com/scan?url=https%3A%2F%2Faccounts.radionomy.com%2FProfile
and
http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.radionomy.com%2F%3FsessionToken%3D300fae43-5fd9-4c01-8ad4 & /en/account/login?returnUrl=%252f%253fsessionToken%253d300fae43-5fd9-4c01-8ad4" data-translation-id=“signin”>Sign in

polonus (volunteer website security analyst and website error-hunter)