Script that better comes blocked...

Security Outsourcing developer website vulnerable to DROWn: https://test.drownattack.com/?site=www.nixsolutions.com
75% of the trackers on this site could be protecting you from NSA snooping. Tell nixsolutions.com to fix it.

Identifiers | All Trackers

Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.

s4b6bih5pxxxxxxxghr5ljkk90 -www.nixsolutions.com phpsessid

Script loaded: -https://mc.yandex.ru/watch/22671151/1?wmode=5&callback=_ymjsp265718848&page-url=http%3A%2F%2Fwww.nixsolutions.com%2F&browser-info=s%3A1024x768x32%3Ask%3A1%3Afpr%3A216613626101%3Acn%3A1%3Aw%3A400x300%3Az%3A60%3Ai%3A20160316161114%3Aet%3A1458141074%3Aen%3Autf-8%3Av%3A680%3Ac%3A1%3Ala%3Ac%3Als%3A1356592138011%3Arqn%3A1%3Arn%3A737364821%3Ahid%3A161058672%3Awn%3A43056%3Ahl%3A1%3Arqnl%3A1%3Ast%3A1458141074%3Au%3A1458141074580174930%3At%3ANIX%20Solutions%20–%20Outsourcing%20Offshore%20Software%20Development%20Company
comes blocked for me in browser. Why?
http://www.domxssscanner.com/scan?url=https%3A%2F%2Fmc.yandex.ru%2Fwatch%2F22671151%2F1%3Fwmode%3D5%26callback%3D_ymjsp265718848%26page-url%3Dhttp%253A%252F%252Fwww.nixsolutions.com%252F%26browser-info%3Ds%253A1024x768x32%253Ask%253A1%253Afpr%253A216613626101%253Acn%253A1%253Aw%253A400x300%253Az%253A60%253Ai%253A20160316161114%253Aet%253A1458141074%253Aen%253Autf-8%253Av%253A680%253Ac%253A1%253Ala%253Ac%253Als%253A1356592138011%253Arqn%253A1%253Arn%253A737364821%253Ahid%253A161058672%253Awn%253A43056%253Ahl%253A1%253Arqnl%253A1%253Ast%253A1458141074%253Au%253A1458141074580174930%253At%253ANIX%2520Solutions%2520%25E2%2580%2593%2520Outsourcing%2520Offshore%2520Software%2520Development%2520Company
See where it lands this time? Results from scanning URL:
-http://etlibroscristianosdelospastore.tripod.com/adm/zbl/js/jquery/jquery-1.6.4.min.js
Number of sources found: 38
Number of sinks found: 18

Detected excessiveserver header info proliferation: nginx/1.8.1

A serious developer site working with WeirdPress :o Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 None
2 admin admin
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Information Linked iFrames
Compromised sites will often contain embedded iframes that can also deliver malicious code to visitors of the web site. Check any discovered iframes and ensure they are legitimate.

//www.googletagmanager.com/ns.html?id=GTM-MCMFCS

A writable directory where there should not be one:
https://wordpress.org/support/topic/spacker-cache
HTTP only cookies: Warning

Requested URL: http://www.nixsolutions.com/ | Response URL: http://www.nixsolutions.com/ | Page title: NIX Solutions – Outsourcing Offshore Software Development Company | HTTP status code: 200 (OK) | Response size: 121,365 bytes (gzip’d) | Duration: 750 ms
Overview
Cookies not flagged as “HttpOnly” may be read by client side script and are at risk of being interpreted by a cross site scripting (XSS) attack. Whilst there are times where a cookie set by the server may be legitimately read by client script, most times the “HttpOnly” flag is missing it is due to oversight rather than by design.

Result
It looks like 6 cookies are being set without the “HttpOnly” flag being set (name : value):

geo_on : 1
country_code : US
country_code3 : USA
country_name : United+States
collect_referer : 3679354638
visitor : 1b7c1034f6c91c2a7aeafb6c3d28cc59
Unless the cookie legitimately needs to be read by JavaScript on the client, the “HttpOnly” flag should always be set to ensure it cannot be read by the client and used in an XSS attack.

It doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

For a security outsourcing site this certainly does not look ´up to par´. There some work to be done in old Kahrkiv :wink:
See: ssh-2.0-openssh_5.3 p22

[quote] 220---------- welcome to pure-ftpd [privsep] [tls] ----------\x 0d\x0a220-you are user number 3 of 50 allowed.\x0d\x0a220-local time. [-quote] ftp (third party info OpenClam)

polonus (volunteer website security analyst and website error-hunter’