Site with errors and outdated CMS defaced

See custom errors and other asp.net insecurities: https://asafaweb.com/Scan?Url=aspentheseries.com
Spam etc. check:
Suspicion of Spam in this case defacement: pentheseries dot com/?page_id=43">hacked by team system dz

  • |<a hr…
    Site wide check:
    Suspicious
    efgfpjsrmnyq92_mjs2bntw9dwhg">hacked by team system dz | aspen the series - comedy tv
    <div class=
    Included script check:
    Suspect - please check list for unknown includes
    Suspicious Script:
    htxp://aspentheseries.com/wp-includes/js/prototype.js?ver=1.6
    document.write(“</script>”); $(“__ondomcontentloaded”).onreadystatechange = function() {

    Technology report on site: http://builtwith.com/aspentheseries.com
    Recommended scan: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Faspentheseries.com
    defaced: http://sucuri.net/malware/entry/MW:DEFACED:01

    Web application version:
    WordPress version: WordPress 2.9.2
    Wordpress version from source: 2.9.2
    Wordpress Version 2.9.x based on: htxp://aspentheseries.com/wp-includes/js/autosave.js
    WordPress directory: htxp://aspentheseries.com/wp-content
    WordPress theme: htxp://aspentheseries.com/wp-content/themes/aspentheseries/
    WordPress version outdated: Upgrade required.

    Defacement still on here: htxp://aspentheseries.com/?page_id=43 → http://jsunpack.jeek.org/?report=29fa01ff175f2702e38f6d997396c9ccef607f1f

    polonus

  • Site is clean as such and will pass as clean, but there are so many insecurities, that you almost can wait for a new disaster to happen (a IIS7 exploit run?). Also here there is DNS issues - delegation, nameserver and soa - flagged: http://dnscheck.pingdom.com/?domain=aspentheseries.com
    A lethal brew from non interrelated security measures, ignorance, lack of knowledge, unprofessionalism and sloppy maintenance. Yes, site is waiting for a coming infestation. Site clean but as vulnerable as …

    polonus

    P.S. Defacement webdav exploit is easily performed, because of existing IIS7 configuration errors - script kiddie level actually.

    D

    Kind of similar detection, site being hacked/defaced now for 59 days!
    The particulars here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fmalaysiaonsale.com
    See: http://killmalware.com/malaysiaonsale.com/#
    Details: http://sucuri.net/malware/entry/MW:DEFACED:01http://www.domainleia.com/www/malaysiaonsale.com
    Missed completely here: http://app.webinspector.com/public/reports/20660093

    polonus