Sometimes it seems website security is virtually non-existent!

Dear forum friends,

Those that follow the postings on website URL checking in the “virus and worms” section of this forum may have already noticed, but to others I have to say that there is an enormous amount of sites online that have virtually no website security at all. This is not because the site owners or hosters thereof are cybercriminals, malcreants, blackhat hackers or fraudulent malvertisers. No, this is because a lot of folks are a threat to their visitors by putting a website up, absolutely ignorent of any security measures they should take, they know nothing about securing websites - nada. No input checks, full server version number exposed to the world (and hackers), no masquerading of the WP items they use. Do you know for instance that a WordPress theme like “arras” is so exploitable that it is “low hanging fruit” for those that want to take over your website and inject it with obfuscated malcode, put malicious iFrames there that redirect to malicious sites and cookie manipulation. What we experience everyday (Pondus, !Donovan, others and little old me) make the cold shivers run down your spine from awe. Apparently website owners only react as their websites are being blocked or users complain about the avast shields that won’t allow to go to their favorite URL. There is much to be done in this field, but let this posting be a first reminder,

polonus

You’re right on target, Polonus!

 People should also be aware that just because they might be using "website safety indicators", such as, [b]WOT[/b], and McAfee's [b]SiteAdvisor[/b] rating system, etc - - they are [b]NOT[/b] always a valid indicator of a website's safety either.  I've seen many websites where they displayed the green check mark from SiteAdvisor and/or even a positive WOT rating, yet when I checked the URL against the [b]hosts-file.net[/b] database (for example), lo and behold, I see the site is known for malicious activity!

Regards to all & be safe on-line!

Well WOT, McAfee’s SiteAdvisor, Webutation and also our avast!Web Rep are mainly concerned with web reputation and as good as user’s input will allow.
There are also blocking and real time scanning extensions that can guide you on the Internet for what clicks to avoid, DrWeb’s URL checker, M86Security Secure Browsing, Bitdefender’s TrafficLight, and a couple of online scanners to scan suspicious websites against:
zulu.zscaler.com
urlquery.net
http://sitecheck.sucuri.net/scanner/
safersite.de
VTchromizer (to click and scan with virustotal
http://vscan.urlvoid.com/?url=
and a couple of special scanners and file-viewers to be used in the hands of website security experts and the security savvy.
Those that still have problems, questions about a particular URL can post in the virus and worms,
and we will have a look what cold reconnaisance can find there,

polonus