Since 2 weeks this domain is blocked: http://embroidershoppe.com
It’s hosted on W2008 IIS7. I installed Avast for Server V7 and it doesn’t find anything.
I point following domain to the same app: http://www.clipart4embroidery.com and that is NOT blocked.
Spent 3 days on this already. What is the solution?
Thanks to anyone who can shed some light, client is going ballistic over this.
General asp dot net site configuration insecurities:
General asp dot net insercurities on website: https://asafaweb.com/Scan?Url=www.embroidershoppe.com%2Fdefault.aspx
Custom errors Fail , Stacktrace Fail, Excessive headers warning, Clickjacking warning. All could lead to too much info being spread to potential attackers of the site.
I do not mean to say that these are threat alerts, nothing more that general insecure coding that could be abused/exploited.
For the evaluation of your case, we have to consider that particular IP’s security and DNS resolving issues! And then we are going to a new one: htxp://hatchedinafrica.com/
Daily changes → http://www.dailychanges.com/afraid.org/
DNS issues with nameservers: Results for httpembroidershoppe.com
Test Results Status
Checking domain format: Hostname looks good. Pass
Checking for parent nameservers: Found 13 parent nameservers. Pass
Checking for parent glue: Found glue from root nameservers to parent nameservers. Info
NS records at parent nameserver: Your NS records at your parent nameserver are:
Provided by a.gtld-servers.net Info *
Nameservers listed at parent: No nameservers found at parent nameserver. Fail
Your web server appears to reveal version information. This can pose a security risk if vulnerabilities are identified in this version. You should consider disabling version information in your server configuration.
WWW server alert from DNSsy
the clue to it all this is a strange Bot-powered Scam Network , read: https://blog.damballa.com/archives/271
link article credits: – Gunter Ollmann, VP Research
– Credit to Roberto Perdisci for the detailed analysis
I’m impressed. This is very good information. However I still don’t see any reason to block a website for this. I am going to resolve all those issues but what do I tell the client? After all there are no viruses on that server. Thanks for your insight though!
Well the injected hidden code is making this all part of that bot-powered scam. Impressive form of abuse with massive domain cycling for Scam and Phishbusters & Co.