Vulnerable site just recovered from a defacement....

“Dirty flag Turkey” image remained as part of that defacement of 39 days ago!

Vulnerable code that should be retired asap: -http://www.canarounders.com
Detected libraries:
jquery - 1.6 : -http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.5.1
Info: Severity: medium
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://www.canarounders.com/wp-includes/js/swfobject.js?ver=2.2-20120417
swfobject - 2.1 : -http://www.canarounders.com/wp-content/plugins/flash-video-player/swfobject.js
1 vulnerable library detected

Other Outdated Software detected:
HTTP Server: Apache HTTP Server 2.2.29
mod_perl Version: 2.0.8
Operating System: Unix
Perl Version: 5.8.8 (Outdated)
PHP Version: 5.5.27
OpenSSL Version: 0.9.8e-fips-rhel5
Control Panel: cPanel

Server header info proliferation: Apache/2.2.29 Unix mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.8.8

50% of the trackers on this site could be protecting you from NSA snooping. Tell canarounders.com to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties.

d5fb79cb40414a3091XXXXXXXXXXXXX1a1445965753
Trackers are (in my case and with my browser configuration).
Google
Google
Google
-www.canarounders.com
-local.adguard.com
-i.hizliresim.com i.hizliresim.com

See where this scan is landing: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fajax.googleapis.com%2Fajax%2Flibs%2Fjquery%2F1.6%2Fjquery.min.js%3Fver%3D3.5.1
Results from scanning URL: -http://centrotandem.es/wp-content/plugins/designthemes-core-features/shortcodes/js/jquery.flexslider.js?ver=4.2.6
Number of sources found: 16
Number of sinks found: 11 etc. etc.

Hoster and outdated software there: -http://host1.crabservice.com/cgi-sys/defaultwebpage.cgi
HTTP Server: Apache HTTP Server 2.2.29
mod_perl Version: 2.0.8
Operating System: Unix
Perl Version: 5.8.8 (Outdated)
OpenSSL Version: 0.9.8e-fips-rhel5
Control Panel: cPanel
Their service page: https://oscarotero.com/embed/demo/index.php?url=http://host1.crabservice.com/cgi-sys/defaultwebpage.cgihttp://toolbar.netcraft.com/site_report?url=http://host1.crabservice.com
Also a clickjacking warning there…

polonus (volunteer website security analyst and website error-hunter)