See: http://killmalware.com/fytotech.com/# see: http://toolbar.netcraft.com/site_report?url=http://fytotech.com
For this link I get a not found: -http://fytotech.com/googledrive.com/host/0B0FAryoVedK0Szk4WW9GR3ZKWDg/modernizr.custom.86080.js
Also get
The requested URL /d173vqb05g6hza.cloudfront.net/js/hela/app.js/ was not found on this server.Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Server at fytotech.com Port 80
This link comes blocked by adware blocker uBlock Origin: -http://d.rapsio.com/intext/static.js?v=6
On hacked site we find blocked for me on the client - browser: -fytotech.com 1 2
-∗.ayyildiz.org 1 1
-d1ui18tz1fx59z.cloudfront.net 1
-∗.digitaloptout.com 1
-∗.hizliresim.com 9
-shaaaaaaaaaaaaa.com 1
-∗.youtube.com 1
How was the attack performed? For real security we have to check all input on the server. The hash table denial of service vulnerability (hash DoS) allows an attacker to make a POST request with a very large number of parameters constructed to cause hash collisions:
POST inline event on http:
onclick
PostExcessiveParams("-http://fytotech dot com/",
return
'-blank',
1001)
Server insecurity: Result Excessive Server Header Info Proliferation.
The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Configuring the application to not return unnecessary headers keeps this information silent and makes it significantly more difficult to identify the underlying frameworks.
Clickjacking: Warning
For code see: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Ffytotech.com%2F&useragent=Fetch+useragent&accept_encoding=
polonus (volunteer website security analyst and website error-hunter)