Website recovering from SE redirect and still with insecurity!

This website is in the process of recovering or has recovered from a SE redirection compromittal.
Developer’s code used on this website (jQuery and JS etc.) always comes tested by the developer with a status “fit-to-use”, no more no less, as it was not particulary tested for other vulnerabilities. Retirable code had that “fit-to-use” status once, but while being used testing may have come to show additional vulnerabilities. That is the situation for which researchers test. For third party cold reconnaissance scan testing performed here the situation asks for a wider combination of various third party scan results and evaluation based on experiece and expertise. This website is not malicious as such, but has various security issues, basically on the hosting server side. The website developers tried to do a decent job as far as the underlying conditions allowed them to. :wink:

Re: http://killmalware.com/hongball.club/#
Detected libraries:
jquery - 1.7 : (active1) -http://www.hongball.club
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code (and is exceeding max. runtime,so we ran a DNS scan on website *)
1 vulnerable library detected

See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fhongball.club%2Fmember.php%3Fc%3Dlogin


-hongball.club/data/captcha/ckstr.php
     info: [decodingLevel=0] found JavaScript
     error: line:3: SyntaxError: missing = in XML attribute:
error: undefined variable $
     error: undefined function $
     error: line:4: SyntaxError: missing = in XML attribute:

and

window.location.href.split

without hash , but everything was coded with same origin rule being respected *
→ All Name Servers Responded
FAIL: While quering domain’s records, some of your name servers didn’t respond. Name servers which didn’t respond:
udp4:122.228.80.248
We found different serial numbers on your name servers, it’s OK if you had modified your zone recently. Probably occured because of the SE redirect…Hash Dos Patch not mitigated…low F-Status here: https://securityheaders.io/?q=http%3A%2F%2Fwww.hongball.club
vulnerable to clickjacking, as it doesn’t look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack. Add a header to explicitly describe the acceptable framing practices (if any) for this site.

Insecure IDs Tracking detected: This website is insecure.
33% of the trackers on this site could be protecting you from NSA snooping. Tell hongball.club to fix it.

All trackers
At least 3 third parties know you are on this webpage.

-shaaaaaaaaaaaaa.com
-ww.hongball.club
-js.users.51.la - js.users.51.la

More vulnerability on the nameserver side: -juming.dnsdun.com = DROWn exploitable, see: https://test.drownattack.com/?site=juming.dnsdun.com and is vulnerable to MiM attacks.

Hoster rep not trustworthy? 50% score: https://www.mywot.com/en/scorecard/172-247-135-72.rdns.cloudradium.com?utm_source=addon&utm_content=rw-viewsc

polonus (volunteer website security analyst and website error-hunter)