What are they flagging at this website?

See: Up(nil): unknown_html APNIC US abuse at -softlayer.com 119.81.52.55 to 119.81.52.55
-atech.mu -http://web.atech.mu/
Nothing here: http://quttera.com/detailed_report/web.atech.mu
nor here: https://urlquery.net/report.php?id=1454197845338

Outdated Joomla flagged here: Web application details:
Application: Joomla! - Open Source Content Management - http://www.joomla.org

Web application version:
Joomla Version 3.0.4 found at: -http://web.atech.mu/administrator/manifests/files/joomla.xml
Joomla version outdated: Upgrade required.
Outdated Joomla Found: Joomla under 3.4.5

Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_rokajaxsearch
mod_roknavmenu
The following components were detected from the HTML source of the Joomla front page.
com_roksprocket
The following plugins were detected from the HTML source of the Joomla front page.
rokbox
Adding Modules, Components and Plugins to a Joomla site expands your attack surface. These addons are a source of many security vulnerabilities, it is important to always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes. Using the Joomscan scanner you are able to test more aggressively for plugins and modules installed within a Joomla installation.

No retirable jQuery libraries detected.

Could land at spammy links: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fweb.atech.mu%2Fadministrator%2Fmanifests%2Ffiles%2Fjoomla.xml

File malware detected from source IP!

polonus

Nothing from Avast.

Also outdated PHP used.

Hosted at SoftLayer: http://whatismyipaddress.com/ip/119.81.52.55

Hi Steven Winderlich,

Yes and there is also outdated software on the RocketTheme site - the analyzed site uses for Joomla templates:
HTTP Server: Apache HTTP Server 2.2.26 (Outdated)
Operating System: Unix
OpenSSL Version: 1.0.1e-fips
Control Panel: cPanel
And their website server software is talking too loud: Apache/2.2.26 Unix mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fastcgi/2.4.6 (excessive server header info proliferation is what we call this).

Templates pose an alledged security vulnerability → issues with Admin Tools and “unsupported.php”, but the RocketTheme guy say that is the way it should be -

This is just a template file like any other. It could be argued that it’s more secure than the default index.php or component.php because it’s actually simpler and more locked down. It uses the same Joomla API calls that those others do.
Info credits for quote goes to Eoin…

Interesting when we look into this all this, is what we delve up, and learn while doing so :wink:

polonus