So a first evaluation here showed us the weaknesses are not particularly in the website code, CMS etc. but more towards the DNS and hosting side of that domain. Let us have some closer look there.
A scan like this one: https://seomon.com/domain/www.mconab.se/performance/ also deliver additional interesting security info for us.
MX
‘MX’ records not found
Others
‘mx’ records not found
CNAME
TTL Target Same
14400 web3.remote24.se 1
And it is just as I said, DROWn vulnerable target: https://test.drownattack.com/?site=web3.remote24.se
1 suggestion and 4 warnings: https://seomon.com/domain/www.mconab.se/html_validator/
error here: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fapi.w.org%2F’+href%3D’http%3A%2F%2Fwww.mconab.se%2Fwp-json → https://codex.wordpress.org/WordPress.org_API
Also compare with: https://aw-snap.info/file-viewer/?tgt=http%3A%2F%2Fwww.mconab.se&ref_sel=GSP2&ua_sel=ff&fs=1
Content not received for: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mconab.se%2Fwp-json%2F
landing on tooltip.js → < script type=‘text/javascript’ src=hxxp://www.mconab.se/wp-content/themes/Centum/js/tooltip.js?ver=4.5.2’> < / script >
See: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.mconab.se%2Fwp-content%2Fthemes%2FCentum%2Fjs%2Ftooltip.js%3Fver%3D4.5.2
Javascipt code error detected:
script
info: [decodingLevel=0] found JavaScript
error: line:4: SyntaxError: missing } after function body:
error: line:4: </div></div>' , trigger: 'hover' , title: '' , delay: 0 } }(window.jQuery);
error: line:4: ...............................................................................^
Well, add one more }); at the end to close the function. It is either the } or the semi-colon.
Error may work through as a server bug as well. That is why the folowing proliferation may be a give-away.
7 reds out of 10: http://toolbar.netcraft.com/site_report?url=http://www.mconab.se
Windows Server 2008 has server header info proliferation → Apache/2.4.3 Win32 OpenSSL/1.0.1c PHP/5.6.21
The offensive code that once did lead to a Google Safebrowsing block, now cleansed, see: http://sakrare.ikyon.se/log.php?id=148929
which was -web3.remote24.se abuse
Domain whois: https://whois.domaintools.com/mconab.se
We are delving deep into this website’s aspects, but that is what it takes to be able to better protect others,
anyhow chapeau for those that sre maintaining this website online, I wish many another site had that website security implemented.
Certainly a site for the Hall of Fame, a bit of a pity the hoster isn’t that security aware, but average.
Third party tested by,
polonus (volunteer website security analyst and website error-hunter)