Skip to main content

Issue and Event overview

Nimbusec Website Security Monitor

Issue Types 2022

Category

Issue TypesDescritpion

Malware

MalwareMalicious code fragments are found on a Web page. Typical examples would be, amongst others, credit card skimmers, crypto miners or tech scams.
 SEO-SpamIf changes on a website are detected while acting as 'googlebot' instead of the default browser agent a warning for suspicious behavior is thrown
DefacementDefacementThe visual appearance of a website was changed to distribute social, political or just for fun messages to the visitor
 Content ViolationChanges of the content of a Web page are detected. These change may be intended by the website owner or may be the result of a malicious attack. However, Nimbusec does not distinguish between legitimate and malicious changes.
ReputationBlacklistThe domain which is subject to review is found on blacklists monitored by Nimbusec
 Suspicious LinkSuspicious resources, based on blacklists monitored by Nimbusec, are embedded (but not loaded) on a Web page. A typical example of this type of event would be a link (a-tag) which points to a suspicious domain found in the Nimbusec blacklist.
 Suspicious RequestA suspicious resource, based on blacklists monitored by Nimbusec, is actively loaded by a Web page. A typical example of this type of event would be a JavaScript source which points to a suspicions domain.
WebshellWebshellMalicious code fragments are found in files monitored by Nimbusec's Server Agent. As files are directly inspected on the Web server additional malicious code such as Webshells may be detected.
ApplicationVulnerableAn application with a possible vulnerability has been found on a website
 CMS TamperedCore file of WordPress change and are only generated by Nimbusec's server agent. However, Nimbusec cannot not distinguish between legitimate and malicious changes.
 OutdatedAn outdated application has been found on a website
TLSTLS ExpiresThe TLS certificate will expire soon
 TLS NotrustUntrusted root certificate
 TLS ProtocolUnsafe TLS protocol allowed in configuration
 TLS SigalgBad signature algorithm
 TLS CiphersuiteUnsafe TLS cipher allowed in configuration
 TLS HostnameHostname does not match certificate
 TLS LegacySymantec legacy certificate in use
 TLS Misconfigured ChainThe received certificate chain was incomplete or misconfigured
 TLS No Https redirectHTTP website does not redirect to HTTPS
 TLS Revoked CertThe certificate was revoked by the owner
ConfigurationBaseline EmptyWrong Agent configuration: empty result