Nimbusec Website Security Monitor Issue Types (Short)
| MALWARE | WEB SHELL | APPLICATION | TLS | CONTENT | BLACKLIST | |
| CONFIG |
|
Malware
| Malware | Malicious code fragments are found on a Web page. Typical examples would be, amongst others, credit card skimmers, crypto miners or tech scams. |
| SEO-Spam | If changes on a website are detected while acting as 'googlebot' instead of the default browser agent a warning for suspicious behavior is created |
Web Shell
| Web Shell |
Malicious code patterns are found in source files based on behaviour patters and signature database of the Nimbusec server agent |
Application
| CMS Version | An application running on an outdated verrsion has been found on the website |
| CMS Vulnerable | An application with a possible vulnerability has been found on the website |
| CMS Tampered | Core file of WordPress change and are only generated by Nimbusec's server agent. However, Nimbusec cannot not distinguish between legitimate and malicious changes. |
TLS
| TLS Protocol | Unsafe TLS protocol allowed in configuration |
| TLS Ciphersuite | Unsafe TLS cipher allowed in configuration |
| TLS Sigalg | Outdated hash algorithm was used in the creation of the certificate |
| TLS Notrust | Untrasted root certificate |
| TLS Hostname | Hostname or alternative name does not match the certificate |
| TLS Expires | The TLS certificate will expire soon or has already expired |
| TLS Legacy | Symantec legacy certificate in use |
| TLS Misconfigured Chain | The received certificate chain was incomplete or misconfigured |
| TLS Revoked Cert | The certificate was revoked |
| No HTTPS Redirect | HTTP website does not redirect to HTTPS |
Content
| Defacement | The visual appearance of a website was changed to distribute social, political or just for fun messages to the visitor |
| Content Violation | Changes of the content of a Web page are detected. These change may be intended by the website owner or may be the result of a malicious attack. However, Nimbusec does not distinguish between legitimate and malicious changes. |
Blacklist
| Blacklist | The domain which is subject to review is found on blacklists monitored by Nimbusec |
Reputation
| Suspicious Link | Suspicious resources, based on blacklists monitored by Nimbusec, are embedded (but not loaded) on a Web page. A typical example of this type of event would be a link (a-tag) which points to a suspicious domain found in the Nimbusec blacklist. |
| Suspicious Request | A suspicious resource, based on blacklists monitored by Nimbusec, is actively loaded by a Web page. A typical example of this type of event would be a JavaScript source which points to a suspicions domain. |
Configuration
| opendir | When a web server’s directory listing is enabled, anyone can browse the contents of folders (e.g., `/files/`) instead of being restricted to specific pages. |
| php Error | When PHP error messages are shown directly to users instead of being logged securely. |
| public config | Apache status pages are checked for public accesibillity. |
| Security Header config |
Will be shown if SHR rating is grade "D" or lower. |
No comments to display
No comments to display