Nimbusec Website Security Monitor Issue Types (Short)
| MALWARE | DEFACEMENT | REPUTATION | TLS | APPLICATION | CONFIGURATION |
Malware
| Malware | Malicious code fragments are found on a Web page. Typical examples would be, amongst others, credit card skimmers, crypto miners or tech scams. |
| SEO-Spam | If changes on a website are detected while acting as 'googlebot' instead of the default browser agent a warning for suspicious behavior is created |
Web Shell
| Web Shell |
Application
| CMS Version | An application running on an outdated verrsion has been found on the website |
| CMS Vulnerable | An application with a possible vulnerability has been found on the website |
| CMS Tampered | Core file of WordPress change and are only generated by Nimbusec's server agent. However, Nimbusec cannot not distinguish between legitimate and malicious changes. |
TLS
| TLS Protocol | Unsafe TLS protocol allowed in configuration |
| TLS Ciphersuite | Unsafe TLS cipher allowed in configuration |
| TLS Sigalg | Outdated hash algorithm was used in the creation of the certificate |
| TLS Notrust | Untrasted root certificate |
| TLS Hostname | Hostname or alternative name does not match the certificate |
| TLS Expires | The TLS certificate will expire soon or has already expired |
| TLS Legacy | Symantec legacy certificate in use |
| TLS Misconfigured Chain | The received certificate chain was incomplete or misconfigured |
| TLS Revoked Cert | The certificate was revoked |
| No HTTPS Redirect | HTTP website does not redirect to HTTPS |
Content
| Defacement | The visual appearance of a website was changed to distribute social, political or just for fun messages to the visitor |
| Content Violation | Changes of the content of a Web page are detected. These change may be intended by the website owner or may be the result of a malicious attack. However, Nimbusec does not distinguish between legitimate and malicious changes. |
Blacklist
| Blacklist | The domain which is subject to review is found on blacklists monitored by Nimbusec |
Reputation
| Suspicious Link | Suspicious resources, based on blacklists monitored by Nimbusec, are embedded (but not loaded) on a Web page. A typical example of this type of event would be a link (a-tag) which points to a suspicious domain found in the Nimbusec blacklist. |
| Suspicious Request | A suspicious resource, based on blacklists monitored by Nimbusec, is actively loaded by a Web page. A typical example of this type of event would be a JavaScript source which points to a suspicions domain. |
No Comments