# Nimbusec Website Security Monitor Issue Types (Short)

<table border="1" class="align-center" id="bkmrk-malware-web-shell-ap" style="font-family: var(--font-body); font-size: 14px; width: 100%; border-collapse: collapse; border-width: 1px; border-style: hidden;"><colgroup><col style="width: 14.2857%;"></col><col style="width: 14.2857%;"></col><col style="width: 14.2857%;"></col><col style="width: 14.2857%;"></col><col style="width: 14.2857%;"></col><col style="width: 14.2857%;"></col><col style="width: 14.2857%;"></col></colgroup><tbody><tr><td>[MALWARE](https://docs.nimbusec.com/link/365#bkmrk-malware)</td><td>[WEB SHELL](https://docs.nimbusec.com/link/365#bkmrk-web-shell)</td><td>[APPLICATION](https://docs.nimbusec.com/link/365#bkmrk-application)</td><td>[TLS](https://docs.nimbusec.com/link/365#bkmrk-tls)</td><td>[CONTENT](https://docs.nimbusec.com/link/365#bkmrk-defacement)</td><td>[BLACKLIST](https://docs.nimbusec.com/link/365#bkmrk-blacklist)</td><td>[REPUTATION](https://docs.nimbusec.com/link/365#bkmrk-reputation)</td></tr></tbody></table>

##### **Malware**

<table border="1" id="bkmrk-malware-malicious-co" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr><td style="vertical-align: middle;">Malware</td><td>Malicious code fragments are found on a Web page. Typical examples would be, amongst others, credit card skimmers, crypto miners or tech scams.</td></tr><tr><td style="vertical-align: middle;">SEO-Spam</td><td>If changes on a website are detected while acting as 'googlebot' instead of the default browser agent a warning for suspicious behavior is created</td></tr></tbody></table>

##### **Web Shell**

<table border="1" id="bkmrk-web-shell-1" style="border-collapse: collapse; width: 100%; height: 29.7969px;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr style="height: 29.7969px;"><td style="height: 29.7969px; vertical-align: middle;">Web Shell</td><td style="height: 29.7969px;">Malicious code patterns are found in source files based on behaviour patters and signature database of the Nimbusec server agent

</td></tr></tbody></table>

##### **Application**

<table border="1" id="bkmrk-cms-version-cms-vuln" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr><td style="vertical-align: middle;">CMS Version</td><td>An application running on an outdated verrsion has been found on the website</td></tr><tr><td style="vertical-align: middle;">CMS Vulnerable</td><td>An application with a possible vulnerability has been found on the website</td></tr><tr><td style="vertical-align: middle;">CMS Tampered</td><td>Core file of WordPress change and are only generated by Nimbusec's server agent. However, Nimbusec cannot not distinguish between legitimate and malicious changes.</td></tr></tbody></table>

##### **TLS**

<table border="1" id="bkmrk-tls-protocol-unsafe-" style="border-collapse: collapse; width: 100%; height: 314.488px;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Protocol</td><td style="height: 29.7875px;">Unsafe TLS protocol allowed in configuration</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Ciphersuite</td><td style="height: 29.7875px;">Unsafe TLS cipher allowed in configuration</td></tr><tr style="height: 46.4px;"><td style="height: 46.4px; vertical-align: middle;">TLS Sigalg</td><td style="height: 46.4px;">Outdated hash algorithm was used in the creation of the certificate</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Notrust</td><td style="height: 29.7875px;">Untrasted root certificate</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Hostname</td><td style="height: 29.7875px;">Hostname or alternative name does not match the certificate</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Expires</td><td style="height: 29.7875px;">The TLS certificate will expire soon or has already expired</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Legacy</td><td style="height: 29.7875px;">Symantec legacy certificate in use</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Misconfigured Chain</td><td style="height: 29.7875px;">The received certificate chain was incomplete or misconfigured</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">TLS Revoked Cert</td><td style="height: 29.7875px;">The certificate was revoked</td></tr><tr style="height: 29.7875px;"><td style="height: 29.7875px; vertical-align: middle;">No HTTPS Redirect</td><td style="height: 29.7875px;">HTTP website does not redirect to HTTPS</td></tr></tbody></table>


##### **Content**

<table border="1" id="bkmrk-defacement-the-visua" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr><td style="vertical-align: middle;">Defacement</td><td>The visual appearance of a website was changed to distribute social, political or just for fun messages to the visitor</td></tr><tr><td style="vertical-align: middle;">Content Violation</td><td>Changes of the content of a Web page are detected. These change may be intended by the website owner or may be the result of a malicious attack. However, Nimbusec does not distinguish between legitimate and malicious changes.</td></tr></tbody></table>


<span style="color: rgb(0, 0, 0);">**<span style="font-family: var(--font-heading, var(--font-body)); font-size: 1.4em;">Blacklist</span>**</span>

<table border="1" id="bkmrk-blacklist-the-domain" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 50.0596%;"></col><col style="width: 50.0596%;"></col></colgroup><tbody><tr><td style="height: 46.5938px; vertical-align: middle;">Blacklist</td><td style="height: 46.5938px;">The domain which is subject to review is found on blacklists monitored by Nimbusec</td></tr></tbody></table>

##### **Reputation**  


<table border="1" id="bkmrk-suspicious-link-susp" style="border-collapse: collapse; width: 100%; height: 253.563px;"><colgroup><col style="width: 50%;"></col><col style="width: 50%;"></col></colgroup><tbody><tr style="height: 96.9844px;"><td style="height: 96.9844px; vertical-align: middle;">Suspicious Link</td><td style="height: 96.9844px;">Suspicious resources, based on blacklists monitored by Nimbusec, are embedded (but not loaded) on a Web page. A typical example of this type of event would be a link (a-tag) which points to a suspicious domain found in the Nimbusec blacklist.</td></tr><tr style="height: 80.1875px;"><td style="height: 80.1875px; vertical-align: middle;">Suspicious Request</td><td style="height: 80.1875px;">A suspicious resource, based on blacklists monitored by Nimbusec, is actively loaded by a Web page. A typical example of this type of event would be a JavaScript source which points to a suspicions domain.</td></tr></tbody></table>