Nimbusec Website Security Monitor Issue Types (Short)
Malware
| Malware | Malicious code fragments are found on a Web page. Typical examples would be, amongst others, credit card skimmers, crypto miners or tech scams. |
| SEO-Spam | If changes on a website are detected while acting as 'googlebot' instead of the default browser agent a warning for suspicious behavior is created |
Web Shell
| Web Shell |
These issues can only be created by the server agent that runs directly on the web server when either YARA signatures are triggered, or something is detected by the "ShellRay" model. |
Application
| CMS Version | An application running on an outdated verrsion has been found on the website |
| CMS Vulnerable | An application with a possible vulnerability has been found on the website |
| CMS Tampered | Core file of WordPress change and are only generated by Nimbusec's server agent. However, Nimbusec cannot not distinguish between legitimate and malicious changes. |
TLS
| TLS Protocol | Unsafe TLS protocol allowed in configuration |
| TLS Ciphersuite | Unsafe TLS cipher allowed in configuration |
| TLS Sigalg | Outdated hash algorithm was used in the creation of the certificate |
| TLS Notrust | Untrasted root certificate |
| TLS Hostname | Hostname or alternative name does not match the certificate |
| TLS Expires | The TLS certificate will expire soon or has already expired |
| TLS Legacy | Symantec legacy certificate in use |
| TLS Misconfigured Chain | The received certificate chain was incomplete or misconfigured |
| TLS Revoked Cert | The certificate was revoked |
| No HTTPS Redirect | HTTP website does not redirect to HTTPS |
Content
| Defacement | The visual appearance of a website was changed to distribute social, political or just for fun messages to the visitor |
| Content Violation | Changes of the content of a Web page are detected. These change may be intended by the website owner or may be the result of a malicious attack. However, Nimbusec does not distinguish between legitimate and malicious changes. |
Blacklist
| Blacklist | The domain which is subject to review is found on blacklists monitored by Nimbusec |
Reputation
| Suspicious Link | Suspicious resources, based on blacklists monitored by Nimbusec, are embedded (but not loaded) on a Web page. A typical example of this type of event would be a link (a-tag) which points to a suspicious domain found in the Nimbusec blacklist. |
| Suspicious Request | A suspicious resource, based on blacklists monitored by Nimbusec, is actively loaded by a Web page. A typical example of this type of event would be a JavaScript source which points to a suspicions domain. |