
Cyber Security Scans - Part 2
In our previous Cyber Security Scan post, we began discussing the findings of the initial scan. Here are the rest of the scan results.
There are a total of 87 findings in the “DNS HEALTH” section
There are 0 high-severity findings
There are 11 medium-severity findings
- There are 11 findings in the “SPF Record Missing” category; they are all related to other websites on my server
There are 76 medium-severity findings
- There is 1 finding in the “Malformed SPF Record” category, which is related to another website on my server
- There are 75 findings in the “SPF Record Contains a Softfail” category; they are all related to other websites on my server
So for this particular website, there isn’t any action for this section. I will circle back and clean up the other websites on the server as soon as I complete this effort
Today, the “DNS HEALTH” section looks like:
There are a total of 811 findings in the “PATCHING CADENCE” section
There are 239 high-severity findings
- There are 122 findings in the “High Severity CVEs Patching Cadence” category, 26 findings are on the website, back end, and the rest belong to the IP address that is used by the remote monitoring service. I updated the two plug-ins that were out of date (if you operate a WordPress website, you know how quickly a plug-in can get out of date, since there isn’t a standardized release or “patch” day
- Those that deal with the website have been resolved, as we were one version behind in my email software. And five that are bogus, as they apply to a version of WordPress you don’t have; you were upgraded from that version long ago. So they need to figure out what is wrong with their scanner for those five. My Exim installation was version 4.93 and not version 4.94.2. I patched the installation. The five that were bogus I disputed, and they removed (funny as it is, at the time we were on WordPress core 5.8.1, and they were referring to vulnerabilities in version 4.7.2). I manually checked each of the referenced files to confirm that they were the correct version
- There are 117 findings in the “High-Severity Vulnerability CVE” category, 109 findings are for the IP address that is used by the remote monitoring service, and 8 findings are on my server that are related to the previous email software that was one version out of date
There are 528 medium-severity findings
- There are 255 findings in the “Medium Severity CVE” category, 46 findings are for the IP address that is used by the remote monitoring service, and the rest are on the DNS server, which has since been upgraded as it was one version out of cycle
- There are 273 findings in the “Medium-Severity Vulnerability in Last Observation” category, a majority are for the IP address that is used by the remote monitoring service, and the rest are on the DNS server, which has since been upgraded
There are 44 low-severity findings
- There are 22 findings in the “Low Severity CVEs Patching Cadence” category, 5 findings were for the DNS server (which has been upgraded), and the other 17 vulnerabilities were all for the IP address that is used by the remote monitoring service
Today, the “PATCHING CADENCE” section looks like:
There are a total of 2,383 findings in the “APPLICATION SECURITY” section
There are 194 High Severity findings
- There are 194 findings in the “Site does not enforce HTTPS” category. They are all for other websites on my server. I assigned this client’s website a new IP address, where they were the only website on it, to help alleviate this silliness
There are 759 medium-severity findings
- There are 431 findings in the “Content Security Policy (CSP) Missing” category; these are all for other websites on my server
- There are 48 findings in the “Insecure HTTPS Redirect Pattern” category, the majority are for other websites on my server
- There are 25 findings in the “Redirect Chain Contains HTTP” category; the majority are for other websites on my server
- There are 255 findings in the “Website Does Not Implement HSTS Best Practices” category; the majority are for other websites on my server
There are 948 low-severity findings
- There are 90 findings in the “Cookie Missing ‘Secure’ Attribute” category; the majority are for other websites on my server
- There are 29 findings in the “Session Cookie Missing ‘HttpOnly’ Attribute” category; the majority are for other websites on my server
- There are 428 findings in the “Website does not implement X-Content-Type-Options Best Practices” category; the majority are for other websites on my server
- There are 401 findings in the “Website does not implement X-Frame-Options Best Practices” category; the majority are for other websites on my server
The following are actually HTTP Header issues with WordPress websites:
- Cookie Missing ‘Secure’ Attribute
- Content Security Policy (CSP) Missing
- Website does not implement X-XSS-Protection Best Practices
- Content Security Policy Contains Broad Directives
- Website does not implement X-Frame-Options Best Practices
- Website does not implement X-Content-Type-Options Best Practices
And to be honest, I have never dealt with this one before, but it was quickly resolved and removed from the results.
Today, the “APPLICATION SECURITY” section looks like:
All said and done, they were scanning 47 total IP addresses in 3 countries for some reason. One of the websites that appeared in the list of vulnerabilities moved away from my server over 10 years ago, talk about a flashback.
In the next post, I will cover the remaining items in the “APPLICATION SECURITY” section and wrap this all up.


