Richard Howells wrote:
Without some context I don't see how you can take the scan results seriously.
For example - It states positively that this web site is running phpCMS. You are able to tell us that there is no php in sight. If it's so far wrong that it positively identifies the wrong product why would we take any of its output seriously?
If you are under management pressure - ie they have paid for this scan and therefore are motivated to believe it - you will have to gather more information. For example it's not very useful to state that the site as a whole suffers from a problem. There can be site wide problems but if you have to attack this you'll need to start off with a specific page; a specific example of the test input; and a far more precise statement of why the result is wrong/bad/broken.
Richard, thanks for the reply.
We had a professional scan done on a number of our external IP address as well as this one and a lot of the issues which were in the "high" category I was able to re-mediate, for example this website (acuigen.com/IP address) was showing unnecessary HTTP response headers.
I am not trying to say that either the scan nor anyone here is falsely identifying anything, as *from my limited knowledge* we haven't used any php for the site. HOWEVER we are using some 3rd party plugins/modules which may be causing this issue *again I don't know*. I can have a look into the files on the web server if need be.
For the skin we are using this template here: http://demo7.dnngo.net/20047/en-us/home.aspx
For our blog we are using this: http://www.dnngo.net/OurModules/xBlog.aspx
These 4 I've put in here are ones which I don't really have much experience about and even from google searching I didn't get a great idea of what they were caused by or how to fix them, apologies if I've come off as someone just complaining about problems which aren't in-fact to do with DNN.