Oh brother

OMG is this ever a, uh, questionable company! After seeing the scary reviews (as well as all the unresolved issues in their support forum) I decided to try their online scanner instead. I signed up and responded to the email verification and downloaded the verification file to my root. So I try to start the scan, get nothing but errors, and a form pops up telling me to use an email address at my domain. I change it (reluctantly), and verify again. Now another form pops up asking for all of our company information including phone number which it wasn’t getting (407-000-0000). It asks me to verify yet AGAIN, but seems satisfied and invites me to start the scan. Scan doesn’t start AGAIN and it sends me through several more hoops, and finally informs me that it will call me within a day to verify that I really want a scan. lol NO THANK YOU. There was no option to delete the acct I made, so Acunetix.. please delete my acct for your online scanning. You can identify it by my phone number: 407-000-0000.

Edited to add: “Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute)” from https://www.securiteam.com/securitynews/5NP3600D5Q.html

Edited again to add: Someone tried to log into my site five times yesterday with the user name “1”. The hostname was “ec2-54-224-125-192.compute-1.amazonaws .com” and the referral was “www.acunetix-referrer .com/javascript:domxssExecutionSink(0,”‘\”><xsstag>()refdxss”)”. If there’s a reasonable explanation for this I’d sure like to hear it, but if this isn’t Acunetix they should be aware. about