securing my website?
Results 1 to 8 of 8

Thread: securing my website?

  1. #1
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128

    securing my website?

    i run a website www.victorcharlie.net. it has a phpBB forum hosted on a linux box(which i do not have local access too) my server is hosted by venturesonline.com
    any way ill just ask this. is there a way for people too see if my website is secure? maybe if some kind people here from ao can help point out vulnerabilities.
    THIS IS MY WEBSITE and i can do anything to it to prove so. Is this a strange question?
    -Simo

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    maybe if some kind people here from ao can help point out vulnerabilities.
    i cant find the thread now but a user once told AO users to test the security on their site ...but it the end it wasnt their site and it almost got lawyers involved ... JP at the end told us ..... dont do penetration testing until you have a contract signed with the company/organization owning the website .... but if you want we would be glad to tell you what are some known vulnebarities etc etc etc ....

    http://forums.devshed.com/related/sh...ities+website?
    http://astalavista.box.sk/cgi-bin/ro...ubmit=+search+
    http://stylusinc.com/Common/AboutUs/WebsiteSecurity.php

  3. #3
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    sure...do it up..PM me of couse ;-]
    -Simo

  4. #4
    Webius Designerous Indiginous
    Join Date
    Mar 2002
    Location
    South Florida
    Posts
    1,123
    2.0.4 does have some exploits available. The fixes are loacted at phpbb.com in the anouncement sections. It has to do with a vulnerable file that may give the user admin privlidge, and also may allow them to acces to the webserver, and maybe even etc/passwd if they are good.

    Goto www.phpbb.com for more information.

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    508
    PhpBB 2.0.5 have exploits too on SQL injection, what version phpBB do you have?
    Not an image or image does not exist!
    Not an image or image does not exist!

  6. #6
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    2.0.4
    -Simo

  7. #7
    Kwiep
    Join Date
    Aug 2001
    Posts
    924
    Just keep up to date with some vulnerability lists or maillists. There are hundreds of those.
    The vuln's pointed out by xmaddness and sweet_angel can both be found on securityfocus:

    http://www.securityfocus.com/bid/7932 and the fix: http://www.phpbb.com/phpBB/viewtopic.php?t=113826

    http://www.securityfocus.com/bid/7979 and the fix:
    http://www.phpbb.com/phpBB/viewtopic.php?t=112052
    the sql injection (second) makes both 2.0.4 and 2.0.5 vuknerable, but is very unlikely to be used because of its needs like rioter pointed out in another thread about the same
    only works if you have register globals on and you would be stupid to have that on anyway
    p.s.
    this is my ****ing 500th post *shrug*
    Double Dutch

  8. #8
    Senior Member
    Join Date
    May 2003
    Location
    Rochester, New York
    Posts
    128
    i still havent found any weakness' on my site, but i heard from irc that /cpanel websites hosted on linux boxes are vulnerable
    -Simo

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •