April 22nd, 2004, 04:33 AM
I have just created and uploaded a website of my own.
I just wanted to how to check for the loopholes or vulnerabilities for it. And what things should be checked to make sure of it security?
Now is the moment, or NEVER!!!
April 22nd, 2004, 04:43 AM
Well, I would first check the source code of course. Is there some kind of admin utility that lets you upload the site remotely? If so make sure your directories are not world readable. Make sure your directories arent world readable anyway, there is no reason for ANYONE to be in a directory. Are there any input areas where you can put in any string variables? Those tend to be insecure, make sure those are secure. Thats all for now
April 22nd, 2004, 04:44 AM
I'm guessing since you said you uploaded it that it's hosted elsewhere. Basically you should hope that your host keeps up to date with patches. If your host doesn't, then there is a chance that there maybe be a vulnerability in something such as the ftp server. And that may allow them to gain full access to the host. What you probably want to is make sure you have a strong password on whatever you use to upload. You don't want it to be brute forced or anything. Also be careful with directory permissions. If you have a directory with no index, you probably don't want the users to get a directory listing when they navigate to that directory. That will probably be turned off on the host, but if not you can set permissions to only allow executing, not reading on the directory. As for your code... I'm not too good with that aspect. Just keep it clean . lol. Good luck and I hope your site is a success.
April 22nd, 2004, 03:08 PM
ello theres this software that ive use a demo version then try it on my website got a good report on your security try to visit this site..
you can use this to scan your page and find out its vulnerabilities using exploits on HTML scripts and the risk involve... etc and also your server status and how can you fix it... hope this help a little bit on what your looking for...
have a happy day
April 22nd, 2004, 03:40 PM
Now I hope you have set this up on a machine on YOUR network right? If you scan someone elses network and/or try to exploit weaknesses in the webserver you can get in trouble. If its on your local network, then have a good time. Also, make sure to scan the computer with the webserver on it from another machine or you will get weird results.
N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)
April 23rd, 2004, 08:27 AM
Hey, thanks guys for all this stuff!!
yes, it is hosted on yahoo (geocities) so no virus threats...
and The Duck, as u said, i checked the source code... (heretic) and directories.. all seems fine...
i havent tried that website yet, but will do that too..
ther's one password field, n i tried to make it as secure as i can!!
anything else, i need to check??
do tell me!!
Now is the moment, or NEVER!!!