What do you think of my site?

[wiskic10_4]

Hey AO!

So I've had this site up since February. Its general purpose is to serve as my blog and as a personal Internet file server. However, now I'm thinking I would like to use it to generate more computer repair work for myself.

I recently added a comment script at the bottom of the page. I don't know PHP, and I found this one for free. It implements CAPTCHA security, but I'm sure that it could be subverted easily. I tried to paste some redirect code in it, and it didn't redirect my site... so that's a good thing...

Anyway, I guess what I want to know is:

- Could someone use the comment box to deface/redirect my site?
- I'd like to add a page where people could fill out and submit work-orders to me for computer work - thoughts?
- Is there an easy way to get my site at the top of the list when someone Googles "computer repair Corpus Christi"?
- Is there any way to get my favicon to work again? GoDaddy says "no" - since I am using the domain name I purchased from them to redirect to my server's IP and I wish to mask that IP w/ the domain name - they just put a frame around my site... kind of shoddy if you ask me, but what do I know...

The site: http://www.jeremydeanonline.com

Your thoughts are appreciated! Thanks!
- Jeremy

[HYBR|D]

You really absolutely positive you want us to have "Play Time" on it?

can i just ddos the server until it goes off-line?

is your ISP ok with you doing this sort of thing?

wouldn't want you to get in trouble if they get all pissey over sudden large amounts of traffic clogging there interwebz.

i'll have a play latter on, got a few other things on atm.

[wiskic10_4]

Well, it wasn't an open invitation for a DDOS attack, but I guess simply having a domain is an invitation for anyone who stumbles across your site and has waaay too much time on their hands.

I was more concerned about the comments script I just added and whether or not it could be used to deface or redirect the site, as well as the other questions I asked in the OP.

Certainly, my ISP isn't "ok" with me requesting DDOS attacks, but I would assume they would just unlease my modem if it was obvious that it was being DDOSed.

And I and my family would be stuck w/out Internet until I was leased a new IP...

[HYBR|D]

Well, it wasn't an open invitation for a DDOS attack, but I guess simply having a domain is an invitation for anyone who stumbles across your site and has waaay too much time on their hands.

I was more concerned about the comments script I just added and whether or not it could be used to deface or redirect the site, as well as the other questions I asked in the OP.

Certainly, my ISP isn't "ok" with me requesting DDOS attacks, but I would assume they would just unlease my modem if it was obvious that it was being DDOSed.

And I and my family would be stuck w/out Internet until I was leased a new IP...

It's more of a case that your running the site from your home, so 1 would assume it would be a weak connection, therefore if someone happened to flood the server thus causing it to lock up needing a reboot it would reviel all sorts of nifty info.

the ISP question was more if your running the site from your home sever and if people/s started trying to mess with your site they would notice the "increase" of activity on your line and i was curious if they would re-act in a bad way.

Not from just a Ddos but mainly what if someone pwns your site and uses it to inject malware to innocent visitors?

I would assume your ISP would shut your connection down until it was fixed, causing yourself grief. & advertising here off all places "Hey everyone i'm runnig a website from my homeserver, come and see if you can pwn it so i can better lock it down" isn't the wisest thing to do.

I was/am tempted to flood your line simply because it's something a skiddie would do, and that is what will happen posting a open request in a publicly viewable medium.

Personally i would of either started a thread in Addicts or PM a view choice members.

[wiskic10_4]

It's more of a case that your running the site from your home, so 1 would assume it would be a weak connection, therefore if someone happened to flood the server thus causing it to lock up needing a reboot it would reviel all sorts of nifty info.

I'm interested to know if someone could DDOS it into rebooting/locking up? I wouldn't think so - more likely it would just overload the router, causing a "back-up" - and put me offline... I'm sure there is a limit on how much traffic I can have incoming?

the ISP question was more if your running the site from your home sever and if people/s started trying to mess with your site they would notice the "increase" of activity on your line and i was curious if they would re-act in a bad way.

Not from just a Ddos but mainly what if someone pwns your site and uses it to inject malware to innocent visitors?

I don't think there are any rules against running an apache/ssh server from your personal line? Nor any rules on "keeping it a secret"

If someone compromised my site/server, I think I would figure it out and take it offline pretty quick. I don't get much traffic anyway - this is just my little hobby site.

I would assume your ISP would shut your connection down until it was fixed, causing yourself grief. & advertising here off all places "Hey everyone i'm runnig a website from my homeserver, come and see if you can pwn it so i can better lock it down" isn't the wisest thing to do.

Again, if it gets "pwnt" I'll take it offline. If I unplug the modem for 10mins, then request a new IP, my SOHO will have Internet access again, and I'll keep the server offline until I can better lock it down. If my ISP shuts me down, I'll call them and explain what has happened, and won't let it happen again.

I was/am tempted to flood your line simply because it's something a skiddie would do, and that is what will happen posting a open request in a publicly viewable medium.

Personally i would of either started a thread in Addicts or PM a view choice members.

Well, if you don't have anything better to do...

I guess maybe I don't fully understand the risk - it seems to me, if I get DDOSed, and it puts me offline, I could just grab a new IP address, and all of the bots that are attacking the old IP will just "time out" or whatever. I'm sure it wouldn't be the first time a skiddie had gotten someone's IP address and DDOSed them? I'm sure my ISP has seen it many times, and may even have preventive measures in place?

I'm just trying to see what I can learn about hosting a site from home!

[mostafaxx]

nice site better than mine lol
http://mostafa-soft.co.cc
the script is doing mush of a good filtering for the input tried Cross-Site Script and sql injection

but you would better find some kind of free hosting after all you use php which is free and open source so you would find mush free hosting out there supporting php and my_sql

make sure you change the path to the script folder the admin page is right there
http://24.155.56.128/comment_script_...dmin/index.php

[wiskic10_4]

Thanks mostafaxx!!!

Was that you that posted all that crap in the comments box!?

Yeah, I need to change the script directory... I will - eventually - I'm not sure how much of a threat it really is? I'd be interested to see if anyone could brute-force their way into it... the username and password is fairly strong and unique...

[mostafaxx]

Was that you that posted all that crap in the comments box!?

was trying to do some buffer overflow but i'mn't much of a buffer overruner ...

any way after thinking a bit i agree you run your own server...
Apache is really great server

and that is a good way to learn how to run it..

[HYBR|D]

is it redirecting any1 else back to here? i've got it working in internet explorer & chrome

firefox ain't re-directing.

[wiskic10_4]

Thanks HYBR|D,

It's not re-directing under any browser for me - I tried:
Under Windows 7 64: IE 8.0 (32 and 64 Bit), Firefox, Chrome 8.0.552.224, Opera v10.63
Under Slackware 13.0: SeaMonkey. Firefox, Konquerer

I'll leave the comments up for the next 48hrs and see if it's redirecting anyone else.