What do you think of my site?

[HYBR|D]

nevermind, i spotted what i was doing wrong.

i visited the gentlesource site and i couldn't find the free version, would like to put a copy on my local server so i can really pull it apart and see how it works.

you should be able to get the favicon to re-appear by having it called in your header, have the icon in the root directory of your public_html/ folder

GoDaddy are alright to get cheap domain names, but everything else they sux at.

[wiskic10_4]

This is where I got it: http://www.gentlesource.com/comment-script/

I'll try to rig-up the favicon later - I had a "discussion" with one of their tech-support guys - his recommendation was just to pay more and let GoDaddy host the site for me.

I told them that I used to use a free redirect service (.co.nr) for the site and the favicon worked fine with it, and I thought it was a little ridiculous that a paid-for domain would have less functionality than a free one.

But they were not sympathetic to my cause.

Anyway, I'm pretty sure I tried to put the favicon code in several of the sections they offer inside their "frame" but couldn't get it to work - I'll have another go at it in a bit.

[The_tyrant]

you know, this is a great hacker trick
go on a forum, ask for a pentest, and let other people find the vulnerabilities for you

anyways, i trust you enough, and i am working on finding vulnerabilities for your site

anyways, currently your safe

[wiskic10_4]

you know, this is a great hacker trick
go on a forum, ask for a pentest, and let other people find the vulnerabilities for you

Oh yeah? I have another site too - just a little side-project - it's at http://www.foxnews.com/

Let me know what you find there

anyways, i trust you enough, and i am working on finding vulnerabilities for your site

Trust me enough? Based on what? Rule number one of compsec: TRUST NO ONE!

anyways, currently your safe

Thanks for that.

Nah, but no one has busted the comment script yet, and I've only seen a handful of brute-force attempts at ssh (which locks out after 5 tries). One guy tried a redirect script in the comments box, and another guy tried - well, idk wtf he was trying - a "buffer overrun" of sorts?

Anyway, so far so good. If I can put it up on a site like this and it's not completely defaced or knocked offline after 3 days, chances are I'm pretty safe against the casual attacker. Which is all I care about. I'm sure if someone really wanted to, they could get in or take down the site - but they'll have to put some work in. Ninety-nine percent of anonymous attackers will just move on to something easier.

[metguru]

Nah, but no one has busted the comment script yet, and I've only seen a handful of brute-force attempts at ssh (which locks out after 5 tries). One guy tried a redirect script in the comments box, and another guy tried - well, idk wtf he was trying - a "buffer overrun" of sorts?

May or may not have been me no ill intentions though.