|
-
July 30th, 2003, 05:26 AM
#1
Senior Member
securing my website?
i run a website www.victorcharlie.net. it has a phpBB forum hosted on a linux box(which i do not have local access too) my server is hosted by venturesonline.com
any way ill just ask this. is there a way for people too see if my website is secure? maybe if some kind people here from ao can help point out vulnerabilities.
THIS IS MY WEBSITE and i can do anything to it to prove so. Is this a strange question?
-
July 30th, 2003, 06:00 AM
#2
maybe if some kind people here from ao can help point out vulnerabilities.
i cant find the thread now but a user once told AO users to test the security on their site ...but it the end it wasnt their site and it almost got lawyers involved ... JP at the end told us ..... dont do penetration testing until you have a contract signed with the company/organization owning the website .... but if you want we would be glad to tell you what are some known vulnebarities etc etc etc ....
http://forums.devshed.com/related/sh...ities+website?
http://astalavista.box.sk/cgi-bin/ro...ubmit=+search+
http://stylusinc.com/Common/AboutUs/WebsiteSecurity.php
-
July 30th, 2003, 06:03 AM
#3
Senior Member
sure...do it up..PM me of couse ;-]
-
July 30th, 2003, 08:39 AM
#4
2.0.4 does have some exploits available. The fixes are loacted at phpbb.com in the anouncement sections. It has to do with a vulnerable file that may give the user admin privlidge, and also may allow them to acces to the webserver, and maybe even etc/passwd if they are good.
Goto www.phpbb.com for more information.
-
July 30th, 2003, 10:51 AM
#5
PhpBB 2.0.5 have exploits too on SQL injection, what version phpBB do you have?
Not an image or image does not exist!
Not an image or image does not exist!
-
July 30th, 2003, 04:58 PM
#6
Senior Member
-
July 30th, 2003, 06:34 PM
#7
Just keep up to date with some vulnerability lists or maillists. There are hundreds of those.
The vuln's pointed out by xmaddness and sweet_angel can both be found on securityfocus:
http://www.securityfocus.com/bid/7932 and the fix: http://www.phpbb.com/phpBB/viewtopic.php?t=113826
http://www.securityfocus.com/bid/7979 and the fix:
http://www.phpbb.com/phpBB/viewtopic.php?t=112052
the sql injection (second) makes both 2.0.4 and 2.0.5 vuknerable, but is very unlikely to be used because of its needs like rioter pointed out in another thread about the same
only works if you have register globals on and you would be stupid to have that on anyway
p.s.
this is my ****ing 500th post *shrug*
-
August 11th, 2003, 05:56 AM
#8
Senior Member
i still havent found any weakness' on my site, but i heard from irc that /cpanel websites hosted on linux boxes are vulnerable
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote