Results 1 to 6 of 6

Thread: website security

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    219

    website security

    Hi all,
    I have just created and uploaded a website of my own.

    I just wanted to how to check for the loopholes or vulnerabilities for it. And what things should be checked to make sure of it security?

    PS: There is no database connectivity. Its a plain HTML/Javascript site.
    Now is the moment, or NEVER!!!

  2. #2
    AFLAAACKKK!!
    Join Date
    Apr 2004
    Posts
    1,066
    Well, I would first check the source code of course. Is there some kind of admin utility that lets you upload the site remotely? If so make sure your directories are not world readable. Make sure your directories arent world readable anyway, there is no reason for ANYONE to be in a directory. Are there any input areas where you can put in any string variables? Those tend to be insecure, make sure those are secure. Thats all for now
    I am the uber duck!!1
    Proxy Tools

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    I'm guessing since you said you uploaded it that it's hosted elsewhere. Basically you should hope that your host keeps up to date with patches. If your host doesn't, then there is a chance that there maybe be a vulnerability in something such as the ftp server. And that may allow them to gain full access to the host. What you probably want to is make sure you have a strong password on whatever you use to upload. You don't want it to be brute forced or anything. Also be careful with directory permissions. If you have a directory with no index, you probably don't want the users to get a directory listing when they navigate to that directory. That will probably be turned off on the host, but if not you can set permissions to only allow executing, not reading on the directory. As for your code... I'm not too good with that aspect. Just keep it clean . lol. Good luck and I hope your site is a success.

  4. #4
    ello theres this software that ive use a demo version then try it on my website got a good report on your security try to visit this site..

    http://www.securityconfig.com/softwa...y_scanner.html

    you can use this to scan your page and find out its vulnerabilities using exploits on HTML scripts and the risk involve... etc and also your server status and how can you fix it... hope this help a little bit on what your looking for...

    have a happy day

  5. #5
    AO Decepticon CXGJarrod's Avatar
    Join Date
    Jul 2002
    Posts
    2,038
    Now I hope you have set this up on a machine on YOUR network right? If you scan someone elses network and/or try to exploit weaknesses in the webserver you can get in trouble. If its on your local network, then have a good time. Also, make sure to scan the computer with the webserver on it from another machine or you will get weird results.
    N00b> STFU i r teh 1337 (english: You must be mistaken, good sir or madam. I believe myself to be quite a good player. On an unrelated matter, I also apparently enjoy math.)

  6. #6
    Senior Member
    Join Date
    Jun 2003
    Posts
    219
    Hey, thanks guys for all this stuff!!
    yes, it is hosted on yahoo (geocities) so no virus threats...
    and The Duck, as u said, i checked the source code... (heretic) and directories.. all seems fine...
    i havent tried that website yet, but will do that too..
    ther's one password field, n i tried to make it as secure as i can!!
    anything else, i need to check??
    do tell me!!
    Now is the moment, or NEVER!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •