Freelancer Community Network
Reminder: Internet Explorer 6 or below are NOT supported.
HomeHome
ForumForum
WikiWiki
DownloadsDownloads
ForgeForge
Multiplayer Connection Tutorial
Collapse/Expand Random Image
Collapse/Expand Login
Username:

Password:

Remember me



Lost Password?

Register now!
Collapse/Expand Chat
Collapse/Expand Who's Online
41 user(s) are online (17 user(s) are browsing Forum)

Members: 0
Guests: 41

more...
Collapse/Expand Donations
Monthly costs: -30€
Income (ads): +5€
Donations (last month): +5€

Current balance: -45€
(last updated 09/2019)

Please make a donation if you want to help keeping The-Starport online:

Bitcoin address:
Thanks!
Collapse/Expand Links
Collapse/Expand Advertisement
There are currently 49 users playing Freelancer on 41 servers.
October. 17, 2019

Browsing this Thread:   1 Anonymous Users



 Bottom   Previous Topic   Next Topic  Register To Post



Request ... Ahhhhh Behack
Home away from home
Joined:
2009/7/30 4:40
From P.R.C
Group:
Registered Users
Senior Members
Posts: 843
Offline
Guys, first i know this topic is not in topic any bit... BUT... I know some people here have great knowledge about website and website security, and I'm a total newbie on that domain.

I'm building a Website. And currently i'm working on programming the PHP script for this site and that is why my mod is hold for long time....

The php script is a CMS system, i named it "ModdingGear". This is a talk group, so nothing is surprise on that. Problem is i'm is a security newbie and i'm not sure i completely solved all security bugs.

So if you guy wanting a chance for hack training about website, Here is the chance.

The Website you can enter HERE

And the Testing Group is HERE

You need signup with real email for activation. Free feel because i don't like to peer for any individual privacy, and ALL data will be flushed when the CMS updated or released.

PS. Don't care about the Buggy BBCode Decode.

Posted on: 2010/7/31 9:12
Open in new window
Sorry for my poor english...
Top
Re: Request ... Ahhhhh Behack
Home away from home
Joined:
2008/5/15 21:52
From Germany
Group:
Registered Users
$$$ Supporters $$$
Senior Members
Posts: 1592
Offline
Be sure to protect your contact form for 'header injections' (search google).

Also, this isn't really a security thing I guess, but you can increase the client's performance slightly if you use relative links instead of absolute ones.

For instance, instead of
Code:
<li><a href="http://gear.letsmod.com">ModdingGear Prototype Home</a></li>


use

Code:
<li><a href="index.php">ModdingGear Prototype Home</a></li>

(assuming that the link redirects to the index page)

Also, absolute links won't work anymore if you move to another webhoster or, if your users decide to host the CMS. Of course I don't know about the PHP part of the code, maybe it is variable there, I cannot say.

Posted on: 2010/7/31 10:18
Open in new window
Top
Re: Request ... Ahhhhh Behack
Home away from home
Joined:
2009/7/30 4:40
From P.R.C
Group:
Registered Users
Senior Members
Posts: 843
Offline
Thank you Bas. But ...actually, the navigation functions or other links(except some links will link to outside of the website) is generated by program, So yes indeed, that's a variable. If you move this website to domain for exp. the-starport.net, the adress will auto change to the-starport.net/blablabla. It's works very good even in the subdir.

I assigned a variable in initializer and smarty engine, it's named {WebRoot}, so i can still dynamically get the current root. Then i just need call {WebRoot}/style/CSS.css.

Posted on: 2010/7/31 11:23
Open in new window
Sorry for my poor english...
Top
Re: Request ... Ahhhhh Behack
Home away from home
Joined:
2008/5/15 21:52
From Germany
Group:
Registered Users
$$$ Supporters $$$
Senior Members
Posts: 1592
Offline
Well, you still get a small performance boost if you change it too regular relative links. Not only that the server will need to calculate a minimum less, but also the client's browser doesn't need to reconnect to the webserver.

For instance, instead of:
<a href="http://gears.letsmod.com/news.php">

use:
<a href="news.php">

You can also specify folders above the current by <a href="../news.php"> or of course also subfolders by <a href="subfolder/news.php">

Paralell folder:
<a href="../paraFolder/news.php">

Posted on: 2010/7/31 13:44
Open in new window
Top
Re: Request ... Ahhhhh Behack
Home away from home
Joined:
2008/9/11 15:55
From Somewhere at Moscow
Group:
Registered Users
FLServer Admins
$$$ Supporters $$$
Senior Members
Posts: 1753
Offline

Posted on: 2010/7/31 22:13
Open Sirius Mod
Top
Re: Request ... Ahhhhh Behack
Home away from home
Joined:
2009/7/30 4:40
From P.R.C
Group:
Registered Users
Senior Members
Posts: 843
Offline
@Bas, Done! For the small performance boost , cheers!

@HeIIoween, I'm trying this, but i don't know if it will give me a approving result. Because i use a unwonted way for URL parameters.

For exp. The standard way is /blablabla.php?topic_id=3268. And i use /blablabla/reply/3268/. I don't know if it supported for this URL. But Thanks, This may useful with my other website.

I got the report:

Quote:
+ Server: LiteSpeed + robots.txt contains 1 entry which should be manually viewed. + Retrieved X-Powered-By header: PHP/5.2.11 + ETag header found on server, inode: 26, size: 1279095637, mtime: 0x0 + /webmail/: Web based mail package installed. + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-3093: /pm/lib.inc.php: This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3093: /squirrelmail/src/read_body.php: This might be interesting... has been seen in web logs from an unknown scanner. + OSVDB-3233: /icons/README: Apache default file found. + OSVDB-3092: /my/: This might be interesting... potential country code (Malaysia) + OSVDB-3092: /pm/: This might be interesting... potential country code (Saint Pierre And Miquelon) + OSVDB-: /wp-app.log: Wordpress' wp-app.log may leak application/system details. + 2886 items checked: 14 item(s) reported on remote host + End Time: 2010-08-03 0:46:00 (443 seconds)


That's interesting, Click here:
http://the-starport.net/index.php?=PH ... 92-11d3-A3A9-4C7B08C10000

Posted on: 2010/8/2 1:45
Open in new window
Sorry for my poor english...
Top