Security check please?

Zhang · 08-14-2006, 05:40 PM

For those of you who know, could you please check my site at http://www.easyshotz.com/ and see if you are able to find any security vulnerabilities? I'm using a php script that I'm totally unfamiliar with, and I want to make sure the site is secure before I start directing too much traffic to it.

Dan · 08-14-2006, 05:45 PM

I'm pretty sure that script is very secure, but I'm trying to do some stuff now.

edit:
It strips out anything after a " and 's do nothing.
You can't do anything like file.php.jpg, etc.

It's secure.

iNod · 08-14-2006, 07:00 PM

The script is made by celeron dude and all security vulnerabilities have been reporting and fixed. I have checked most of the versions, they are all 100% secure. Though there is always new ways.

- Steve

Zhang · 08-14-2006, 07:09 PM

Alrighty, thanks guys, I appreciate the reassurance.

nick · 08-14-2006, 10:07 PM

you need to use htmlspecialchars or something similiar to that function on the registration page

Camron · 08-14-2006, 11:56 PM

It is very secure, but I do not like flat file scripts my self. I heard their was a turkish hacker which can destroy this script in a few clicks, check out CD's forum, it has his IP which you should block.

Dan · 08-15-2006, 05:20 AM

Blocking IP's is pointless. It's not hard to change it, especially if he's any good at hacking.

iNod · 08-15-2006, 09:36 PM

Depends.. I know alot of sites (mainly web hosts) that are using IP DB's to block all IPs from Africa and the Middle east. Not that there is a problem with there it is just that there is 10 times more fraud orders than real order from those areas. Mainly Nigeria.

- Steve

Zhang · 08-17-2006, 11:15 AM

I'm having to second guess the security on this...I can't seem to connect to the site anymore. I'm not sure if it's hacked or what. The information is still in the database, it should be functioning properly, but it's not even coming up.

08-14-2006, 05:40 PM	THREAD STARTER #1 (permalink)
Zhang NamePros Member Join Date: Jul 2006 Location: Gardendale, Texas Posts: 48	Security check please? For those of you who know, could you please check my site at http://www.easyshotz.com/ and see if you are able to find any security vulnerabilities? I'm using a php script that I'm totally unfamiliar with, and I want to make sure the site is secure before I start directing too much traffic to it. __________________ www.affordablehostingdirect.com (Work in progress) www.gimmeanotherbeer.com (Work in progress, not mine, my husband's concept!) www.wow-tlc.com (Complete)

08-14-2006, 05:45 PM	#2 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,796	I'm pretty sure that script is very secure, but I'm trying to do some stuff now. edit: It strips out anything after a " and 's do nothing. You can't do anything like file.php.jpg, etc. It's secure. Last edited by Dan Friedman; 08-14-2006 at 05:52 PM.

08-14-2006, 07:00 PM	#3 (permalink)
iNod Eating Pie Join Date: Nov 2004 Location: Canada Posts: 2,272	The script is made by celeron dude and all security vulnerabilities have been reporting and fixed. I have checked most of the versions, they are all 100% secure. Though there is always new ways. - Steve __________________ I feel old.

08-14-2006, 07:09 PM	THREAD STARTER #4 (permalink)
Zhang NamePros Member Join Date: Jul 2006 Location: Gardendale, Texas Posts: 48	Alrighty, thanks guys, I appreciate the reassurance. __________________ www.affordablehostingdirect.com (Work in progress) www.gimmeanotherbeer.com (Work in progress, not mine, my husband's concept!) www.wow-tlc.com (Complete)

08-14-2006, 10:07 PM	#5 (permalink)
nick NamePros Regular Join Date: Jun 2004 Location: Iowa City Posts: 705	you need to use htmlspecialchars or something similiar to that function on the registration page __________________ formally ninedogger ------ Want to talk to a stranger? -->\| Click Here \| TalkToAStranger.com \| <-- Meet New Friends

08-14-2006, 11:56 PM	#6 (permalink)
Camron Senior Member Join Date: Jan 2006 Location: Portland, Oregon Posts: 2,102 Follow @hostingfuze	It is very secure, but I do not like flat file scripts my self. I heard their was a turkish hacker which can destroy this script in a few clicks, check out CD's forum, it has his IP which you should block. __________________ HostingFuze.com Premium Master Reseller Services \| 99.9% Uptime Guaranteed SLA \| Starting at $4.95/mo Basic Reseller Hosting @ HostFz.com - Services starting as low as $1.95/mo!

08-15-2006, 05:20 AM	#7 (permalink)
Dan Buy my domains. Join Date: Feb 2006 Posts: 2,796	Blocking IP's is pointless. It's not hard to change it, especially if he's any good at hacking.

08-15-2006, 09:36 PM	#8 (permalink)
iNod Eating Pie Join Date: Nov 2004 Location: Canada Posts: 2,272	Depends.. I know alot of sites (mainly web hosts) that are using IP DB's to block all IPs from Africa and the Middle east. Not that there is a problem with there it is just that there is 10 times more fraud orders than real order from those areas. Mainly Nigeria. - Steve __________________ I feel old.

08-17-2006, 11:15 AM	THREAD STARTER #9 (permalink)
Zhang NamePros Member Join Date: Jul 2006 Location: Gardendale, Texas Posts: 48	I'm having to second guess the security on this...I can't seem to connect to the site anymore. I'm not sure if it's hacked or what. The information is still in the database, it should be functioning properly, but it's not even coming up. __________________ www.affordablehostingdirect.com (Work in progress) www.gimmeanotherbeer.com (Work in progress, not mine, my husband's concept!) www.wow-tlc.com (Complete)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)