Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums CSS Website Hacking. I Have A Question

  • This topic is empty.
Viewing 4 posts - 16 through 19 (of 19 total)
  • Author
    Posts
  • #143348
    CodeGraphics
    Participant

    I know servers can be hacked, but that is beyond my jurisdiction. My host will have to take care of that.

    Well, I started searching about whether a static website could be hacked and I landed here: https://www.mavitunasecurity.com/

    I downloaded their free website scanner. I installed it and entered my url. What the software does is to try to hack your website. It’s like penetration testing. The exercise lasted nearly an hour and I washed as the software was unleashing these attacks:

    Cross-site Scripting
    SQL Injection (Blind)
    Command Injection
    Local File Inclusion
    Remote File Inclusion
    HTTP Header Injection
    Remote Code Evaluation
    Web App Fingerprint
    RoR Code Execution
    WebDAV
    Open Redirection
    Expression Language

    on the website. I actually received about 300 junk emails from the software during the exercise. And I found out that the html5 ‘require’ was actually bypassed in some cases because I actually received an empty messages which shouldn’t have gone through ordinarily. After, the exercise, the website remained intact.

    I guess the reason is because the form data actually will be sent to a gmail account and not to a database. I think gmail actually prevented the software from hacking the website.

    Well, I am becoming more concerned now about web security. I will really like to learn how to tighten up websites and databases from malicious attackers.

    #143351
    Senff
    Participant

    > I know servers can be hacked, but that is beyond my jurisdiction. My host will have to take care of that.

    You asked if your site could be hacked. We replied that it could. Who cares whose jurisdiction it is?

    > I downloaded their free website scanner. I installed it and entered my url.

    If you do that kind of stuff, I wouldn’t just say that your site CAN be hacked, but it probably WILL be, sooner or later.

    > Well, I am becoming more concerned now about web security. I will really like to learn how to tighten up websites and databases from malicious attackers.

    Don’t install free website scanning software would be a good start!

    #142908
    Subash
    Member

    @traq
    > If you’re on shared hosting, there is no security. You’re wide open.

    I don’t agree. Shared hosting is secure but you have to choose the right host not those $1 hosts. Media temple has shared hosting (which I use) and I’m sure it’s secure enough.

    #142903
    Alen
    Participant

    Host provider can only do so much. If one of the sites on your shared host builds crappy app and lets “hackers” in… your site is as safe as his.

Viewing 4 posts - 16 through 19 (of 19 total)
  • The forum ‘CSS’ is closed to new topics and replies.