GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   How you secure your website. (https://gfy.com/showthread.php?t=1183315)

muthisdev 01-21-2016 12:06 PM
How you secure your website.
 
Hi GFY!

Those of you on here who have websites: how do you make sure your site is secure?

Those of you on here who have custom coders: How do you make sure the code they write doesn't open you up to hackers? How do you make sure they use best practices?

Those of you on here who have software products: how do you secure your product? What practices do you use? How do you defend against things like SQL injection and arbitrary code execution?

MakeMeGrrrrowl 01-21-2016 12:12 PM
Quote:
Originally Posted by muthisdev (Post 20706737)
Those of you on here who have custom coders: How do you make sure the code they write doesn't open you up to hackers? How do you make sure they use best practices?
You trust your programmer knows what they're doing? That's what I do.

I would trust my programmer with pretty much everything.

Barry-xlovecam 01-21-2016 12:43 PM
  1. Use a premium quality host if you are a smaller website operator.
  2. Always only allow safe user input.
  3. Use well branded open source software so you can see all of the code executed by it.
  4. Learn enough about code to be able to judge for yourself or pay someone who knows so that you can trust their opinion.

muthisdev 01-22-2016 01:44 PM
Quote:
Originally Posted by MakeMeGrrrrowl (Post 20706744)
You trust your programmer knows what they're doing? That's what I do.

I would trust my programmer with pretty much everything.
That makes a lot of sense if you've had the same coder for a long time.

What if you're hiring a new coder?

muthisdev 01-22-2016 01:45 PM
Quote:
Originally Posted by Barry-xlovecam (Post 20706787)
  1. Use a premium quality host if you are a smaller website operator.
  2. Always only allow safe user input.
  3. Use well branded open source software so you can see all of the code executed by it.
  4. Learn enough about code to be able to judge for yourself or pay someone who knows so that you can trust their opinion.
Does anyone on GFY do penetration testing? Do you see it as a service that would be useful on here?

trevesty 01-22-2016 02:06 PM
Quote:
Originally Posted by muthisdev (Post 20707877)
Does anyone on GFY do penetration testing? Do you see it as a service that would be useful on here?
There's a couple guys who do pen testing on here. I'm not sure there's much of a market for it in adult. The big boys(who are usually the least secure from my experience) think they're way more secure than they are, so won't hire outsiders usually. Not many people are willing to pay the premium to make sure they're truly secure in adult, but there are a few who have / do.

deonbell 01-22-2016 02:25 PM
Most people here have small sites. The new thing is bug bounties. Sign up for HackerOne and look at the top guys. Follow them on twitter. I have a hackerone profile, But I am slow and old, So I have found no bugs yet.

One guy gave me $40 paypal and another guy offered me a costume when I found a reflective XSS bugs in their site. You can do that on XSSposed.org. But most of those easy bugs are being found and reported. More people are getting keen on sanitizing their user input.

Just a few days ago a guy found an XSS bug in yahoo mail. They gave him $10,000.
I think he was on Bugcrowd.

Just got through playing with Burp Suite today. Figuring out how it works. Fun stuff. But I probably shouldn't have run the spider function. I may get in trouble for that. Burp acts a proxy between your browser and a site. You can intercept input and change parameters before passing on the data to the site.

kkkkkk 01-22-2016 02:26 PM
http://i.imgur.com/jreSAJF.png

clickity click 01-22-2016 03:15 PM
I use wordpress on shared hosting with some security plugins.
I know it's not ideal..

MakeMeGrrrrowl 01-22-2016 06:05 PM
Quote:
Originally Posted by muthisdev (Post 20707876)
That makes a lot of sense if you've had the same coder for a long time.

What if you're hiring a new coder?
I would cry.

brassmonkey 01-22-2016 06:08 PM
giant bitch named rose

Barry-xlovecam 01-22-2016 07:29 PM
Quote:
Originally Posted by muthisdev (Post 20707877)
Does anyone on GFY do penetration testing? Do you see it as a service that would be useful on here?
I know someone whose brother does penetration testing for larger companies not from GFY :1orglaugh Pete's brother is certified to do PCI audits. People that are qualified to do audits and web server penetration testing are too expensive for 97+% of the audience I see here.

Sarn 01-22-2016 07:49 PM
put your script. adjust to keep the logs on another server.
doing permanent backup on another server.
read logs and constantly monitors the server.
after ferst cracked - look at the logs as and the fixes in it backups
load fixed backups on new server
repeat until the hacks do not stop
You can leave a note for the hacker reward for the found vulnerabilities - This will reduce the likelihood of damage to you.

adultmobile 01-23-2016 08:41 AM
Don't advertise your program in black hat and botnet forums.


All times are GMT -7. The time now is 02:00 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc