topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday December 3, 2020, 11:18 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - ChalkTrauma [ switch to compact view ]

Pages: [1]
1
Developer's Corner / Black box testing an OSS PHP CMS
« on: July 07, 2010, 10:05 AM »
This question is geared more towards the e107 CMS, but it really applies to all CMS solutions.

I recently developed a website for my wife for her photography.

A few days ago it was hacked by a botnet intrusion. I luckily caught it within hours.

http://php-security....erability/index.html

I pulled it down and nuked the install, and began the post-mortem of the logs. As I looked through all the logs I could see the site continuously being hammered by bots trying to find vulnerabilities. I was actually fortunate that the scripting was so focused on the specific task of turning the site into another botnet node to spread to other machines and send out spam that is did very little damage to any content. 

It was a sobering lesson in web security and what it is like out there in the wild. I highly recommend making sure you compress and save your website access logs and from time to time just skim through them looking at web activity, you can find other cool stuff like where people are coming from to download stuff from your site. I actually found some software reviews for some of my freeware I didn't know existed and found some people deep linking to images on my site that were simply pieces of the site navigation..

I guess for all the time I have been a user of the internet and web technologies I'm pretty naive..

So the next question is what to do with this information.

I know there are some simple steps I can take to lock down what php can do and change some of the CMS file names so the bots can't find them, because they seem to be using profiles to search for known exploits.

But beyond that I think I need to both increase my knowledge so I don't code up anything that lets the baddies in, but I can't know everything an OSS CMS is doing and while an automated solution can't catch everything it is a good place to start.

So I'm wondering if there is any OSS black box testing solution out there that people have used to at least test for the most obvious and common exploits?


2
Finished Programs / DSToolBox for the command line inclined user
« on: November 11, 2009, 10:08 PM »
This is just a collection of command line apps that I developed over the years that lanux128 gave me the idea to release. This is the first bunch I have cleaned up and documented, I expect to keep adding to this collection as time permits. Right now I have 11 in the pack. I've done my best to test them, but I'm sure there are bugs here and there.  Hopefully someone will find them useful.  I don't know how much time I'll have to work on them so I probably won't have many cycles for feature requests unless it is something trivial, but I'll always fix bugs. You can find them here.

share and enjoy  :Thmbsup:

3
Developer's Corner / donation edicate
« on: March 21, 2009, 10:35 PM »
I've been writing freeware as a hobby for over ten years, and only in the last few years have I added a donation link in my applications.. And no one has used it, that is up until yesterday.   :D

Someone sent me, what I consider to be a very generous donation for my text-to-speech plugin for trillian ( TalkBack ).

So, I'm kind of a newbie with this.. Should I send a thank you.. add a donation credits page to my site.. or something else...

What do you guys normally do to recognize someone for their contribution...?


4
General Software Discussion / CLCL and RDP
« on: May 13, 2008, 02:09 PM »
I just recently upgraded my MS Remote Desktop client to 6.0.6000.16386 to allow me to connect to our servers and it seems that when CLCL is running mstsc.exe pegs my CPU and I'm not able to use the shared clipboard. Is there anyone else seeing this behavior?

5
GOE 2007 Challenge Downloads / CFDButton - GOE Challenge 2007 Entry
« on: November 27, 2007, 09:45 AM »
I've got a little app I have been working on over the course of November, how do I go about entering into the contest.. I've seen other apps that do some of the same things, but have some limitations that I think I have addressed. It mainly adds some functionality to the windows common file dialog, like favorites, history, and custom file filters. I found other solutions didn't get the file filtering quite right so I wrote my own.. Small app, coded in C++, portable, so it runs on a usb thumb drive.. Comments and suggestions welcomed..  :D

Anyone interested can have a look here:

http://dreamcycle.net/cfdbutton/

~Cheers

Anyone having a problem launching the app should download the Visuall C++ SP1 runtime from the same download page..

cfd.png

Pages: [1]