Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Friday, April 25, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 21
Members Online: 3

Registered Members: 82906
Newest Member: ilija
Latest Articles
View Thread

HellBound Hackers | Computer General | Webmasters Lounge

Page 1 of 2 1 2 >
Author

My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-01-09 20:29
ok so I started to work on my first web site. Having done this for quite a short period of time, and doing php just couple of days, it wasn't that easy... Smile The css isn't fully mine (consulted a book and couple of web pages), but I'm constantly re-defining it and trying to make it 'mine'Smile

I still have to finish quite a few things, styles for forms and guestbook, there will be right column for the blog page, home page needs a little work, and the corners of the head image have little different colour then background. And lastly search, which probably will be the biggest struggle.

Also later on, I'd like to add 'anti-spam' feature for the guestbook, so you would have to wait after like 2-3 posts say 30 minutes(settin $_SESSION['post'] and then just adding for each post), just can't work out how to manage the session, so it expires after the defined time...

I tried to keep it simple, layout is typical bloggy thing, and there's just one image used.

I would appreciate any criticism regarding to design, and of course go nuts testing the securitySmile Also the admin username and pass are hardcoded, so don't bother with injections Smile
If anybody was willing to check my source, since my php skills aren't the greatest (started to learn 3 days agoSmile), to just sort of point out the biggest mistakes, which concepts are wrong etc, I'd really appreciate it. So just gimme shout and I can send it to you...

Anyway now I'm gonna stop babbling, and here you go Wink

http://clone.100w. . ./index.php

EDIT:Totally forgot, despite having 'valid XHTML' imageSmile, there are couple of html errors in the essay page, that I can't get rid of without messing up the layout, so if you could have a look at thatSmile


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 25-01-09 20:44
clone_4@hotmail.com
Author

RE: My first web site


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-01-09 21:05
I took a quick look on the website...

First of all, fix the php code in the guest book!
If I try the null byte as an input or try to inject JavaScript, it redirects me to
http://localhost/slaw/index.php?page=guest

Don't put a link for the admin section...

Host on freehostia.com , it is good and banner free...

The design needs some enhancements... Try to make your page wider...



Author

RE: My first web site

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 25-01-09 21:16
Should add this:

Code
<script type="text/javascript">
void(document.getElementsByTagName("div")[0].style.display="none");
</script>





img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png



Edited by SySTeM on 25-01-09 21:37
http://www.elites0ft.com/
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-01-09 21:25
moshbat wrote:
That is ... Awful.


C'mon I know it's not exactly a 'winner' I am able of self criticism, but what I'm looking for isn't 'wow your site is great' or 'it sucks', but rather where I went wrong, and what exactly is awfulSmile



Shit, n1 forgot about that

system_meltdown wrote:
Should add this:

<script type="text/javascript">
void(document.getElementsByTagName("div"Wink[0].style.display="none"Wink;
</script>


Ok thanks for that

454447415244 wrote:
I took a quick look on the website...

First of all, fix the php code in the guest book!
If I try the null byte as an input or try to inject JavaScript, it redirects me to
http://localhost/slaw/index.php?page=guest

Don't put a link for the admin section...

Host on freehostia.com , it is good and banner free...

The design needs some enhancements... Try to make your page wider...


Well especially the js validation sucks, since even if it returns check false, it still processes it to the post.php Sad
The admin link was there just teporarily, so I can move little faster, doesn't make that much different, since the folder is called /admin/ (gonna change it laterSmile)

Thanks for the web hosting tip.

And the 'desing' Smile is done on 10inch lappy, so I didn't exactly have the right measures

So far so good, any suggestions, I think I might change the colour scheme to something little more 'live', like blueish combination...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-01-09 21:32
moshbat wrote:
Design. Awful. Able to view files within a directory. Awful.


Well no comment on the first one, ain't gonna argue or defend, it's not great, but I consider it 'not all bad' for a first attempt Smile For the latter though, I should restrict this by .htaccess, since if I just change rights, the scripts won't be able to read the files either right?


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: My first web site

SySTeM
Member

Your avatar

Posts: 1524
Location: England, UK
Joined: 27.07.05
Rank:
HBH Guru
Posted on 25-01-09 23:00
clone4 wrote:
Also later on, I'd like to add 'anti-spam' feature for the guestbook, so you would have to wait after like 2-3 posts say 30 minutes(settin $_SESSION['post'] and then just adding for each post), just can't work out how to manage the session, so it expires after the defined time...


Using sessions for an anti-spam feature wouldn't be too great, as session cookies can just be cleared, so it wouldn't be ultra-effective.


img138.imageshack.us/img138/6527/sig2ak1.jpg
www.hellboundhackers.org/sig/r/2783.png

http://www.elites0ft.com/
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 25-01-09 23:07
system_meltdown wrote:
clone4 wrote:
Also later on, I'd like to add 'anti-spam' feature for the guestbook, so you would have to wait after like 2-3 posts say 30 minutes(settin $_SESSION['post'] and then just adding for each post), just can't work out how to manage the session, so it expires after the defined time...


Using sessions for an anti-spam feature wouldn't be too great, as session cookies can just be cleared, so it wouldn't be ultra-effective.


Well then I can only think of something ip based, but for that you have proxy... Any alternatives ?

@mosh: thx, done that Smile


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 25-01-09 23:08
clone_4@hotmail.com
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 26-01-09 17:16
moshbat wrote:
I would simply use IP-database... As for proxies, how many are you willing to go through to post a load of spam? I mean, to make another post, you have to change to another proxy... Even with a script it's a pain in the arse.
Anyway, you could just use a feature that would disable any further posts for... say, 30 seconds after something has been posted.



Not a bad idea, but still this isn't issue right now, I'm brushing up my PS skills and trying to refine the layout a little, get little better graphics there and get interesting colour scheme that's the issue Smile I'm gonna leave the site on for now, because I work with the local version, and as soon as I will get some significant improvement, I will change it on the domain


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl

clone_4@hotmail.com
Author

RE: My first web site


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 26-01-09 22:04
moshbat wrote:
Design. Awful. Able to view files within a directory. Awful.


I agree, but since you're not being in the slightest bit constructive about it perhaps we could see your portfolio of web design? And to think, I thought admins were here to be helpful, not to sit on their throne and just talk about how awful everyone's work is.

With that said, yeah you need to work on your design skills. What software do you use to design it? I know a lot of people will tell you that you shouldn't use programs like dreamweaver, but they can be excellent for at least doing a layout, and can give you much more capabilities than you could with notepad, and it cuts down on time very heavily. I'd recommend you download dreamweaver and start looking up tutorials; I'd be more than happy to help you with it.
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 26-01-09 22:58
Ok rehosted http://clone4.fre. . .

couldn't be arsed for now to upload the whole thing, so only index is there, since I've changed only the design.
I started to brush up on my long time unused PS skills and tried to fashion something, nothing too 'final' but sort of first draft of header and footer(btw tutorial helpedSmile).

Oh and I know, little too blue Smile

edit:almost forgot something again, I made the images quite big(because of unused resolution there), so they load a while, but don't worry learned from that mistake, and now making them smaller Smile

slpctrl wrote:
With that said, yeah you need to work on your design skills. What software do you use to design it? I know a lot of people will tell you that you shouldn't use programs like dreamweaver, but they can be excellent for at least doing a layout, and can give you much more capabilities than you could with notepad, and it cuts down on time very heavily. I'd recommend you download dreamweaver and start looking up tutorials; I'd be more than happy to help you with it.


Thanks, I will try to give it another shot and we will see, the first design was just rushed thing, 5 minutes in ps and done, I was just really happy to finally have my own design. So now I can focus on the quality. and DW produces really shit code, alrady worked with it before.
I will hit you up though, in case I needed any help, if you don't mind


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 26-01-09 23:20
clone_4@hotmail.com
Author

RE: hey


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 27-01-09 03:19
dude jesus those 2 servers u posted are fucking littered with holes clone4 im surprised ill say this referrer clint ip and a few other things are injectable
which may not pose a huge problem but look into it:ninja:




Edited by on 27-01-09 03:26
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 27-01-09 19:33
moshbat wrote:
By the way: I did "design" pen 2 to look shit. Gives the impression of... A skiddie, methinks.


GrinGrinGrin

anyway again update, I played around with font sizes, positions, familiies etc, and still playing, now looking into table formating for the guestbook. Also I was trying to update with the guestbook, so it would show only number of posts in several pages, but no success so far. Also not sure about the main patter, I tried different shadings styles etc., but this one looks the best so far. I would also like to add some images to make more alive.

shit and mysql yet to be configuredSmile

http://clone4.fre. . ..com/slaw/


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 27-01-09 19:35
clone_4@hotmail.com
Author

RE: My first web site


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-01-09 05:26
slpctrl wrote:
I agree, but since you're not being in the slightest bit constructive about it perhaps we could see your portfolio of web design? And to think, I thought admins were here to be helpful, not to sit on their throne and just talk about how awful everyone's work is.

Exactly. You make me sick.
Author

RE: My first web site

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 28-01-09 21:35
Yea define, who the hell are you to speak up? You only have one post and are obviously not qualified to have an opinion. Admins are always right in what they do and say and to defy them is a crime...

Seriously, though, mosh, I gotta agree with slp and define on this one. I didn't say anything originally because you did turn around and help him out, but criticism is only helpful if it proves something. 'Fuck you's and 'You suck's might make a point, but they don't help improve anything, do they? (no)

clone4's site may have been atrocious, but it was his first try and he's obviously working on it. I must say that it has improved since his first post and that some of it had to do with your help. I doubt he would have noticed the holes that you did and some idiot would have exploited it. Everyone overlooks something and needs an outsider's opinion. If they're scared to ask for it, then who really wins?


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 28-01-09 21:56
Firstly I'd say to anybody who is flaming mosh for his 'harsh' criticism to gtfo. He may have been lacking some specifics at the beginning, but that single first post helped me to get back to earth and realize, that well the desing was bloody awful, and made me to do something with it.
Secondly as said previously he helped to fix some security issues I would most likely would've overlooked until the very finish of the website, so basically so far he has been the most useful person in this thread.

on topic: thanks mosh I cleaned the pattern myself, trying to soften the seams, and also toned it down a little, so it's more readable with the white font. Besides that, soon I should be finally finishing guestbook, and after that I can start to add further functions etc.
(changes including the new background NOT uploaded yet)Wink

also thanks to everybody who actually brought something useful to this thread...






[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 28-01-09 22:27
clone_4@hotmail.com
Author

RE: My first web site

Futility
Member



Posts: 725
Location: USA
Joined: 17.12.07
Rank:
God
Posted on 28-01-09 22:41
Really clone? Really? What helped you more:
That is ... Awful.

or when he actually went through and gave you real advice? Wouldn't it have been easier if he just told you what was wrong with the layout without you having to ask for it a second time? Anyway, I've got nothing against mosh. As a matter of fact, most of what he does entertains me. I just hate to see a thread go to waste because of mindless retorts.

That being said, I have to admit that the background image still makes my eyes bleed. It's too... bright and color change-y. I'm more of a fan of solid, darker colors. Using a site with a bright colors as the background is like staring at a lightbulb and I hate staring at lightbulbs. I'd also suggest making the links to the different areas of the site smaller because the guestbook one goes off the image.


i252.photobucket.com/albums/hh11/zanimabean/Zim.png
Futility91@hotmail.com Futility91
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 28-01-09 23:57
Futility wrote:
Really clone? Really? What helped you more:
That is ... Awful.

or when he actually went through and gave you real advice? Wouldn't it have been easier if he just told you what was wrong with the layout without you having to ask for it a second time? Anyway, I've got nothing against mosh. As a matter of fact, most of what he does entertains me. I just hate to see a thread go to waste because of mindless retorts.


Nope, what I meant that that helped me to get real, and realize how much it really sucks. And as you can see, there isn't much left from the original design...


That being said, I have to admit that the background image still makes my eyes bleed. It's too... bright and color change-y. I'm more of a fan of solid, darker colors. Using a site with a bright colors as the background is like staring at a lightbulb and I hate staring at lightbulbs. I'd also suggest making the links to the different areas of the site smaller because the guestbook one goes off the image.


Grin ok toned down a little more and blurred, for me it's now quite comfortable to read the text.
What browsers are you using, because that is one of the biggest issues, it's about cross-browser as my ass, so far tried only mozilla and chrome, and that worked (too scared to open it up in IE).
Fixed unsorted lists and couple of little bugs in styles, and added (very very) rough idea how the guestbook could look like Wink


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 29-01-09 00:05
clone_4@hotmail.com
Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 31-01-09 00:16
ok just a quick update, the general draft is coming to a finish, almost all the dynamic content is coded. Now I'm able to add/edit/remove blog entries, as well as delete guestbook entries. I also coded very simple search, for now only going through the essays database and spitting out the links that contain searched term, gonna extend it on blog later on, as well as sorting result by relevancy (oh and also added funky highlighting of the searched term) the whole thing is still buggy though and isn't really ready for implementation Smile I moved a little with the guestbook design, but it still needs some(read a lot of) work.

Ok so check it out here: http://clone4.fre. . ..com/slaw/
Still appreciate any suggestions, opinions and of course pen testing, because I haven't had energy for that and I'm still picking up coding in php Smile
If anybody wants to test out the admin functions just give me a pm, and I will send you user/pass (would've posted it here, but want to avoid some troll/retard to take it and mess things up)


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 31-01-09 00:19
clone_4@hotmail.com
Author

RE: My first web site


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 31-01-09 00:38
Use javascript and php to limit the characters allowed on the guest book for the name and for the text, it is creating an error after posting and also defacing the page look...
Also, break the text input into lines with carriage returns...


Author

RE: My first web site

clone4
Member



Posts: 586
Location: He is back and he's bad!
Joined: 25.11.07
Rank:
Mad User
Posted on 31-01-09 00:44
454447415244 wrote:
Use javascript and php to limit the characters allowed on the guest book for the name and for the text, it is creating an error after posting and also defacing the page look...
Also, break the text input into lines with carriage returns...


I think there is limit in php for the textarea, but no error, and so far only checks for presence of both fields are in place.
Thank for mentioning the other things, had them on my to do list, but somewhere at the very vey deep bottom Smile
Also I was thinking about it and there might be couple of null byte and even sql injections in the new functions, but I'm really tired, so going to fix it tmrow.

edit:just limited the number of chars, I know it still spits out error message about the header, but I have to redo whole block of coditionals for that...


[img][/img]img164.imageshack.us/img164/5713/perlvl0.jpg

clone4.freehostia.com/ubuntu_3.png
spyware - "They see me trollin'..."
<yaragn> ever seen that movie? The Matrix?
<yaragn> with those green lines of flying text?
<yaragn> *THAT'S* Perl



Edited by clone4 on 31-01-09 00:54
clone_4@hotmail.com
Page 1 of 2 1 2 >