Follow us on Twitter!
Your life is ending one minute at a time. If you were to die tomorrow, what would you do today?
Thursday, April 24, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 26
Guests Online: 23
Members Online: 3

Registered Members: 82895
Newest Member: kevy90
Latest Articles
View Thread

HellBound Hackers | Computer General | Increasing Security

Author

Secure comment box

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 14-07-09 02:53
I set up a comment box on my site that uses php and flat file databases, since the person who hosts my site was worried about cpu usage of mysql, however I took it down because I was worried it wasnt very secure. Well, in fact, to be honest it had no security at all. I'm going to install a check to not allow posts containing <,>,[, or ], and not allow people to post more than once every 24 hours.

Is there anything else I need to do to increase security of it? Perhaps another filter or image verification system to stop spam?


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .
http://www.stealth-x.com
Author

RE: Secure comment box


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 14-07-09 02:58
Is Google broke?




Edited by on 14-07-09 02:59
Author

RE: Secure comment box

spyware
Member



Posts: 4192
Location:
Joined: 14.04.07
Rank:
God
Warn Level: 90
Posted on 14-07-09 03:02
theflash wrote:
Is Google broke?


Interesting question. They actually had to lay a few people off due to the effects of the (latest) economical crisis.

@OP;

Try installing an IDS. I can recommend this one: http://php-ids.org/

See sla.ckers.org for occasional updates on web app security.



img507.imageshack.us/img507/3580/spynewsig3il1.png
"The chowner of property." - Zeph
[small]
Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term.
- Carl Sagan
[center]�Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor?� - Ebert[/ce
Author

RE: Secure comment box

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 15-07-09 05:56
theflash wrote:
Is Google broke?


I had done a bit of googling, however when it comes to the security of my site (which had recently received a whole bunch of pen testing) I thought I would ask for a more complete opinion, especially since im not sure exactly which ways a comment box could be exploited.

spyware wrote:

Try installing an IDS. I can recommend this one: http://php-ids.org/

See sla.ckers.org for occasional updates on web app security.


Thanks, I never knew they made ids's for webapps, i'll definitely be adding that in.

MoshBat wrote:

Rather than stop posts, just remove the offending symbols.
Some of them are used in smiley faces, and could remove genuine comments.


Good point. I was aware that I would be stopping quiet a few posts, but I had forgotten how often they get used in smilies and such. thanks


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .

Edited by stealth- on 15-07-09 05:57
http://www.stealth-x.com