mahesh2k

Hey Starscream
 
Good to see you here again mate
 
Off topic, Stackoverflow lately seems to have 2 types of people in masses, the idiots & the entitled... I tried getting help only to be shunned by the "smart" people there... Don't get me wrong, some have been really helpful but mostly, if you pose a L1 question, you might get shafted >_>
 
Coming to your question... I am probably going to be useless since I don't know what you are working with.. But I hope you have already referred to the guide given here :-
 
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
 
http://forums.xisto.com/no_longer_exists/
 
http://joshduck.com/blog/2008/04/05/securing-your-php-code-xss/
 
If these are rehashed links, please ignore.. You could add more to this topic by sharing what you know about XSS

XSS Attacks - Your Site may get hacked anytime! But, Don't Worry.. Most of the hackers are stupid... who blindly copy some instruction on some forum or mailed by some friend. a Lot of cases, We read are usually automated programs hacking different computers. I have left Pretty INSECURE CODE flying on the Web and checked the logs 2-3 years later, to find out -- not a single soul was interested in my Security HOLE. I m sure, Even you could had Hacked my Site - If you were that Borreddd n joblesss.
 
Well - Most of the hacking - I believe is Pretty Automated. The Hacker just wakes up to see the sites his script could infect over night and enjoys his cup of tea in the morning - checking the nice report. Now, You may Wonder why Some guys do not like to Read NewsPaper in the morning.
 
Why XSS - Some anti-virus guys found it Cool to name it XSS. Whats the logic behind - CROSS SITE SCRIPTING??
Its just "HACKING" an online Website. Either for 1 person information - OR - Many Peoples Database - OR - the Server Resources.
 
Here, is a Pictorial Representation I copied from another site that may help ...
 
 
If you think - How can a Website be Hacked ?? -- as a PHP/Asp or any Web Programmar, Knowing the Answer to this Question can prevent you from a lot of Trouble. Before I begin... I would like to say that a Hacker might not be interested in your Website .. but may be his intentions are simply to hijack your Webserver and exploit the Resources or Even use it as a Base for a Wider Attack. Ultimately, Your Server is also a Computer and hackers love computers - especially Computers with a Rocking Internet Connection.
 
So, a Loop Hole is what makes Hacking Possible. NOT NECESSARILY, It has to be a BUG in a software.
 
an Example would be - Carefully Studying the Default Configuration of PHP or APACHE (or many other softwares)
Some Values in the Default Configuration may prove really Helpful to hackers (AS THEY were probably ment for Development).
 
Some Attacks use the general Ignorance of Fresh Coders who are a little lazy or lack the knowledge about Securing your Variables.
 
Every program has an input and an Ouput.
As a Coder, You must DOUBT the values / variables that come into the code/program from the user or outside world. Most of the Variables can be Modified (eg. the HTTP referrer tag - google it to find out how it can be spoofed) Now there is no level to which you may wanna go Secure and Write those extra lines of Code to check your Data at every check-point. Well, IF Your Program hits Popularity and Half the World is using it.... Please be assured, Some jerk will take that extra effort to easily break in through your code (assuming - you have given the code to the world as open-source) - Like you Guessed, Open Source is like offering the Blue Print of your Fort to someone. It would be Ok to Say - most open source software after years of testing are Pretty Bug Free and Hacker Safe. But using Open Source is more In-Secure as He welcomes the Risk of Massive Automated attacks - Programs that were made to break your Great Open Source code!
 
Hence, Preventing XSS attacks is possible if you have a Good Knowledge / Experience of not only PHP but also the Server Software running PHP (eg. apache, nginx etc..)
 
The No. of Situations in which PHP can be abused are many many many..... Learning Each and Every Trick is Important to Secure your Code. If you find SUCH pages Googling.. Please Share! The Objective of this Topic should be to help readers with all "Common" mistakes of coding.
 
Anyway - Summarizing, XSS is plain hacking of websites for sensitive data. But XSS sounds very lame to me - may be because it rhymes with CSS - which is not even a REAL programming language.

We are creating Microsites to basically Compete with this NEW BLOG outburst on Google. Sadly, I must do SEO and Yes, It is of more priority because my Hosting business mainly depends on the the Marketing offered by my Community. I feel sad wasting time on SEO myself and even bringing the topic out. But We can always use every moment as an opportunity to improve .. and hence, here we are discussing this new Microsites Concept.

I can create Microsites from Categories / Forums OR the best part is - Simply from "Keywords". Say, All Topics related to Google Books will be a microsite called "Googlade.com". So, This is possible - but I felt, It will lack the human touch as the entire MicroSite will be 100% Auto-Generated by Searching for those keywords in Forums. Topic Forums will be meaningless as some topics may be fetched from really irrelevant forums.

Unless We decide to have a Unique Theme for each Microsite, I can make the same script work for all the microsites. So Basically it will be 1 Program on Server that creates Multiple Sites. No Waste of time... as such.


Hahaha... Right, thanks.. I wish... That's why I want to focus on SEO

I understand... I will do my best to have it as automated as possible - to save time. If Each Microsite is using Same Structure template, then there will not be much work.


Yes, Forums are messed up.. there are just tooo many. We will organize the forums once we decide how the microsites will be made. Either we Do by Manual Forums split into microsite OR create microsites using keywords. There is no rush. Unlike before, Now I got nothing to lose.

No antivirus is 100% effective. Nowadays, more of the focus is generalized around malware, to include spyware, Trojans, and other malicious code. 
Personally, I run Norton Internet Security Suite 2009 to give myself some sort of an illusion that my PC is secure. I also utilize Panda's scan services and Malwarebyte's Anti-Malware for full manual system scans just to make sure... and even then, I'm not 100% satisfied.
 
It still boils down to individual usage habits. If you indulge in risky behavior or peruse in popular attack venues (like social networking, sharing files with others, and even Internet shopping), you can fall for a lot of socially-engineered attacks, let a virus or Trojan into your system, etc.

Here is a few salad dressings that you can top your favorite saladButtermilk Herb Dressing3/4 cup buttermilk1/2 cup miracle whip1/4 cup sour cream or plain yogurt1 teaspoon dried parsley1 teaspoon italian dressing3/4 teaspoon onion powder3/4 teaspoon garlic powder1/4 teaspoon salt1/4 teaspoon black pepperWhisk all ingredients together in a bowl. Cover and stick in the fridge :)You can also use the said ingredients above, and replace the garlic and onion powder and put in 4 ounces of crumbled blue cheese, and it will become Blue Cheese DressingHoney Dijon Dressing3/4 cup sour cream or plain yogurt1/4 cup Dijon mustard1/4 cup honey1 tablespoon cider vinegarWhisk all ingredients together in a bowl. Cover and stick in the fridge1000 Island Dressing3/4 cup Miracle Whip1/4 cup ketchup1/4 cup sweet pickle relish1 hard-boiled egg, dicedWhisk all ingredients together in a bowl. Cover and stick in the fridgeThats all for now guys, enjoyI will also post some good salad recipes up later