Jump to content
xisto Community
XIII

Please Hack My Site

Recommended Posts

Apparently I do not have any open ports. I do actually have like 10 ports opened for programs, so I don't understand why it told me that I had nothing open.

Also, I found this test...

http://bcheck.scanit.be/bcheck/

I think this tests the security of your browser. I am running the test now. It does 40 different tests on Firefox.

Share this post


Link to post
Share on other sites

Apparently I do not have any open ports. I do actually have like 10 ports opened for programs, so I don't understand why it told me that I had nothing open.

I guess that it tests some well-known security holes based on some open-ports which allowed some hacking programs to intrude your computer. This tests means that, although you had open ports for your own usage, the intruding programs were not able to take control of your computer.

Share this post


Link to post
Share on other sites

I think no...
Dont need, please dont do it.

Don't worry. Read the first lines at the beginning of this topic. Only XIII wanted somebody to test his security. first of all, nobody wanted to do this for free. Secondly, he kept secret the URL to be tested, only available through PM.
So, keep cool, nobody will do anything.

Share this post


Link to post
Share on other sites

Well I use something called Accuenitx (or something very similar to that name) Vulnerability web scanner.Now while I wouldn't really recommend it for testing out on a large website already published, if you have happened to, or decide in the future to build your web sites/applications locally, you could run a full on test and it won't take forever (as it will be 100 times or more quicker on local disk, than accessing and thrashing both yours and the server bandwidth).

Share this post


Link to post
Share on other sites

Okay now remove me a doubt...My friend says to me if u insert a hack comand like:010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110010101001110If you inster this lines on a program like apache, this can crash the server...Its true? :P

Share this post


Link to post
Share on other sites

Okay now remove me a doubt...
My friend says to me if u insert a hack comand like:
010101001110010101001110010101001110010101001110010101001110010101001110010101
If you inster this lines on a program like apache, this can crash the server...
Its true? :P

OK, let's explain something.
What you show here is a liste of alphanimerical lettes, zero's and one's.
this is not a binary file.
A binary file is a compiled file, using a compiler. You cannot compile on a server like Xisto.
By the way, even if you were able to submit a binary file, it would not crash the Apache server, it would crash your Microsoft Internet Explorer client. Which is not the only way to crash Internet Explorer, but that's another story.
And, of course, an Apache server works with correctl html files. If you put garbage things in your html page, you will have garbage displayed on your screen. But this cannot crash the Apache server, except in case of severe bugs in the Apache version your server is using.

Share this post


Link to post
Share on other sites

Two suggestions, both of which require some work.

1. Do you have Knoppix? At least as of 5.1.1, Knoppix included Nessus. Do Kicker | KNOPPIX | Utilities, and see if "Nessus Security Scanner" is an option. Caveats: there is a learning curve for using it, and if you uncheck "Safe checks" on the "Scan Options" tab, you'd better have a complete system backup, because it will try destructive penetrations! More information on Nessus is here. There is also a Wikipedia page for it.

2. Shields-Up is a helpful, free way of testing port security. There's a lot there, so it is worth taking some time to explore it.

There are complete custom Linux distributions devoted to analyzing vulnerabilities, but that requires you to dedicate one of your computers to hosting it. (Don't try this in a virtual machine!) They are almost certainly not worth the time it would take you to learn the details of how to use them, unless you plan on making a profession of computer security.

Share this post


Link to post
Share on other sites
Fight Backdoor Injection AttacksPlease Hack My Site

There are so many ways to attack a website, it's just not possible to cater for them all on a constant basis if you're a small company, so the next best thing is to try and cover the most commonly found holes like the ones described in this article, and hope that puts off the intended attacker.We use an automated file system scanner called Eyefile. It's good for detecting any kind of backdoor injection and works for any kind of website.It can be found here:Website-security-tools.Com/Hope this helps.

-reply by Steve

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.