Welcome to Geeklog Tuesday, November 19 2019 @ 04:09 pm EST

Geeklog Forums

Hideaway.Net has been Geeked!


Anonymous

Anonymous

Hello all - we are a fairly young internet security company and have just switched our portal over to Geeklog! You can check out the site here. I chose Geeklog mainly to use its news story and block features - as you can see the site has Many many static pages too and will keep growing as we add more content. All comments are welcome, and many thanks to all who have put in so much work to develop this software.

 Quote

Status: offline

Jason

Forum User
Newbie
Registered: 17/12/01
Posts: 14
You may not know this, but GeekLog was originally written to run the securitygeeks.com web site. Smile The site ownership transfered to the Shmoo Group over a year ago. -Jason
You are all a bunch of freaks!
 Quote

RyanKaz

Anonymous
That's one of the reasons I chose Geeklog over other portal apps - it actually was written with security in mind! I wasn't about to put up PHPNuke and have our -security- site hacked every other week. =) Anyway we linked up to securitygeeks.com, feel free to do the same or use our RDF if you'd like.

-Ryan
http://www.hideaway.net

 Quote

Status: offline

amckay

Forum User
Full Member
Registered: 23/03/02
Posts: 180
You're a security company and you left your /path/to/geeklog wide open? The point of the "public_html" directory is to point your 'document root' at it so that your webserver only gives direct access to anything under that directory. You've got your entire GL hierarchy accessible via the web. Not at all secure. I can't say I've found a way to hack such an installation, but I can assure you it is an extremely insecure practice. In general you want to hide all you can from being directly accessible via the web, and only have those things accessible which are absolutely necessary. In GL terms that means only your public_html. e.g. I can directly execute your config.php script by pointing to : http://www.hideaway.net/home/config.php. Maybe that doesn't cause problems, maybe it does. Either way this file and most of the rest of your GL install should not be directly accessible via your web server. cheers, -Alan
 Quote

All times are EST. The time is now 04:09 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content