Welcome to Geeklog, Anonymous Thursday, October 10 2024 @ 11:12 pm EDT
Geeklog Forums
Hideaway.Net has been Geeked!
Anonymous
Anonymous
Hello all - we are a fairly young internet security company and have just switched our portal over to Geeklog! You can check out the site here. I chose Geeklog mainly to use its news story and block features - as you can see the site has Many many static pages too and will keep growing as we add more content. All comments are welcome, and many thanks to all who have put in so much work to develop this software.
9
9
Quote
RyanKaz
Anonymous
That's one of the reasons I chose Geeklog over other portal apps - it actually was written with security in mind! I wasn't about to put up PHPNuke and have our -security- site hacked every other week. =) Anyway we linked up to securitygeeks.com, feel free to do the same or use our RDF if you'd like.
-Ryan
http://www.hideaway.net
12
8
Quote
Status: offline
amckay
Forum User
Full Member
Registered: 03/23/02
Posts: 180
You're a security company and you left your /path/to/geeklog wide open? The point of the "public_html" directory is to point your 'document root' at it so that your webserver only gives direct access to anything under that directory. You've got your entire GL hierarchy accessible via the web.
Not at all secure. I can't say I've found a way to hack such an installation, but I can assure you it is an extremely insecure practice. In general you want to hide all you can from being directly accessible via the web, and only have those things accessible which are absolutely necessary. In GL terms that means only your public_html.
e.g. I can directly execute your config.php script by pointing to : http://www.hideaway.net/home/config.php. Maybe that doesn't cause problems, maybe it does. Either way this file and most of the rest of your GL install should not be directly accessible via your web server.
cheers,
-Alan
8
10
Quote
All times are EDT. The time is now 11:12 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content