The element fxxxxxxxxxxe is vulnerable against bli

  • Krx
  • Auteur du sujet
  • Visiteur
  • Visiteur
il y a 10 ans 2 mois - il y a 10 ans 2 mois #3084 par Krx
Hello

Client's website was scanned against common exploits and vulnerabilities.

The fact is that this host and installation are fairly good protected.
I managed to fix most of other security issues reported by them, but this one still remains.

I personally don't find it serious, because that website doesn't have any sensitive data,
unfortunately, client insists that all reported issues must be fixed, "... or else ..."

Do you have any suggestion what to do to eliminate this threat?

.....................................
Dernière édition: il y a 10 ans 2 mois par gmapfp.

Connexion ou Créer un compte pour participer à la conversation.

Plus d'informations
il y a 10 ans 2 mois - il y a 10 ans 2 mois #3085 par gmapfp
Hello,

I checked the problem.

I will fix it today.

For the security of the other sites, I make some changes on your topic.
Dernière édition: il y a 10 ans 2 mois par gmapfp.

Connexion ou Créer un compte pour participer à la conversation.

Plus d'informations
il y a 10 ans 2 mois #3086 par gmapfp
I'm a bad hacker ! :(

I tried many hours to used this error for to make attack on my test server and I don't arrive.
Except to error messages.

I fix this danger in the new version.
Les utilisateur(s) suivant ont remercié: Krx

Connexion ou Créer un compte pour participer à la conversation.

  • Krx
  • Auteur du sujet
  • Visiteur
  • Visiteur
il y a 10 ans 2 mois #3088 par Krx
Hello

Most of security issues which they reported weren't actually issues because hosting firm is preventing deeper attacks.
But they insisted, in my opinion just to justify their jobs.
They wanted SSL and many other things.
I would understand that level of security for serious corporate website, but for relatively small regional portal with news and newsletter, it was pure overkill.
I also installed admin tools pro and rs firewall there and they demanded that I white list their IP, so that they could finish security scans.
So that website had actual security which prevented their attacks, but they wanted me to allow them to bypass it, lol.

Thanks for understanding.
Best regards

Connexion ou Créer un compte pour participer à la conversation.

Temps de génération de la page : 0.101 secondes
Propulsé par Kunena
FaLang translation system by Faboba