FurrTrax - Furry Networking!!!!!




FurrTrax Furry Group
FurrTrax Twitter Feed

Get the FurrTrax App
for Android Today


Add Comment
Article: FurrTrax Security and People who Don't Think
Posted By: DarkXander
Date: 09-13-2015 15:12 PM
Views: 3381
So first off, i really should not have to write this article, i assumed it was common knowledge for everyone, or at least most people, and i still hope that it is.

Today, someone posted on twitter what they thought was a security flaw on the site. It turns out it was an old page that never got cleared out after the server was rebuilt and we transitioned from the use of an old IPTABLES software based firewall, to the new Dedicated Firewall and Cloudflare. The page was in a subfolder that is no longer used by furrtrax and essentially was forgotten to be deleted. It contained a page that showed a defacement made by a hacker about 2 years ago.

This twitter person did a URL scan against the site, for reasons we dont know, but suffice to say he was not authorized at the time to do, but i digress, he did it anyway for whatever reason, and found that old dafaced page in the old subfolder and somehow thought it was still in use somewhere. I told him that it was an old page in the cache from a subfolder we dont use, and in fact i deleted the file after i realized it was still there.

He then tried to get me to let him do a "security audit" of the site because he found a page on a url scan which he thought proved to me that he knew what he was doing. Well anyone with any script kiddie knowledge can find a tool to do URLscans automatically, if you know how to use a gameboy you can figure out how to do a urlscan. And we proceeded to have a twitter arguement from there, he wasnt exactly happy that i wasnt impressed with the skills he thought he had proven to me.

So i told him flat out, if you think your that good, go try to hack us, and if you think you have found a bug, post it in the bug bounty, NOT on twitter to everyone.

He ran out of things to say at that point but the point stands, I insulted his conduct for not using the bug bounty feature. He did a urlscan of the site, so he cant say he didnt find it, and the fact that its listed on the homepage doesnt help his case.

I know most of you already know and are aware of what ive covered in this post, but thanks to at least 1 persons lack of understanding, ive now had to spell it out...

Have a good day everyone, End Rant.

Comments:

Donate to FurrTrax




Advertise with us!
Template Designed by: FurrTrax Admin
© Copyright 2024 FurrTrax®, All Rights Reserved.
0.01882004737854