Advertisement:

Author Topic: -NO LONGER VALID-  (Read 1604 times)

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2519
-NO LONGER VALID-
« on: June 29, 2015, 11:05:22 pm »
Hi guys,

I am using this free service to keep my VPS secure, check it out, it is 100% free for up to two sites/domains and you can chose to plan a scan every week/month and get the report emailed. This service already helped me to make my server more secure so definitely worth sharing with you guys.

Here's the link for signing up:
Link removed, NO LONGER FREE

See screenshots, optional you can show your visitors you are using a secure/safe server, when visitors click the badge they are forwarded to a new webpage showing info as seen in 2nd screenshot.


Regards,
Eric
« Last Edit: September 07, 2015, 03:02:28 am by SmaRTeY »

dev101

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2155
  • osclass.work
Re: Security: Free Vulnarability Scan of your website
« Reply #1 on: June 30, 2015, 12:12:56 am »
Osclass is not vulnerable on generic attacks and above tools usually either report no vulnerability or false positives. This is simply a waste of time. Osclass is vulnerable to specific and custom tailored attacks which require manual (human) inspection of core files to be discovered. Several serious vulnerabilities in last patches were, in fact, discovered this way.

Regards

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2519
Re: Security: Free Vulnarability Scan of your website
« Reply #2 on: June 30, 2015, 02:13:47 am »
@dev101, I have custom code additions in functions.php which might undo Osclass security now that there's a vulnarability found. At this moment I am looking into the issue. Not saying Osclass isn't safe but I do seem to have some kind of issue according to msg below.

Quote
1. Vulnerabilities in Custom Web Code (High)back
Port:   http (80/tcp)
Summary:
We discovered vulnerabilities in the scripts listed below. Next to each script, there is a description of the type of attack that is possible, and the way to recreate the attack. If the attack is a simple HTTP GET request, you can usually paste it into your browser to see how it works. If it's a POST attack, the parameters for the POST request will be listed in square parenthesis.

Cross Site Scripting
URL: .....
Affected Parameter: .....
Vector Used: %22+onmouseover%3D%22javascript:alert%28%27foo%27%29%22+%22
Pattern found: " onmouseover="javascript:alert('foo')" "

dev101

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2155
  • osclass.work
Re: Security: Free Vulnarability Scan of your website
« Reply #3 on: June 30, 2015, 02:24:17 am »
Well, with each customization and new theme or plugin, the picture changes, of course. That's the responsibility of the devs and yours essentially, you have to know what  you're doing when/if you leave some holes open.

Regards

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2519
Re: Security: Free Vulnarability Scan of your website
« Reply #4 on: June 30, 2015, 02:33:32 am »
 8) It can be a nice check in case you're less skilled yet do make changes either with code from the forums or create your own code.

dev101

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2155
  • osclass.work
Re: Security: Free Vulnarability Scan of your website
« Reply #5 on: June 30, 2015, 02:57:19 am »
it is 100% free for up to two sites/domains
Sorry, but I haven't found anything for free on their website, there is nothing offered the way you described above on their Features and Pricing page, and there is a setup fee for a one-time scan, or free trial testing (15 days).

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2519
Re: Security: Free Vulnarability Scan of your website
« Reply #6 on: July 01, 2015, 11:34:36 pm »
Let me check one more time, I believe you can register a free basic account (I have one for free) but maybe they changed this.

it is 100% free for up to two sites/domains
Sorry, but I haven't found anything for free on their website, there is nothing offered the way you described above on their Features and Pricing page, and there is a setup fee for a one-time scan, or free trial testing (15 days).

SmaRTeY

  • Osclass Hero
  • Hero Member
  • *
  • Posts: 2519
Re: Security: Free Vulnarability Scan of your website
« Reply #7 on: July 02, 2015, 09:33:51 pm »
 >:(
You're absolutely right dev101, they changed it  :-\

Sorry all, subject is interesting I think but the tool mentioned here is NOT free (anymore)!