PDA

View Full Version : Sorta simple question about this site's security


Sere
June 29th, 2017, 02:55 PM
Ok so I see that this site is a forum which tend to be somewhat insecure though I'm not judging with just a glance. Does VT protect itself from SQL injection attacks? If not well... eek. I also see that this site is under http:// and not https:// meaning that this site is not too secure with something like credit info (not thta youd ever put it here in the first place) But how secure do you guys think it is? Has it ever been attacked before? :)





(And no I'm not trying to steal people's VT accounts.)

Alex_Swim
June 29th, 2017, 02:59 PM
Not sure how secure it needs to be, What are they going to get if someone breaks in?

Our Email address?
Some private messages?
Play around with someones Blog?

The Fourms are public so there is no need to secure them.

Phosphene
June 29th, 2017, 03:27 PM
Tech Junky's Paradise :arrow2: VTHQ

Sere
June 29th, 2017, 03:32 PM
Not sure how secure it needs to be, What are they going to get if someone breaks in?

Our Email address?
Some private messages?
Play around with someones Blog?

The Fourms are public so there is no need to secure them.
Idk what theyd do but still thought it might be interesting to see how secure this place is :)

Living For Love
June 29th, 2017, 06:13 PM
I think we've had a DDOS attack some years ago that caused VT to be down for a few days. I believe the site is secure enough as we don't deal with that kind of problems very frequently.

xXl0sth0peXx
June 29th, 2017, 11:17 PM
We did have a DDOS attack back in I believe 2013, but nothing else.

We do however currently have sufficient security for our needs, and we do regular updates to ensure that is the case. If you have any other questions, you can send a PM to one of us, but there's not much else that we can share.

Flapjack
July 1st, 2017, 08:07 AM
Not sure how secure it needs to be, What are they going to get if someone breaks in?

Our Email address?
Some private messages?
Play around with someones Blog?

The Fourms are public so there is no need to secure them.
I disagree buddy, they will have a database of everyone's email and their password hash... if that gets out there and users use the same email/ password combo for other sites (which many inevitably do) then it could be a massive problem for the affected users. So security should always be taken seriously:)

Just JT
July 1st, 2017, 08:16 AM
If that worried about someone getting your email address, create a new email account that's not linked to you, your user na,e or personal name, Andrew use that as your email account for VT.

Freckles
July 27th, 2017, 12:27 AM
They also have your IP address which is your computer's identification and can hack your computer and get passwords to sites like your bank if you have an account and anything stored on your computer. The likelyhood of that hapening is slim to none but you can't be to careful.

Sere
July 30th, 2017, 03:36 PM
Ok everybody my main question was just about sql injection and if attackers could break into accounts that way. if they can, IT NEEDS TO BE FIXED. I can test it if an admin or high high up gives permission. Otherwise it is most likely illegal. The threat would be spammers and attackers being able to post, add, remove or many things from that user account. If sql injection isnt protected against admins accounts and the acp could be taken control of, users could be banned, spam would easily run free etc. And I'm just speaking for sql. Many other breach methods exist as you should nearly all know. Thank you and please respond if you can add to this
(And no I have 0 worry about my info contained here being gained but I don't wanna get banned :( )
Hjhj

Just JT
July 30th, 2017, 06:37 PM
Ok so I see that this site is a forum which tend to be somewhat insecure though I'm not judging with just a glance. Does VT protect itself from SQL injection attacks? If not well... eek. I also see that this site is under http:// and not https:// meaning that this site is not too secure with something like credit info (not thta youd ever put it here in the first place) But how secure do you guys think it is? Has it ever been attacked before? :)





(And no I'm not trying to steal people's VT accounts.)

Ok everybody my main question was just about sql injection and if attackers could break into accounts that way. if they can, IT NEEDS TO BE FIXED. I can test it if an admin or high high up gives permission. Otherwise it is most likely illegal. The threat would be spammers and attackers being able to post, add, remove or many things from that user account. If sql injection isnt protected against admins accounts and the acp could be taken control of, users could be banned, spam would easily run free etc. And I'm just speaking for sql. Many other breach methods exist as you should nearly all know. Thank you and please respond if you can add to this
(And no I have 0 worry about my info contained here being gained but I don't wanna get banned :( )
Hjhj


Sorry, maybe it's just me, but some of the language you use, some of the words you choose to use in your posts, makes me rather uncomfortable about your abilities and/or intentions. Not sure if I'd even rule out a threat or not.

Just saying.

I'd Take Val's offer to talk about this with admin instead of here like this
Just how I'm seeing it

Flapjack
July 30th, 2017, 06:53 PM
I highlyyyy doubt the site is vulnerable to SQI injections xD I think some members are getting a little paranoid, to do attacks like SQI injections and XXS attacks the site has to be vulnerable to them, VT is not.

This is for you @Just JT (http://www.virtualteen.org/forums/member.php?u=116857) because you seemed a little worried :)
ciNHn38EyRc
Of course no website is unhackable but there is needless fearmoungering going on in this thread.

Just JT
July 30th, 2017, 06:57 PM
I highlyyyy doubt the site is vulnerable to SQI injections xD I think some members are getting a little paranoid, to do attacks like SQI injections and XXS attacks the site has to be vulnerable to them, VT is not.

This is for you @Just JT (http://www.virtualteen.org/forums/member.php?u=116857) because you seemed a little worried :)
ciNHn38EyRc
Of course no website is unhackable but there is needless fearmoungering going on in this thread.

Thanks!!

Not worried about the vulnerability of VT at all.
But I do appreciate you thoughts bro

Sere
July 30th, 2017, 11:17 PM
Sorry, maybe it's just me, but some of the language you use, some of the words you choose to use in your posts, makes me rather uncomfortable about your abilities and/or intentions. Not sure if I'd even rule out a threat or not.

Just saying.

I'd Take Val's offer to talk about this with admin instead of here like this
Just how I'm seeing it

Lol I'm not a hacker nor do I have bad intentions. I do know that the sql injection attacks have had a protection on many sites tho I just wondered about VT lol
Hope everyone has a good while

Hjhj

boy05
January 31st, 2018, 08:13 AM
I disagree buddy, they will have a database of everyone's email and their password hash... if that gets out there and users use the same email/ password combo for other sites (which many inevitably do) then it could be a massive problem for the affected users. So security should always be taken seriously:)

Yes, of course there will be people who use the same pwd for lotsa sites.

Elysium
January 31st, 2018, 08:35 AM
Yes, of course there will be people who use the same pwd for lotsa sites.
Please don't post in threads that have been inactive for two months or more. :locked: