The element fxxxxxxxxxxe is vulnerable against bli

  • Krx
  • Topic Author
  • Visitor
  • Visitor
10 years 2 months ago - 10 years 2 months ago #3084 by Krx
Hello

Client's website was scanned against common exploits and vulnerabilities.

The fact is that this host and installation are fairly good protected.
I managed to fix most of other security issues reported by them, but this one still remains.

I personally don't find it serious, because that website doesn't have any sensitive data,
unfortunately, client insists that all reported issues must be fixed, "... or else ..."

Do you have any suggestion what to do to eliminate this threat?

.....................................
Last edit: 10 years 2 months ago by gmapfp.

Please Log in or Create an account to join the conversation.

More
10 years 2 months ago - 10 years 2 months ago #3085 by gmapfp
Hello,

I checked the problem.

I will fix it today.

For the security of the other sites, I make some changes on your topic.
Last edit: 10 years 2 months ago by gmapfp.

Please Log in or Create an account to join the conversation.

More
10 years 2 months ago #3086 by gmapfp
I'm a bad hacker ! :(

I tried many hours to used this error for to make attack on my test server and I don't arrive.
Except to error messages.

I fix this danger in the new version.
The following user(s) said Thank You: Krx

Please Log in or Create an account to join the conversation.

  • Krx
  • Topic Author
  • Visitor
  • Visitor
10 years 2 months ago #3088 by Krx
Hello

Most of security issues which they reported weren't actually issues because hosting firm is preventing deeper attacks.
But they insisted, in my opinion just to justify their jobs.
They wanted SSL and many other things.
I would understand that level of security for serious corporate website, but for relatively small regional portal with news and newsletter, it was pure overkill.
I also installed admin tools pro and rs firewall there and they demanded that I white list their IP, so that they could finish security scans.
So that website had actual security which prevented their attacks, but they wanted me to allow them to bypass it, lol.

Thanks for understanding.
Best regards

Please Log in or Create an account to join the conversation.

Time to create page: 0.077 seconds
Powered by Kunena Forum
FaLang translation system by Faboba