17 válasz erre a témára

[VictorH]

English speaker here. I couldn't help but notice a few things.

1. You have index.php in your URLs. This is easily removed with URL rewriting and is SEO friendly.
2. You share an IP with the other Hungarian furry board. Shared IP in German Datacenter?
3. You don't use Cloudflare, leaving yourselves open to DDOS attack.

There are other issues, but they qualify as serious security vulns, and should not be openly discussed. Any takers?

[Ralesk]

• Doesn't matter too much really. Keywords and page contents do, a lot more.
• Last I checked the other furry board was not at a German hosting service. Or I don't know which furry board you're talking about, the IP addresses are very different with the one I know of.
• Cloudflare is that thing whose Czech servers break down so often that you always know who uses cloudflare because it always shows the fucking Cloudflare frame when something is broken, no matter how targeted the protected services are.

Yeah. You were sayin'?

[VictorH]

 

• Doesn't matter too much really. Keywords and page contents do, a lot more.
• Last I checked the other furry board was not at a German hosting service. Or I don't know which furry board you're talking about, the IP addresses are very different with the one I know of.
• Cloudflare is that thing whose Czech servers break down so often that you always know who uses cloudflare because it always shows the fucking Cloudflare frame when something is broken, no matter how targeted the protected services are.

Yeah. You were sayin'?

 

Yep. I was saying,

Same IP. Cpanel much?

Nope, cloudflare has never broken on me, yet offers innumerable advantages.

You were sayin'?

[Ralesk]

Same IP. Cpanel much?

You could mention whom you're talking about at least. The other Hungarian furry forum does not have the same IP address.

Nope, cloudflare has never broken on me, yet offers innumerable advantages.

Good. I always had just problems with it as a random user of websites who think it's a cool and useful service, and I therefore never bothered actually checking it out. I honestly can't care less about that service.

[VictorH]

You could mention whom you're talking about at least. The other Hungarian furry forum does not have the same IP address.


Good. I always had just problems with it as a random user of websites who think it's a cool and useful service, and I therefore never bothered actually checking it out. I honestly can't care less about that service.

Oh, but tracert says you have the same IP.

I've yet to hear an argument against Cloudflare. ;^)

[Ralesk]

Oh, but tracert says you have the same IP.

But traceroute and ping and nslookup and dig all tell me that no, this forum and the only other Hungarian furry forum I know of do have entirely different IPs.

[VictorH]

But traceroute and ping and nslookup and dig all tell me that no, this forum and the only other Hungarian furry forum I know of do have entirely different IPs.

Nope, same IP, same German datacenter. Even if you ignore this (as you have done) you can at least remove index.php from your URLs. It's not hard, I promise.

[Ralesk]

And if you really wanted to discuss security matters you know where to reach any of the administrators in private.

[Ralesk]

Nope, same IP, same German datacenter. Even if you ignore this (as you have done)

It. Is. Not.

I am not ignoring the issue. You are lying.

you can at least remove index.php from your URLs. It's not hard, I promise.

I know about it, we don't care. It makes things look nicer to humans, slightly, but doesn't matter pretty much at all. The useful bits are already in the URL.

[VictorH]

Um... no? It's not like you publish a vuln mailing list, guys.

[Ralesk]

Still waiting for you to tell which board you're talking about because the only other significant furry board is NOT hosted in Germany and does NOT share an IP or even the first byte of the IP address with us. They simply don't.

[VictorH]

Tell me you at least use nginx+ pgp-fpm, right guys? Right?

[VictorH]

we don't care. It makes things look nicer to humans, slightly,

 

LOL NO

[Kyera]

We are not even in a German datacenter.

[Delphin]

My turn.

• You don't use Cloudflare, leaving yourselves open to DDOS attack.

Why exactly should this matter? An attacker would have nothing to gain and almost nothing of value to disrupt. This forum is neither ad-supported, nor is it serving tens of thousands of users, nor is it a freelance revenue/commission platform.

[Kyera]

Delphin has a point there too.

 

It is pretty much the same reason why SEO just doesn't matter to us. All our members know eachother IRL basically, and new members either meet us at events or in the media (interviews, etc). And then not to mention that the index.php thing is actually a very outdated SEO micro-optimization myth that is obsolate for many years now.

 

But let me make another point, dear "VictorH". We don't even know who are you. No name, no introduction, no proper saying hello. You are just a random internet name, coming here and telling us around how to do our stuff. Why should we listen to you? Who are you? Why should we give a thought about your advices which are obviously wrong? You can't even look up the IP address of a website! Because if you could, you would not have made your second point.

 

You say you don't know who to contact with security issues? Sure, we have no mailing list for it, but you see us admins here. There's Ralesk and there's me. You can send us a PM through the forum and that's it. If you do, you could also give an explanation of who you are and what you want.

 

I really don't understand what makes you think that it is okay, to rush into someone's house and boss the people around in their own house about how they should do stuff. Because basicaly that is what you are doing. You are just a random, nameless guy from the internet we don't know shit about... why shall we listen to you?

[Delphin]

tl;dr

Good god, lay off the tl;dr. That's Storm's thing.

Odds are this gentleman just wanted to sell you some site optimisation for a quick buck.

[Ralesk]

Yeah, I think that's enough of this fine topic.