Wednesday 4 May 2016

Reliable website hosting

Having your website hosted somewhere reliable is pretty much what every website manager is looking for. Being a member of WebHostingTalk for years has taught me to look for some key indicators to what makes a good host.

A year or so ago, I stumbled across a website called DigitalOcean, also referred to me by my good friend Adam Cable, that offers all the hosting features you need without all the fluff that gets rammed on-top from the likes of Heart Internet and 1and1.

DigitalOcean are constantly rolling out new features, services and their awesome 1-click-installs are getting evening better.

I would highly recommend them to anyone looking to have a website.

If you'd like to talk or need a hand with your website, visit Garbott and fill in the contact form (or ring!).

Thanks for reading,
Joe

Monday 21 March 2016

Starting out simple in your hacking career

In my career, hacking was introduced as a tool to make my code better. Thinking with the mindset of 'how can I break this' greatly elevates the quality of the code, very quickly.

Frameworks like Laravel do a great deal of the work for you, but often (IMO) doesn't provide the developer to enough exposure to the hacking exploits and problems, meaning they don't look for any of the sorts of things listed below.

So; for anyone interested, here's a few quick tips to start hacking or to lock down your website ;)

#1 robots.txt - !!
Weirdly, yes, robots.txt is the root of all evil. The amount of times I've not bothered running software scanning for directories and just looked at robots.txt is unbelievable. So many websites put all their 'secure' directories in there to hide them from search engines... #boom instant win. You can concentrate all your efforts on those folders.

#2 query-string test
Simply putting ?1=2 in a URL to see if it yields a result or print on a source of a webpage is good test. If it is, you've clocked their printing shit they shouldn't.  Now try printing everything on the keyboard (except "?") in your ?1= parameter. See what escapes and what doesn't.

If nothing escapes, jackpot. If specific values/characters do, no worries, try another page or section of the site. Often account areas are the weakest.

#3 Webcache
Another silly thing 'sysadmins' or 'senior developers' don't lock down is port 8080. This is a weird hack i've only been able to get working a few times, but when it has, boy, I've had whole website backups available.

Simply trying http://www.example.org/:8080 is the simplest test. You'll either get a directory cache view or 404/denied directory listing page. This site, http://www.t1shopper.com/tools/port-scan/, is a friend - but don't abuse it.

Hope the above is helpful.

Any tips or tricks you want to share with me, post below :)

Thanks,
J

Sunday 20 March 2016

Getting the blog feed onto the site

Just working on getting the blog feed onto the site.

:D

God damn it blogger, fix the header on http://oxford-joe.blogspot.com/feeds/posts/default please.

New website, new start.

Today, I decided that I need to change and reinvent myself to make life more comfortable. With the formidable knowledge and skills I have, I decided to start finishing my website to bring in the dough.

My site; https://www.garbott.co.uk is going to be a mis-mash of B2B, B2C development services, custom apps and things Sian wants to do.

Hope people like it. If you have an opinion, let me know what you think.

J