Jump to content

Forum Site

phpfreak

By phpfreak
in PHPFreaks.com Website Feedback

 Share

Recommended Posts

horseatingweeds Member

horseatingweeds

Posted
Posted

I'm interested in what vulnerabilities you've found. I have a site with static pages (with includes) and an SMF forum. I'm also about to develop a database driven site, with my own applications, along with an SMF forum. Willing to share any info?

 

I must be a pain in the ass though, no ads up. What are hackers doing attacking this site though? Do they think it's special because it on php? Why don't they attack something that needs a good bashing?

Link to comment
Share on other sites
redbullmarky Advanced Member

redbullmarky

Posted
Posted

Ok I'll be patient as long as I know its coming back for sure.

 

Just with how great this place is, its very upsetting, to lose here, I was having a lot around actually :'( and nothing even came close to phpfreaks forums alone so....

 

so I'd be staying here anyhow no matter what I guess, even if you didn't bring the site part back..... you guys helped me out majorly when I was just starting php, so seeing what seemed to be the start of this site falling was very upsetting and I am very hugely relieved you guys aren't abandoning this site like I first thought

 

I've also been reading back through this and seen I was a little jumpy, I apologize, but like everyone else I was just upset and seeing a large part of phpfreaks gone

 

Hope everything goes well and I am now waiting patiently and continuing to use the forums, PHPFreaks rock

 

i echo your thoughts 100% - i too was virtually a complete beginner when i first came across the site, so I as much as anyone else wants it back.

All I can say is, there's a lot of exciting input going into the redevelopment so watch this space closely. All of us involved in the development process are very keen to get things back up and rolling, but as ober said, things will take a little time.

Link to comment
Share on other sites
ober Advanced Member

ober

Posted
Posted

I'm interested in what vulnerabilities you've found. I have a site with static pages (with includes) and an SMF forum. I'm also about to develop a database driven site, with my own applications, along with an SMF forum. Willing to share any info?

 

I must be a pain in the ass though, no ads up. What are hackers doing attacking this site though? Do they think it's special because it on php? Why don't they attack something that needs a good bashing?

 

Long story short, it doesn't have anything to do with SMF.  They hacked us through SQL injection via the main site. 

Link to comment
Share on other sites
revraz Member

revraz

Posted
Posted

Maybe allow a PDF or something that can be created out of the site then uploaded into a format it will accept.  I think the main reason that Tutorials were not uploaded was the method they had to be created.  There were no instructions so we were left scratching our head on how to even put one up.

Link to comment
Share on other sites
Daniel0 Advanced Member

Daniel0

Posted
Posted

Maybe allow a PDF or something that can be created out of the site then uploaded into a format it will accept.  I think the main reason that Tutorials were not uploaded was the method they had to be created.  There were no instructions so we were left scratching our head on how to even put one up.

 

Why was the other way difficult? If someone doesn't even know basic HTML then he is not sufficiently competent to write PHP articles/tutorials. The only other thing needed to know was that [PAGEBREAK] would make a page break.

Link to comment
Share on other sites
steelmanronald06 Advanced Member

steelmanronald06

Posted
Posted

I'm hoping that our development team will be able to make a few changes to the tutorial section. I haven't had ample time to write them up and present to them, but here is what I'm considering:

 

(1) Allowing members to upload plain text (.txt) documents.  The mods/admins get an email and they approve/deny it.  If it is approved then have code parse that out and insert it into the database, delete the .txt file, and have a new entry that way...elimantes copy and paste and lets users submit tutorials without using a webbased interface/email.

 

(2)  Allow users to export tutorials. Basicially see a printer friendly version, a pdf version, or a .txt verion.  Both the pdf and .txt would be downloadable.

 

(3)  Better commenting system

 

Like I said, everything we decide on is pretty much put to a vote for fairness...I've yet to run all this by the dev team, but mainly cause I'm out of town and don't have time to do so.  I will be doing so, though, because I've been thinking for a while of ways to improve the tutorial section.

Link to comment
Share on other sites
  • 2 weeks later...
activeserver Newbie

activeserver

Posted
Posted

One-click bookmarking of posts.

I keep changing browsers to test my web sites - usability / standards compliance / ...

Syncing bookmarks between browsers is a royal pain.

one small button next to the permalink of the comment/post will be great.

Of course, you have to add the tables and stuff. But a simple machines mod may be available already...

Could this help other phpfreaks users...

 

Also, an imageless CSS skin/theme

Link to comment
Share on other sites
ober Advanced Member

ober

Posted
Posted

We're talking about the main site, not the forums.  And we're not adding a mod to the boards for bookmarking.  Sorry.  If you can't manage 2-3 clicks in your browser to bookmark a valuable resource, I feel sorry for you.

 

Imageless CSS skin/theme?  Sorry, but we're sticking with the core SMF theme.

Link to comment
Share on other sites
activeserver Newbie

activeserver

Posted
Posted

We're talking about the main site, not the forums.  And we're not adding a mod to the boards for bookmarking.  Sorry. 

Got that. Never mind.

If you can't manage 2-3 clicks in your browser to bookmark a valuable resource, I feel sorry for you.

*One* valuable resource is something anyone would save to multiple locations on disk :)

This set of forums has more like hundreds of good replies or threads. That's where the problem begins. ctrl+D begins to become troublesome for me.

I jolly well understand that to add such a feature, you might have to divert quite some time and energy So fine :)

I'll work around with something like a firefox extension for delicious / yoono / furl / ...

Imageless CSS skin/theme?  Sorry, but we're sticking with the core SMF theme.

Ok.

Opera is good for this :)

Link to comment
Share on other sites
  • 4 weeks later...
Daniel0 Advanced Member

Daniel0

Posted
Posted

Just thought I'd give everybody an update on this so you know it's actually being taken care of. The code for the new site has been written and is currently being tested. Had it not been for the fact that the owner of this site, Eric (aka phpfreak), has discarded the current layout, which has been picked by the other staff and recommended members, the site would probably have launched by the end of this week. Now we need to get a new layout however and that will obviously delay the release of the site. The site can most likely be expected to be released some time this month though.

 

Thanks for your patience regarding this. Hopefully the mods and recommended members will participate in creating new awesome tutorials after the release of the site.

Link to comment
Share on other sites
prime Member

prime

Posted
Posted

I understand you guys used this as an excuse to design a new site, but seriously you could of left the old one up until this was ready.

 

you were hit by an sql injection attack, i.e you had insufficient verifications on user input that went into an sql query, those type of vulnerabilities are easy enough to beef up defense against if you knew it was there

Link to comment
Share on other sites
fenway Advanced Member

fenway

Posted
Posted

I understand you guys used this as an excuse to design a new site, but seriously you could of left the old one up until this was ready.

 

you were hit by an sql injection attack, i.e you had insufficient verifications on user input that went into an sql query, those type of vulnerabilities are easy enough to beef up defense against if you knew it was there

How many times have you successfully restored a vulnerable site to usability?  This was an extremely complicated and cleverly devised attack, not limited to SQL injection... hence it was not a simple task.  It took a lot of very skilled and experience people weeks to track it down.  And data integrity was the primary concern, so the site was taken down as a precaution.

Link to comment
Share on other sites
  • 2 weeks later...
activeserver Newbie

activeserver

Posted
Posted

(In reply to my own question about topic bookmarks above....)

Bookmarking can be done by clicking "Notify" on any thread. Just be careful as to not disable when you click "notify" a second time - that is, read the popup message box for enable/disable.

[pre]"Profile"(top nav bar on every page) -> "Modify profile" (tab on the left side) -> "Notifications and email"[/pre]

Essentially the same thing as bookmarks :)

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.