Basic Security Holes

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
tarrigo
Forum Newbie
Posts: 8
Joined: Sat Nov 25, 2006 4:48 pm

Basic Security Holes

Post by tarrigo »

I currently was asked by someone why godaddy.com might have sent them an email saying their site was vulnerable. I was a little baffled after looking at the site because it does not use a database, there are no login areas, no request forms, it is just information and graphics. Are there some really basic security issues that people know of that someone could briefly mention. I don't need in-depth explanations, I can do searches and find out the rest. Just want to see if there is something I am not aware of.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It likely has to do with either XSS or XSRF or some other silly acronym thereof. Without knowing more detail, it's difficult to say but as long as the site uses static pages, it's typically harder to do much of anything truly vulnerable.
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

who knows... godaddy (as well as a lot of other tech-related bargain sites) likes to scare their customers who aren't so tech-savvy with things like "Your information is publicly available via whois - would you like to pay us to hide that information?" and things like that. You might ask them what exactly the email said.
tarrigo
Forum Newbie
Posts: 8
Joined: Sat Nov 25, 2006 4:48 pm

I agree

Post by tarrigo »

That was one of my first questions, in terms of whether or not the email followed with some type of sales pitch. They said no, but I know that if godaddy has any type of basic marketing savvy that they have planted a nice seed in your head that will keep you up long enough at night to make you go and ask them for help or a possible resolution to the problem. Of course $$$ signs will follow.

Nonetheless it worked because I am here taking time to look into it. I may not have designed the site, but I am being propositioned to see if I can find anything out.
bobby9101
Forum Commoner
Posts: 28
Joined: Thu Apr 27, 2006 1:18 pm

Post by bobby9101 »

sounds like a spoof email to me.
godaddy doesn't care about it's clients sites... unless it is illegal
Post Reply