Homepage Forums Everything else Website Request

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of riddamark riddamark 1 year, 11 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #88
    Profile photo of Lliff
    Lliff
    Participant

    Hey Shell, where’s the gallery girl? Came on to post my new transmog piccys for Ffydd and there’s no Gallery 🙁

    #91
    Profile photo of riddamark
    riddamark
    Participant

    I have a request, and I hope I am not overstepping my bounds since I am new when I suggest this, but speaking as a sysadmin, can we make this website or at least the login page force https? The webpage does seem to be ssl enabled, but the certificate it presents is for the domain sni.dreamhost.com, so it’s mis-configured.

    Another thing I noticed, but it’s likely out of your control is that the host seem to have several ports open (not a bad thing usually) one of which is 22 (SSH) and its accepting passwords, not using public keys. The ip address of this vhost reverse lookup resolves to apache2-grog.tricia-mcmillan.dreamhost.com, which if I assume correctly is a machine your website is hosted on that you have no control over, but on the off chance this is a VM of some kind you set up with them I would suggest making it use key access only so it can’t be brute forced. Again you might not have control over those things because I can’t tell what kind of set up this is, this is just what I noticed at a glance.

    Also ftp is open, if you didn’t know. This is just a habbit of mine. I have had developer friends set up websites having crazy things like postgres listening on the public ip, with no authentication, forms that ask for very personal information that is not encrypted and using very out of date wordpress versions. Your wordpress version is up to date.

    Just trying to help 🙂

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.