Test my Web Server

I have another web server hosted, so check it out: securitysession.ddns.net

You can test the session at SSl Labs.

Let me know if you find anything.

There's a basic forum board now. Apparently no one can find anything? Try taking it down or fuck it up; I don't care.

I'll have a look at it on Sunday man, I've been busy with other things, but they're all finished now.

Do you need help with the new website?

Sent you a PM.

There's a basic forum board now. Apparently no one can find anything? Try taking it down or fuck it up; I don't care.

DDoS attack for all the n00bs out there :P

I raise you one SQL Injection.

Ok, I sent you a PM regarding it.

XSS, check what you reflect :P

I messaged you

Alright I sent you a PM regarding it; however I am still waiting on some info from Huitzilopochtli regarding the SQL injection.

High Risk Vulnerability : There is a critical vulnerability in Drupal 7 core versions earlier than 7.32.
Found in: META Generator Tag Banner says you're vulnerable, but running that code from my android isn't giving me any response at all, I'll see what's wrong with it when I get up.

No, I am not even running that version. I think the scanner is wrong, but double-check when you get up. I was running that version prior to creating this site, so is it possible your scanner has cached info from previous scans?

Maybe you have a legacy file left somewhere and the scanner picked up a banner/version

Everything has been 'wiped' clean prior to deploying this current site.

May I congratulate you on your new website, I don't think many people are going to find a hole in that, your site is basically immune to all my biggest tricks. Can't use SQL injections, Can't even break in with POODLE. Congratulations, you have succeeded in building a very good website and I have scanned it to show you that it is secure for proof.

Site: https://www.ssllabs.com/ssltest/analyze.html?d=securitysession.ddns.net

That scanner isn't checking his website for exploits or vulnerabilities, it's only checking if the servers SSL set up is secure.

Those vulnerability scanners can only scan for what they know. They are a handy tool though.

All you really need is a good spider, that can map out the directory structure, grab the file names and software banners, and maybe a fuzzer for the those harder to find directories.

You can check for sqli with a single quote, and blind exploits with a time delay, you don't need a scanner to try a 1000 variations on every single page, most are way to 'noisy' and will probably result in an IP ban on a half decent server.

That's what I am going to to do on mine. Send me a PM about it.