Search found 24 matches
- Wed Feb 10, 2021 2:59 pm
- Forum: General
- Topic: Is their any roadmap/possibility of an API for the control panel?
- Replies: 5
- Views: 2931
Is their any roadmap/possibility of an API for the control panel?
Hi again! :) My service encounters DDoS attacks on average once a month - NFO deals with them superbly and swiftly - and because I’d like real-time information without requiring the control panel, I am thinking of creating a sort of NOC for my service. However, is there any API that can retrieve con...
- Sat Feb 06, 2021 4:40 pm
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Re: Is the control panel potentially disclosing sensitive information?
Thank you for the reply. I completely understand, I do work for independently large businesses and good gravy it can be hard to find the right person 😅 but NFO you have the best support time and effectiveness I've ever seen, huge praise to you on that front 😁 I too will not be responding further on ...
- Sat Feb 06, 2021 3:48 am
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Re: Is the control panel potentially disclosing sensitive information?
By encrypting certain user aspects in your session token and checking them per request you can prevent an attacker that hasn't spoofed those aspects from gaining access to an account via a live session token, although not impossible certainly. Can I also ask you are hashing passwords in your DB as i...
- Fri Feb 05, 2021 1:23 pm
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Re: Is the control panel potentially disclosing sensitive information?
Completely missed your response, sorry :) If Edge feels this is too security related, I will happily remove the posts as i said in my previous post :) I agree that someone with the knowledge of a few basic tools can hijack a session and/or other cookies if they wish to do so, it is technically avoid...
- Fri Feb 05, 2021 1:08 pm
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Re: Is the control panel potentially disclosing sensitive information?
It should also be noted that on "https://www.nfoservers.com/control/login.html" there is no CSRF protection or Captcha which should probably be addressed at some point, but i understand DDoS mitigation and other network-related occurrences take priority.
- Fri Feb 05, 2021 12:27 pm
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Re: Is the control panel potentially disclosing sensitive information?
Yes it appears the control panel allows you to change password without requiring you to provide your existing password but personally I believe this is by design. I've seen the same in other websites so i'm unsure how I feel about that.
- Thu Feb 04, 2021 1:38 am
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Re: Is the control panel potentially disclosing sensitive information?
Thank you for the prompt response. If you want more information on CWE-315, https://cwe.mitre.org/data/definitions/315.html is the official page for it :D Yes token based authentication would be a definite security step-up and time-based 2FA (Something that wouldn't require 3rd-party services) is al...
- Wed Feb 03, 2021 3:43 pm
- Forum: General
- Topic: Is the control panel potentially disclosing sensitive information?
- Replies: 12
- Views: 2714
Is the control panel potentially disclosing sensitive information?
Hello there, After snooping around my server dashboard, simply looking at the status of my virtual server, I noticed that it is written in Perl and me being me I decided to check out the cookies it stores (I've never seen a web-app in Perl so this was exciting for me :D). After checking what cookies...
- Sat Mar 21, 2020 3:34 am
- Forum: General
- Topic: NFO and CoronaVirus
- Replies: 1
- Views: 1361
NFO and CoronaVirus
Hi all,
Just a very simple question about how NFO is handling the new CoronaVirus and whether we should be expecting some downtime as a result of it?
Regards, Vortire
Just a very simple question about how NFO is handling the new CoronaVirus and whether we should be expecting some downtime as a result of it?
Regards, Vortire