Server rentals :: NFOservers.com

Hi again! :) My service encounters DDoS attacks on average once a month - NFO deals with them superbly and swiftly - and because I’d like real-time information without requiring the control panel, I am thinking of creating a sort of NOC for my service. However, is there any API that can retrieve con...

Thank you for the reply. I completely understand, I do work for independently large businesses and good gravy it can be hard to find the right person 😅 but NFO you have the best support time and effectiveness I've ever seen, huge praise to you on that front 😁 I too will not be responding further on ...

By encrypting certain user aspects in your session token and checking them per request you can prevent an attacker that hasn't spoofed those aspects from gaining access to an account via a live session token, although not impossible certainly. Can I also ask you are hashing passwords in your DB as i...

Completely missed your response, sorry :) If Edge feels this is too security related, I will happily remove the posts as i said in my previous post :) I agree that someone with the knowledge of a few basic tools can hijack a session and/or other cookies if they wish to do so, it is technically avoid...

It should also be noted that on "https://www.nfoservers.com/control/login.html" there is no CSRF protection or Captcha which should probably be addressed at some point, but i understand DDoS mitigation and other network-related occurrences take priority.

Yes it appears the control panel allows you to change password without requiring you to provide your existing password but personally I believe this is by design. I've seen the same in other websites so i'm unsure how I feel about that.

Thank you for the prompt response. If you want more information on CWE-315, https://cwe.mitre.org/data/definitions/315.html is the official page for it :D Yes token based authentication would be a definite security step-up and time-based 2FA (Something that wouldn't require 3rd-party services) is al...

Hello there, After snooping around my server dashboard, simply looking at the status of my virtual server, I noticed that it is written in Perl and me being me I decided to check out the cookies it stores (I've never seen a web-app in Perl so this was exciting for me :D). After checking what cookies...

Hi all,

Just a very simple question about how NFO is handling the new CoronaVirus and whether we should be expecting some downtime as a result of it?

Regards, Vortire