Free Server Security Information and Vulnerability Suggestions
____________________________________________
Hey OTLand! I've been running OTs for quite some time, and I've seen a lot of different attacks that hackers go through to get into your precious servers.. Over my extended break with Tibia and the OT community I decided to get back into it in a different sort of way than developing servers. I want to help people make their servers more secure!____________________________________________
____________________________________________
Basically what I'll be doing is using a few applications to test your server's security, and find any vulnerabilities that might be at hand. I'll then give you all the information on what I find and give you suggestions on how to fix them.
ZenMap: Nmap Security Scanner GUI
The first application I use besides command prompt is ZenMap, which is basically a website vulnerability scanner that shows information of ports that are open, giving hackers a lead in where to start. ZenMap also shows all OS software used, and the services that are running on given ports, if they're not hidden correctly.
W3AF: Web Application Attack and Audit Framework
The second application is in a sense, a pen test, and it's called W3AF. This application is extremely powerful and efficient. The use of W3AF is that it completely scans the entire website, documenting everything in its code, finding vulnerabilities such as XSS and SQL Injection spots, and even allows you to test those injections. With W3AF, if your server is not secure, a hacker can easily get information out of your database and hijack your server, your RDC, and even your own computer if you're that unsecured.
Metasploit is a vulnerability tester that works with several different applications in tandem for maximum capability. It tests the target for related domains and IPs, showing your real web presence, giving the penetration tester a full overview of everything he or she can do. Armitage works with the Metasploit Framework to give the tester a clean, easy to use GUI and visualize his target.
I can also test your web DDOS protection with the LOIC and HOIC applications, which consistently floods data to your website, causing it to crash. This is a very simple tool, but provides a lot of good data for me to help you on your quest to become more secure. A fair warning though, if you did allow me to do Ion Cannon attacks, it could cause your website to crash, but it's all in good nature. :^)
____________________________________________
____________________________________________
This is a completely free service. I will NEVER disclose your server information to anyone but the server administrator. I will be checking the server's ownership, and if given a request by anyone besides the server administrator, I am obligated to divulge your request to the proper person or persons. I am not soliciting for monetary gain. I agree to completely destroy all documentation I have rendered after the service is complete.
Last edited:
