Security Scan

triplets · July 29, 2011, 12:00am

We had our first security scan over the weekend since moving to WiredTree and we failed miserably. Iâ€™ve been working with the host since then to resolve things. We did upgrade the version of PHP and that solved about half of the vulnerabilities that the scan found. Now we are down to a small list of remaining things. The host says COULD disable these, but they donâ€™t know what they are and they donâ€™t want to break something we are using.

Here is a list of the things I'm referring to that are listed as the outstanding issues:

admin access to web application (MailWorks)
phpBB allows cross site scripting
Advanced Guestbook allows cross site scripting
Script allows SQL injection (Cerberus Helpdesk)
Unauthorized Access via W Server (ByteHoard)
Cerberus Helpdesk cross site scripting
phpWebSite allows cross site scripting
Cross site scripting vulnerability in sort_order parameter to /class-rings/compass-collection.html
Cross site scripting vulnerability in sort_by parameter to /class-rings/compass-collection.html

Any feedback on resolving these would be appreciated.

David

clips · July 30, 2011, 12:00am

It kinds of sounds like you need to get with “Cerberus Helpdesk” on lot of these. When we have problems with our scan outside the scope of our host we go to the software company who created the program.

snorocket · July 31, 2011, 12:00am

Also get rid of (remove, delete ect…) Advanced Guestbook, phpWebsite and Advanced Guestbook - Sno