Author Topic: Help me brainstorm for a domain name  (Read 4649 times)

0 Members and 1 Guest are viewing this topic.

Offline CrAz3D

  • Hero Member
  • *****
  • Posts: 10184
    • View Profile
Help me brainstorm for a domain name
« on: June 01, 2007, 12:19:14 am »
I used to use crazedmind.net
Might just use crazed.net unless someone can help me come up with something flashier.

It's just gonna be a personal site.  Might temporarily host my College Republican site there, if we use what I made and all.

Anyhow, thoughts?

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Help me brainstorm for a domain name
« Reply #1 on: June 01, 2007, 01:13:21 am »
If you have any intention of using it professionally, I don't think I'd use crazedmind, haha.  Not sure, though... perhaps I'm reading too much into that.

Offline CrAz3D

  • Hero Member
  • *****
  • Posts: 10184
    • View Profile
Re: Help me brainstorm for a domain name
« Reply #2 on: June 01, 2007, 01:26:10 am »
I went w/ dailycrazed.net


thnx Joe


& thnx Wires for the hella amounts of help/instruction/suggestion
& thnx Sidoh for the help thus far

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Help me brainstorm for a domain name
« Reply #3 on: June 01, 2007, 05:36:04 pm »
Tyler Benting has a bad looking website.
And like a fool I believed myself, and thought I was somebody else...

Offline CrAz3D

  • Hero Member
  • *****
  • Posts: 10184
    • View Profile
Re: Help me brainstorm for a domain name
« Reply #4 on: June 01, 2007, 06:38:54 pm »
Tyler Benting has a bad looking website.
hey, pssht, I'm workin on it....

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Help me brainstorm for a domain name
« Reply #5 on: June 01, 2007, 06:54:30 pm »
It's at kind of a weird path:

/home/.reik/craz3d/dailycrazed.net/index.php

I've never seen a user folder that starts with a "." before.

Either way, look up what a "remote file include" vulnerability is. Basically, make sure that a user can't control a variable that's going into an include() or require(). It seems that you're vulnerable to that (poke). It's not that big of a deal right now, but it'll be more annoying to change it later. :P

Fortunately, I get blocked if I try including something remote, but this could still be a potential vulnerability so watch out.

Offline CrAz3D

  • Hero Member
  • *****
  • Posts: 10184
    • View Profile
Re: Help me brainstorm for a domain name
« Reply #6 on: June 01, 2007, 07:06:20 pm »
How's that a vulnerability?...testtesttest doesnt exist on my site so how would someone make that and exploit me?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Help me brainstorm for a domain name
« Reply #7 on: June 01, 2007, 07:24:08 pm »
You can generally include files on other, remote sites. Something blocks that, but it's still dangerous.

If anybody else has a site on the same server, they could inject stuff into your code.

If you, or anybody else on that server enables file uploads, it could be risky.

If there's a .inc file in another script that could be dangerous, it could be risky.

If somebody can find a way to include a file that doesn't end with .inc, it could be risky.

Generally, but not always, that kind of things leads to a Remote File Include. It's good practice just to not do it. It's not a bad thing that you have it, since I know you're new to PHP, but that's not the proper way to include files.

Offline CrAz3D

  • Hero Member
  • *****
  • Posts: 10184
    • View Profile
Re: Help me brainstorm for a domain name
« Reply #8 on: June 01, 2007, 07:28:13 pm »
How ought I to include them, then?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Help me brainstorm for a domain name
« Reply #9 on: June 01, 2007, 07:30:25 pm »
I'm not a real web developer, but I generally use a script:

switch($page)
{
 case "home"
   require('pages/home.inc');
   break;

 case ...
...
}

I don't know if that's the best way to do it, though, Sidoh might be able to weigh in with a better answer.

Offline CrAz3D

  • Hero Member
  • *****
  • Posts: 10184
    • View Profile
Re: Help me brainstorm for a domain name
« Reply #10 on: June 01, 2007, 07:31:39 pm »
and that's better because it does just use the include("page.inc")?...

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: Help me brainstorm for a domain name
« Reply #11 on: June 01, 2007, 07:49:55 pm »
and that's better because it does just use the include("page.inc")?...

If you don't do what iago is suggesting (and a few other people suggested earlier), you leave yourself open to all of the things iago mentioned.  People can do something like "?content=../../../.otheruser/public_html/myscript.php" which can do all sorts of nasty things.  They could spit out contents of variables that store mysql authentication information, for example.

I normally do what iago has suggested.  I have a switch statement with the supported cases (eg home, gallery, calendar, etc) and then ignore (or produce an error message) for anything that doesn't have a case.

trust

  • Guest
Re: Help me brainstorm for a domain name
« Reply #12 on: June 01, 2007, 08:45:25 pm »
shoulda just done tylerbenting.com or something

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: Help me brainstorm for a domain name
« Reply #13 on: June 06, 2007, 07:26:27 pm »
I prefer just to filter out ".."s so they're limited to what in the folder, or in other folders above.  Any disadvantage to that?
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Help me brainstorm for a domain name
« Reply #14 on: June 06, 2007, 07:48:49 pm »
Filters are notoriously bypassable. It's better to just not get into the situation in the first place.