4
The1nk
8y

Is there a service, or forum, where you can ask people to try to break into your software for free?

Stupid as that is, I kind of want a beginner security guy to pen test my server. Eventually I'll shell out cash for a real review, but I'd like a lite one now. 😔

Comments
  • 1
    Mate if you want me to have a go I will but I likely won't have time till end of next week 😊 I do have some experience though.... Not some scripty
  • 1
    I'm with @FitzSuperUser. Could do some testing during the weekend if you'd like? Not a skiddie by the way :)
  • 1
    You know ... sure. I'll post it publicly for people to take a stab at in their spare time. Haha. Its not "tightened up", or meant to be a challenge - it's me starting a personal site for growth and networking, and trying to get help to tighten it up.

    Http://staystachey.com thanks guys. Be gentle. 😂😂
  • 0
    @The1nk er, please don't destroy my content. I actually ... don't have a backup yet. Haha
  • 1
    I just tried some things but I only found one thing: so far I know password mode is still enabled on your ssh service. So maybe turn that off. I also noticed I got blocked after some time so I quess you have fail2ban installed.
  • 1
    @Jifuna nice site btw.
  • 5
    Might want to get yourself an SSL cert. They're free from Let's Encrypt :)
  • 1
    Take a backup before posting site online, especially to some pen testing
  • 1
    This is a great tool : https://detectify.com
  • 1
    @Xenotoad *ahem* Certbot now. EFF reworked it.
  • 2
    Go on hacker forum and proclaim that your server is absolutely unbreakable
  • 1
    @Jifuna SSH still prompts for a password, but I only have one account (non-root) and it's secured by a key - it has no password. Root doesn't have a password, well, it likely does but not one that I know. Not sure why it still *tries* to get a password, is there a setting for that?
  • 0
    @JammehCow @Xenotoad Yeah, that's on my to-do list -- using LetsEncrypt to get a SSL/TLS going. Thanks for the advice!
  • 1
    @JoshuaaM Definitely. After I posted that "I don't have a backup" message, I grabbed my phone and made a backup. Haha. Thanks for the advice!
  • 1
    Okay, thats good! Yes there is a setting for that, set passwordAuthentication to no in /etc/ssh/sshd_config
Add Comment