Do you scan your own website/server for vulnerabilities?

Depends, if my website is a System that has Login Functions and Etc, I do scans but is it just a personal website for me, there's no need to.

03-05-2019, 08:09 AM

iamcoderx Wrote: Depends, if my website is a System that has Login Functions and Etc, I do scans but is it just a personal website for me, there's no need to.

Thats a pretty terrible way of looking at it. If you have something on the internet you should take it more seriously. Just a personal blog getting hacked can cost you tons of cash of bandwidth fees etc or can cause more problems if you have good standings with clients or something of that nature and someone can use your website for spam and more.

Keeping your web security high and daily/weekly scans for malware and other things is best practice.

I would be interested in knowing how to do this, does it take very long?

07-05-2019, 06:22 PM

KayneG Wrote: I would be interested in knowing how to do this, does it take very long?

its not hard. Do you own your own vps or dedicated? If not scanning a shared hosting account can and typically will break your agreement. I can get you set up with a vps if you are interested and we can setup and help get you over to secure hosting!

I think there are some people that offer services for this. Might look into those. Typically the vulnerabilities are things you can't find yourself.

I prefer cracking the license without scanning because sometimes scan give only fake predictions

10-05-2019, 12:30 AM

dev0x97 Wrote: I prefer cracking the license without scanning because sometimes scan give only fake predictions

cracking what license? We are talking about a web server. your own website. no license to crack.

---

10-05-2019, 12:05 AM

chaddious Wrote: I think there are some people that offer services for this. Might look into those. Typically the vulnerabilities are things you can't find yourself.

i can help you with this. Can also help you secure your own vps etc. Shared hosting i will not scan simply because you do not own that server

Tbh I think now is a pretty good time for web security with WAF having free subscription and stuff like that. You don't even need to take care of it anymore, unless you're doing really stupid things imo

Get bitninja.io. Absolutely worth the investment. I've had great luck with it. It will create a local honeypot on all agent-servers and use that to create safe and black lists for all other servers. It's really an awesome service. Give it a try. They have a free trial.

Yes, every 1 or 2 month i scan my website.
i use, nessus, burpsuite and nikto to scanning web vulnerabilites, and for my vps i use maldet (Malware Detector) for scanning script / application, if use shared hosting i can scanning with Clamav for unknow script / backdoor / malwarescript.