Take a look at my site ( http://www.btdb.org)

Its still very much in development. But i've been working on it off and on for about 6 months.

http://www.btdb.org


On a sidenote, i find it humorous that an ASP message board is written in PHP.

It's more than just an ASP message board and I find it humorous to have been able to hack into your Admin side in less than 10 seconds.

well you're kind of an ***. i wasnt trying to make a rude comment. thanks for the suggestions for improvements.

I wasn't trying to be rude, I was just being sarcastic.
If you would like any details on how I hacked it let me know.

ok. just clarifying.

yes, i would love to know. you can email me at nmajdan@yahoo.com. this is my first real asp site. i'm sure there are a lot of vulnerabilities. but thanks for the help.

how do i make my admin page more secure?

• Sanitive form data input (prevents SQL injection, which is probably how Memnoch owned your application)
• Protect "admin" or private directories at file-system level, then server level, finally, appliction level (In a WISA system, that's NTFS Perms, IIS Secs, and ASP Authentication respectivly)
• Never link to an "admin" page or section from a publicly available page
• Never call the admin backend directory or files something like "admin", name it something less obvious or a string of random characters
• And stuff

Just google for "hardening web applications"

ok, thanks i'll google it. i dont quite understand those first two yet, but i'll look it up. the last two i've thought about before, and i will probably do that. i'll take the admin link off my site and rename the admin.asp file something more similar to what i would a password. thanks.

In addition to that, why not take off the admin login to your site from your user pages.
Just create another page in which only you the Web master knows the Admin login is.
I really think that by adding an admin page where it's visible, ppl are going to try and hack it.
My admin pages are totally separated from where the content is, furthermore, it is good practice not to call it admin, make up some name that you will remember like was.asp short for web admin side.asp
You get the idea
HTH

The first thing I notice is that my javascript debugger yells at me for a syntax error in line 5 character 1. Looking at your source, I didn't see any javascript or include files that early in the page, so I don't know where that's comming from.

The color scheme is hard on my eyes (but then, I'm a bit older than your likely target audience at 34.)

yeah, there is not javascript in my code except for the the bit of code at the bottom that is supposed to be for traffic tracking, but doesnt work.

i've been torn on the coloring scheme, and it looks better on some monitors then others so that may be something i have to look at in the future.

thanks to those of you who hacked my site, broadcasted it, and didnt bother advising me on how to correct my inadequacies.

Yeah, I am using a laptop. It would look better on a crt.

Ok. I tried some stuff as far as admin access goes. Is it any better now?

i'm hoping so by the lack of responses.