Categories
Hosting

Create Free Websites Using Your Dropbox Account

Owning a website is the norm nowadays. Whether to showcase yourself or your product, most people seem to have a reason (or more!) to own one. However, not many are willing to pay for this service.

If you are among this category of penny pinchers, you are in luck. I know just what you need – Dropbox! Dropbox is a file hosting service that offers cloud storage, file synchronization, and client software. Dropbox allows users to create a special folder on each of their computers, which Dropbox then synchronises so that it appears to be the same folder (with the same contents) regardless of the computer it is viewed on. Files placed in this folder are also accessible through a website and mobile phone applications.

site44Dropbox offers 2GB of this space free for everyone that signs on. In conjunction with site44.com, you have more than enough space needed for a website.

Follow the steps below and you will have your website running in a few minutes. It is simple:

  • Create a new Dropbox account or use an existing one.
  • Go to site44.com. Then click Sign in with Dropbox to get started
  • Click Allow to allow site44 to connect with your Dropbox account
  • You will be taken to a page on site44 where you can create your site
  • You have a choice of using a free site44 sub domain name for your website in the form artwales.site44.com or you can use your own domain name.
  • A new folder for your site will automatically be created in your Dropbox account.
  • You can modify the content of the folder to make changes to your site or you can upload website pages or templates to it.

Limitations

  • It is great for hosting small websites with static content like an online resume site, but it lacks several desirable features. It does not support any server side code like Java or PHP.
  • No, you can not host a blog on it.
  • The free package, unfortunately, is very limited in features – Maximum data transfer of 100MB in a month.
  • Premium packages are not competitively priced, you will be better off hosting your sites with a regular web host.

Free users can create up to 5, low-traffic pages in this site. Site44.com  is definitely not a replacement for fully equipped web hosting service, but for starters who don’t need all those features  and you use Dropbox anyway, then this is a good option. Do check it out!

Categories
Hack

TimThumb – Hacker’s Delight

While no website on the Internet can be deemed 100% safe from hackers, lately, sites based on the WordPress platform have received more than their fare share of such intrusions. WordPress is the most widely adopted Content Management platform, with millions of blogs and websites based on this platform. The relative ease of setup and administration has made the platform quite popular. This is also probably the reason why it is attractive to malicious or opportunist attackers because of the large “target market” available.

Most people think that it is when your website is defaced that your site has been hacked. Far from it. Hackers have varied intents and purposes for hacking sites. Some are just plain malicious. Most script kiddies fall into this class. Script kiddies are largely unskilled hackers testing out information or tools gleaned from the Internet with no real skills on how things work. However, most do it for financial gains, with malicious intents, activism, curiosity or just plain fun!

Usually, these hackers try to exploit loop-holes in the software coding of the wordpress platform, usually, to gain administrative access to the site and unleash whatever their malicious intents may be. Over the years, wordpress has improved significantly on making the platform very secure. However, the same can not be said of third party softwares, called plugins, that is a necessary addon to these websites.

One such script is TimThumb.

TimThumb is a PHP script used for cropping, zooming and dynamically resizing images on websites. While TimThumb can be used on any website, it is ideal for blogs and other websites who use templates and themes (self hosted WordPress blogs, for example). Using TimThumb, you can dynamically fetch a cached copy of an image and proportionally resize it to fit in your blog template. Thumbnails, profile picture of users and signature images are typical examples where TimThumb script is used. Whilst TimThumb has found a home in WordPress themes, it is by no means limited to them – TimThumb can be used on any website to resize almost any image.

TimThumb is usually embedded in most premium themes or plugins. There are a lot of parameters which can be used with TimThumb, it depends on the requirements of your website and how you want to scale internal as well as external images.

Once your script is in place, it will continue to work in the background and store a copy of your images in the cache folder. So if you are scaling a really large image to, say, 100 X 100 using TimThumb, an exact match copy of the image will be saved in the cache folder. This image will be shown to your website visitors.

And here is how the TimThumb vulnerability goes to work.

Since the cache directory is public and is accessible to anyone visiting the website, an attacker can compromise your site by figuring out a way to get TimThumb to fetch a PHP file and put that file in the same directory. Now since the cache directory is preconfigured to execute any file ending with a .PHP extension, you are trapped.

So how do I know if I’m at risk?

Almost everyone using the TimThumb library that downloaded it before August 1, 2011 is likely at risk. If you are not sure if you are using TimThumb, the easiest way to check is to look through your theme folders for a file called timthumb.php or thumb.php. This can be done using an FTP program or the file browser in your CPanel. You may also use the Timthumb Vulnerability Scanner plugin.

Thankfully, there is a fix.

You may delete all instances of timthumb.php in your theme. Deleting the TimThumb script may break certain themes, or at least affect how they manage and display images. But if you need the TimThumb script running on your site, upgrade to the latest version. However, if you find some merit in the many discussions about the safety – or lack thereof – of allowing any scripts on your server to access data from third party sites, then delete the file.

[facebooksimplelike]