Jump to content
[MUST READ] Forum Rules ×
Important message for newcomers!

User51

Senior Members
 View Profile  See their activity

  • Posts

    131

  • Joined

  • Last visited

 Content Type 

Posts posted by User51

    Web Images

    in General Web Design Communtiy discussion

    Posted

    Nice !

    --

    I also recommend Flaticon.com for vector icons, and Pexels.com for stock images.

    Here are some good datacenter images from Pexels:

    And some "coding" ones:

    Additionally, Unsplash and Freepik is also a good source.

    These are all free, but Freepik and Flaticon require attribution.

    MOFHY Lite || MOFHY Feature Request

    in MyOwnFreeHost Feature Request

    Posted

    54 minutes ago, PlanetCloud said:

    If you still don't see the problem, it's the shortness of the string (8 characters only) which can easily be brute forced.

    This I'm aware of, which is why I personally set the length to 30.

    56 minutes ago, PlanetCloud said:

    shuffled using non-cryptographically secure [2] function

    Ah. That's the major problem I wasn't aware of.

    So, let's say that you actually did have a fully random generator. And you had more than 8 characters. This would be more secure, right?

    54 minutes ago, PlanetCloud said:

    Also in reference 2, you can see a solution to the problem (though only partial solution, as the full solution is mentioned below):

    Yes I agree that having an expiring token is a much better idea. I'll wait until a stable release with this is implemented, I'd rather not go messing with the code and the database for now in case a change is actually made.

    For now, after making it fully random and making it much longer, this should provide a more-secure alternative to what we previously had (although it is still not a perfect system). This is also fairly easy to implement and remove later, so I don't see any drawbacks to doing this for now.

    --

    Anyway, thanks alot for the support! My apologies if these questions are stupid, still new(ish) to PHP.

    --

    Also, thanks to @Shen Weiand everyone else who helped with the client area, for actually developing an open source client area. I've seen some older posts from InfinityFree, who mentions he/she/they would not give away their client area,  as it's their main competitive edge (and I fully understand this.) Shen Wei did this anyway, and made it open souce. Respect for that.

    --

    Also (again) how come the original topics for Hustal and Mophy-Lite were removed by moderators? I didnt see anything wrong with them.

    MOFHY Lite || MOFHY Feature Request

    in MyOwnFreeHost Feature Request

    Posted

    On 1/21/2022 at 2:51 AM, PlanetCloud said:

    Not much needed to be changed but this is also a bad idea. Using a fixed/same string/token as a "remember me" token is a super duper bad idea because not only is the string short, it is fixed. That means unchanging for a long time (or even forever) and brute force can still be performed.

    Correct me if I am wrong (and I probably am), but what would be the difference between brute forcing this and brute forcing a password?

    Anyone Know How To Make Wordpress Free Reseller Hosting

    in MyOwnFreeHost General

    Posted

    2 hours ago, jamesblack said:

    I already install my reseller free hosting website with wordpress

    While you can use WordPress as a CMS, it's not recommended. It's best to just have a plain HTML/CSS website. MyOwnFreeHost offers some HTML templates at https://myownfreehost.net/templates.php (although they definitely aren't the greatest, and aren't mobile responsive.)

    2 hours ago, jamesblack said:

    but i confuse to how to make register page,

    If you just want to use the default registration system provided by IFastNet, you must have a page named register.php with this form: 

    <?PHP
// This is used to geneate a unique number for catchpa 
$id = md5(rand(6000,PHP_INT_MAX));
?>
<?
// This is used to constuct the cPanel login ur>ol
include('geturl.php');
?>
<form id="updatedetails" name="updatedetails" class="signup" method=post action="https://order.<?echo $yourdomain;?>/register2.php">
  <table>
    <div class="form-group">
      <tr><th>Username<td><input class="form-control" type=text name=username size=30 value=""  maxlength="16" onkeyup="return ismaxlength(this)"><td>
    </div>

      <div class="form-group">
        <tr><th>Password<td><input class="form-control" type=password name=password size=30 maxlength="8" onkeyup="return ismaxlength(this)"><td>
      </div>

        <div class="form-group">
          <tr><th>Email Address<td><input class="form-control" type=text name=email size=30 value=""></td></tr>
        </div>

        <div class="form-group">
          <tr><th>Site Category<td><select  class="form-control" size="1" name="website_category">
            <option>Personal</option>
            <option>Business</option>
            <option>Hobby</option>
            <option>Forum</option>
            <option>Adult</option>
            <option>Dating</option>
            <option>Software / Download</option>
            </select>
            </td></tr>
        </div>

        <div class="form-group">
          <tr><th>Site Language<td>
            <select  class="form-control" size="1" name="website_language">
              <option>English</option>
              <option>Non-English</option>
            </select>
            </td></tr>
        </div>
        <input type=hidden name=id value="<?PHP echo $id; ?>">
        <tr><th>Security Code<td><div ><img width="250px" height="90px" src="https://order.<? echo "$yourdomain" ;?>/image.php?id=<?PHP echo $id; ?>"></div><td>
          <tr><th>Enter Security Code<td><input class="form-control" type=text name=number size=30><td>
            <tr><th colspan=2><button type="submit" class="btn btn-primary">Submit</button><td></tr>
        </table>
        </form>

    If you want to actually have a client area, than you can use MOPHY-lite, an open source client area by Shen Wei: https://github.com/NXTS-Developers/MOFHY-Lite/

    Install the script on a subdomain (such as clientarea.yourdomain.com) or a directory (cyourdomain.com/clientarea). Then, on your main website, have a button that links to the client area page.

    2 hours ago, jamesblack said:

    their data show up in my reseller dashboard panel

    It will show up after they sign up.

    2 hours ago, jamesblack said:

    Are there any script or anything i must add either in my wordpress dashboard or reseller panel dashboard?

    If you want a client area you can use MOPHY-Lite, as I mentioned above:  https://github.com/NXTS-Developers/MOFHY-Lite/ . This isn't a "WordPress script"  though.

    MOARC - An open source client management library

    in MyOwnFreeHost General

    Posted

    6 hours ago, BastelPichi2 said:

    et's Encrypt is a better SSL provider (in my eyes).

    You dont have to register for any Reseller Account, the Rate Limits are really good, and Let's Encrypt has been just arround for more years. Also more Provider Options are simply better.

    Aditionally, personally, I trust Let's Encrypt Certificates more.

    This was probably a typo, you can use LE on subdomains, see in the main chat.

    Checked it, thank you for the response!

    8 hours ago, User51 said:

    Also once Let's Encrypt is added are you planning on removing the GoGetSSL? (Hopefully not)

    This question still stands.

    Powered by ByetHost/iFastNet Badge

    in MyOwnFreeHost Advertising Techniques & Recommendations

    Posted

    2 minutes ago, Dimitris said:

    Ive put them all in a page and added some few more as well. It's easy to download them as well

    https://thfhost.ml/ifastnet 

    Check it out and let me know ;) 

    Really like the subtle shading behind the "Powered by" and "IFastNet'.

    Also like how you bordered the "Powered by VistaPanel" icons. Although the hosting isn't exactly powered by it, it's more of just the control panel used. Doesn't matter!

    A little feedback on the Byet badge, it kind of looks like it says "Byet Powered by Internet services". I would honestly just get rid of "Internet Services and have a more square badge, with just the "Byet" logo and "Powered by" above it.

    Regardless, these are awesome badges!

    Powered by ByetHost/iFastNet Badge

    in MyOwnFreeHost Advertising Techniques & Recommendations

    Posted

    33 minutes ago, TinkerMan said:

    It is weird. I think "iFastNet" is the correct spelling though. I think.

    Yeah maybe. The copyright on their website shows IFastNet, so I'm just assuming it's actually spelt like that and styalized as iFastNet (like iPhone) in the logo. Either way iFastNet can't spell their name right!

    3 hours ago, Dimitris said:

    Also I believe the ifastnet logo font is open sans

    Thank you! Also congratulations on getting back your .ml domain, I'd recommend getting a free subdomain from FreeDNS (us.to) or eu.org. Its not the same as a real TLD, but better than what Freenom does with their domans.

    3 hours ago, Dimitris said:

    I'll try to generate one with the colors you mentioned as well as a byet one tomorrow. 

    Looking forward! :)

    Powered by ByetHost/iFastNet Badge

    in MyOwnFreeHost Advertising Techniques & Recommendations

    Posted

    Haven't seen these yet but good job @TinkerMan and @Dimitris! Looking good!

    I think that a badge with "powered by" in green and "IFastNet" in orange would look nice, as these are iFastNet's primary colors.

    Also if you are planning on having "Powered By ByetHost" I'd recommend using the Byet logo:

    Byethost Free Hosting

    ---

    On a side note, does anyone know what font the iFastNet logo is?

    Also how do you actually spell "iFastNet" ?? I see it spelt differently all over IFastNet's website... iFastNet, I FastNet, IFastNet, IFastnet...

    MOFHY Lite || MOFHY Feature Request

    in MyOwnFreeHost Feature Request

    Posted · Edited by User51

    6 hours ago, Shen Wei said:

    Issue fixed according to your guidelines

    Good to here.

    I noticed the having was changed from SHA-1 to SHA-256 (which is a good thing!)

    However this means that if you already have clients that signed up with your MOPHY-lite, their password would no longer work, correct?

     

    5 hours ago, PlanetCloud said:

    Just in case it is missed, I've filed another issue on the original repository:
    https://github.com/NXTS-Developers/MOFHY-Lite/issues/60

    While the issue gets fixed, do you think it would be a good idea to use directory privacy to just prevent access to /admin in general?

    MOFHY Lite || MOFHY Feature Request

    in MyOwnFreeHost Feature Request

    Posted

    Currently, anyone can access anybody's account on MOPHY-lite by knowing the end-user's "hosting_client_key", which can be easily done by brute forcing numbers 0 through 999,999: https://github.com/NXTS-Developers/MOFHY-Lite/issues/53

    However, what if you change the code, so that when the end-user signs up, the "hosting_client_key" doesn't generate numbers 0 through 999,999, but instead uses a combination of numbers and letters? This makes it much harder to brute force.

    Or will doing this break something? (My apologies if this is the stupidest idea ever)

    While this is probably not the most ideal solution, it is at least a somewhat efficient way of dealing with the problem, until an actual fix is made.

     

    Alternative of Mofhy-Lite?

    in MyOwnFreeHost General

    Posted

    13 minutes ago, MeTooIDK said:

    MOFHY Lite Have Lot Of Security Issues Too

    Not anywhere near as bad as Hustal.

    13 minutes ago, MeTooIDK said:

    Project Logged v3

    That's a pretty good choice, unfortunately it isn't actually a client area it's just an authentication template.

    --

    You could also purchase a license for WHMCS but it's expensive and some features don't work fully.

×
×
  • Create New...