![[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.](https://www.headshotdomain.net/files/coRpSE/cnopseal_X74-MEW1.png "[HSX] HeadShot Xtreme is officially recognized by the Central Outpost as a genuine gaming organization.")
Search found 1445 matches
Author
Message
Topic: Evo Shout Released
Forum: PC & Codeing Talk Posted: Mon Dec 16, 2024 6:52 pm Subject: Evo Shout Released
Well, it finally happened, we have a new shout box. This has been requested for years now and finally it is here. Currently, this will only work if you are running the current version of Evo Xtreme 2.0.10. You MUST also have the 2 security add-ons onto your site:
( These updates will be added in the future update of Xtreme. )
Once those are installed, you should be good to go to install the module. Here is a rundown of the features of this system.
You can download it here:
Special thanks to
,
, and
for testing the module, providing feedback/suggestions.
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
( These updates will be added in the future update of Xtreme. )
Once those are installed, you should be good to go to install the module. Here is a rundown of the features of this system.
- Responsive: I designed this using GRID, so it should adjust to if you're on mobile or not, but I also made it so depending on if you use it as a side block or a center, it should adjust. Just note, it's better as a center block and is also pending if your theme is responsive as well.
- Username Color -Â This allows you to choose whether the system will use the username color or not.
- User Avatar - This allows you to allow for the avatar to show on the left next to their name.
- Allow Clickable URLs - Just as the name says, if they put a http/https or a
and this is set to no, then it will block those. It will still let them do like youtube.com since it wont be a clickable URL.Please login to see this link
Get registered or Log in - Shout Display Limit - This is how many shouts are allowed to be shown in the block. Default is 50.
- Anti Spam - This is a shout delay that allows someone to post, then have to wait X time before they can post again. Default is 5 second.
- Posted Message - Similar to the pinned messages of the past, this is a message that will show up in a different box above the shout message box for all to see. It's useful as a place to say, "No Support In Shout Please".
- Emojis - Instead of using the OG smilies of the past, I decided to sue something that is a standard across all platforms, and isn't a plugin. It's easy to add more and are all in the help file of the module.
You can download it here:
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
Special thanks to
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
Topic: Cookie Theft Threat
Forum: News Posted: Thu Nov 14, 2024 7:21 pm Subject: Re: Cookie Theft Threat
n/p. With the holidays coming up, this is a threat that people do need to be made aware of.
Topic: Mentions Mod Update, v1.0.1
Forum: PC & Codeing Talk Posted: Thu Nov 14, 2024 7:20 pm Subject: Re: Mentions Mod Update, v1.0.1
It's already installed in 2.0.10. To use, just go into the forums and type a @ symbol, and then put the username that you want to mention.
Forum: PC & Codeing Talk Posted: Thu Nov 14, 2024 7:19 pm Subject: Re: Website test/security script - [ Python ]
No, this script will not be ported to a .bat file. The best I can do is have it run on my server and put an input for you guys to enter the URL of the site you want to test. I more and likely won't be doing that as it is a pain to get it working, I know, I already tried and got it working this evening before deleting it. I removed it for I would need to rewrite the python script a bit, and after thinking about it, I don't want to open up a potential way for someone to exploit it and lag my server down since the script is quite extensive. Where it's at is probably where I will leave it as just an OS Python script anyone can download and use, but, if you like me to scan your site for you, I can do that and send you the output of the script. After you fix the areas that are mentioned, I can rescan for you. But that is up to you. I just buttoned up a lot of spots on my site, and I have sent Lonestar the changes I have done so he can put them into the next update.
Topic: Website Changes
Forum: WebSite Changes Posted: Thu Nov 07, 2024 6:44 am Subject: Re: Website Changes
I have done another update on the site here, which includes securing up the cookies. By doing the changes, there are some risk of some issues, so, if anyone runs into any issues with not being to download something, or something acts wonky, not staying logged in, not being able to log in, or anything, let me know. If everything goes well, I will be sending the changes to Lonestar for addition into the next release of the CMS.
Topic: Cookie Theft Threat
Forum: News Posted: Tue Nov 05, 2024 11:54 pm Subject: Re: Cookie Theft Threat
A few hours after posting this, Scammer Payback released a video that talks about some of what I wrote about. You should really watch it.
Topic: Cookie Theft Threat
Forum: News Posted: Tue Nov 05, 2024 5:19 pm Subject: Cookie Theft Threat
FBI Warns: Cybercriminals Can Bypass MFA Using Cookie Theft
The FBI recently warned that cybercriminals are getting into email accounts—even if they’re protected by multifactor authentication (MFA). These attacks usually start when people are tricked into clicking on suspicious links or visiting unsafe websites, which download malware onto their devices.
The key to these attacks is cookie theft. Not the usual tracking cookies, but session cookies—the ones that keep you logged into sites without needing to enter your password every time. If hackers get ahold of these “Remember Me” cookies, they can log into accounts without needing your username, password, or MFA.
This issue affects all major email platforms like Gmail, Outlook, and Yahoo, but it also impacts other types of accounts, including shopping and financial sites. Though financial accounts often have extra protections, it’s still a serious threat.
The FBI suggests a few ways to protect yourself:
- Clear your browser cookies regularly to remove stored login info.
- Avoid the “Remember Me” option when logging into sensitive accounts.
- Be careful with links and sites—use only secure (https) sites to protect your data.
- Check your recent device login history to spot anything suspicious.
If you think your account may have been compromised, report it to the FBI’s Internet Crime Complaint Center at
| Please login to see this link Get registered or Log in |
Why MFA Still Matters
Even though cookie theft can bypass MFA, it’s still important to set up MFA on all accounts that offer it. MFA remains a powerful tool to protect against account hacks, especially when you’re cautious about what you download and click.
Amazon recently added MFA to its business email service—years after it became common elsewhere. The delay shows that security basics like MFA can take time to catch on, even for big companies.
While all MFA is helpful, some options are better than others. For example, passkeys—credentials linked directly to your device—are among the best. They make it nearly impossible for hackers to access your account without physical access to your device.
Good news: awareness of passkeys has grown. According to the FIDO Alliance, more people are now using passkeys, and this trend is making the internet safer. And soon, new standards may make passkeys even more accessible for businesses, giving them a way to move away from traditional passwords altogether.
By following the FBI’s advice and using MFA, you can make your online accounts much harder to hack.
I personally like to put in my own suggestions away from what the FBI says and what was posted on Forbes. When it comes to text messages, chats on programs like Skpe and Discord, and especially emails, when someone posts a link to you for you to click, I don't care if it's your sister, uncle, brother, best friend, who every it may be, be weary of the URL. You never know if they have been compramise, spoofed, or fell for it them selves and is expanding it. On my phone and tablets, I don't follow links at all. Unfortuently, there is no way to verify the links to know that they arent sending you a link that visually looks like it's going to site A, but instead, when you click on it, it brings you to site B. For example:
This link looks like it will send you to My site, but reality, it brings you to the Evo Xtreme CMS site:
| Please login to see this link Get registered or Log in |
I did that with bb code, and its just as easy to do with HTML. So, if you are on a PC, before clicking a link, mouse over it and look at the lower left of your screen, it should show you the actual URL of where it is going to bring you. I can't stress that enough, and these scams happen all the time. I get maybe 30 a week between emails, messages on Discord, Skype, and even text/phone messages. Now, you may think, I already know this, I don't fall for these. Well, everyone is human and all it takes is one slip. Even Linus, owner of LTT fell for it. Here is a large tech tuber that knows better, but the right situation happened and because of events going on, cause him to slip. Here are a couple of videos on it if you feel like watching.
Linus & Luke Talk about it: Wan Show:
| Please login to see this link Get registered or Log in |
John Hammond Breakdown:
| Please login to see this link Get registered or Log in |
With the holidays approaching and online threats on the rise, it’s crucial to stay aware and protect yourself.
Just yesterday, I had an interesting chat while waiting at the doctor’s office. I noticed a woman logging into her banking app on the public Wi-Fi and gently mentioned that, for security, it’s best to avoid doing that. We got into a discussion about how easy it can be for someone to monitor public networks and intercept sensitive information. I told her that public Wi-Fi is fine for casual browsing or watching videos, but when it comes to logging into secure accounts or entering passwords, it’s much safer to switch to mobile data.
As we talked, another patient and his daughter joined in. The daughter mentioned her computer science teacher warns about this exact issue, too. They were both grateful, realizing they had been taking risks without even knowing it. We ended up going into the various ways that are common for attacks and what to watch out for. I remember a few years ago, the scam callers were calling saying they were from Microsoft and my account had some issues. I like messing with them telling them that its amazing that Microsoft was calling me, and I felt so special that they would call me to tell me that I have a critical issue with my Linux distro and were they willing to help me resolve the issue that isn't even with thier OS. (Just a FYI, I don't use Linux ATM, just Windows 10, for now. Some times they would try to play it off, other times they just hung up. The last 2 weeks, I have had maybe 10 call from "Medicare", calling me to tell me that I have an issue on my account. First, they didn't know who I was, never asked for anyone. Those people I just call a pathetic scammer that really needs to work on their storie before calling. There is more I say, but i don't want to type it for some of you may have a different opinion of me.
Unfortuently, it's a problem that doesn't have a simple solution, and with new tools like AI, it's just going to get harder to catch and combat.
Overall, protect your self and question everything.
Sources:
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
Topic: Website Changes
Forum: WebSite Changes Posted: Thu Oct 31, 2024 8:17 pm Subject: Website Changes
Today, I have started doing some more security upgrades to my site, and because of that, some of you may experince some errors. If you do, contact me through Discord and I will try to help you. If you experince any bugs and you are un able to login here, then defently contact me on Discord.
What have I been up to?
I have been developing a CSRF Token system that will add additional security layer to Evo.
What is that?
In laymans terms, imagine you have a website without CSRF protection, if a malicious site tricks a visitor into clicking a link while they’re logged into your site, it could trigger actions, like changing account settings, without permission. CSRF tokens act as a secret code for each form, ensuring that any action taken is from your site and not an outside trick. This way, users actions on your gaming site are secure.
Since I have been working on the security python script, it opened my eyes that there are a bunch of small things that need to get done. I know Evo is still small, but, security is security and there are still people that use it, like me.
So, again, if you run into any problems, reach out to me and I will see what I can do. You can get the Discord information off the home page of the site here, our you can send me a PM on the Evo website.
What have I been up to?
I have been developing a CSRF Token system that will add additional security layer to Evo.
What is that?
In laymans terms, imagine you have a website without CSRF protection, if a malicious site tricks a visitor into clicking a link while they’re logged into your site, it could trigger actions, like changing account settings, without permission. CSRF tokens act as a secret code for each form, ensuring that any action taken is from your site and not an outside trick. This way, users actions on your gaming site are secure.
Since I have been working on the security python script, it opened my eyes that there are a bunch of small things that need to get done. I know Evo is still small, but, security is security and there are still people that use it, like me.
So, again, if you run into any problems, reach out to me and I will see what I can do. You can get the Discord information off the home page of the site here, our you can send me a PM on the Evo website.
Forum: PC & Codeing Talk Posted: Wed Oct 30, 2024 9:24 am Subject: Re: Website test/security script - [ Python ]
Okay, a bit of an update. in the last 2 days, I have put in a ton of work and improvements with the help of ChatGTP. It's actually interisting how many times it can be wrong, yet still, there are people that think its the answer to everything. I will make a seperate post on that in due time on my experinces with it thus far. Overall, I pluged in my code into ChatGTP, and asked it for some suggestions, and while arguing with it, I had a few ideas which ChatGTP actually was somewhat useful and I was able to make the script so much better in many ways. After that, I asked ChatGTP to write up a comprehensive rundown of my script, and below is what it had to say after anyalizing my code.
But first, a couple of notes if you decide to use the script.
ChatGTP Compreehensive Analysis:
This tool is a Comprehensive Site Auditor that helps identify vulnerabilities, improve performance, and ensure best practices are followed on your website. It is particularly beneficial for ongoing site maintenance and security monitoring, offering insights that can directly impact user experience, SEO, and protection from potential cyber threats.
Overview of Functions and Their Benefits
Additional Usability Features
Overall Benefits
Using this tool provides a comprehensive and proactive approach to site maintenance. It identifies weaknesses and suggests best practices to improve site security, accessibility, and performance. By running this script regularly, you can:
Overall, this script acts as an automated web audit, allowing you to maintain a high-quality site without manually checking each component. It saves time, offers insights based on actionable data, and helps keep your site in prime condition, ready to face both user expectations and potential security challenges.
Here are some key changes from the last version to this version. Last version, you had to open the file and edit in the URL of the site, then run the script. That is no longer the case, now to run it, open what ever terminal you are going to use, might it be PowerShell, Command Prompt, or using the terminal in VScode, what ever you use, Windows or Linux, it is as simple as just typing in this 1 command:
Of course, you don't need the
for it to work, but like I said in the notest from above, you must lead your URL with
or
I have updated the first post with the new file
If you find any bugs, please report it to me.
But first, a couple of notes if you decide to use the script.
- There are 2 sections where the script will pause asking you if you like to save a text file with information, suce as the list of images without alt tags, or a list of all render blocking resources. I did it like that for just ease of use.
- When inputing the URL, you must lead with
orPlease login to see this link
Get registered or Log inPlease login to see this link
Get registered or Log in
ChatGTP Compreehensive Analysis:
This tool is a Comprehensive Site Auditor that helps identify vulnerabilities, improve performance, and ensure best practices are followed on your website. It is particularly beneficial for ongoing site maintenance and security monitoring, offering insights that can directly impact user experience, SEO, and protection from potential cyber threats.
Overview of Functions and Their Benefits
- URL Validity Check:
Purpose: Validates that the target URL is correctly formatted and accessible.
Benefit: Ensures the script runs on valid URLs, minimizing errors. Prevents misconfigured or unreachable URLs from triggering further checks, saving time and resources. - DNS Security Check:
Purpose: Verifies DNS configurations for vulnerabilities or potential weaknesses.
Benefit: Identifies misconfigured DNS settings that could be exploited in DNS hijacking or other attacks. Regularly checking DNS settings strengthens the site's overall security posture. - Sessions Management Check:
Purpose: Ensures sessions are securely managed, including secure attributes like HttpOnly and Secure.
Benefit: Improves security for user data, reducing the risk of session hijacking. Essential for sites with login or user interaction, safeguarding against unauthorized access. - Rate Limiting Check:
Purpose: Detects whether rate limiting is in place to prevent abuse (e.g., brute-force login attempts).
Benefit: Protects your site from abuse and brute-force attacks by limiting repeated requests. Rate limiting is a crucial defense against automated attacks, helping maintain server performance and user security. - Page Structure Analysis:
Purpose: Checks the HTML structure for SEO and accessibility improvements, including:- Missing alt tags on images
- Presence of H1 tags
- Count of other headings (H2-H6)
- Oversized images that may slow down page load
Benefit: Improves accessibility and SEO. Ensures all images either have alt tags or are exempted (as per your preference for empty alt tags) and verifies page structure for better search engine optimization and user experience. - Missing alt tags on images
- Meta Tags Analysis:
Purpose: Checks for the presence of essential meta tags (title, description, etc.).
Benefit: Helps optimize for search engines by confirming proper use of meta descriptions, keywords, and other tags, which are vital for site indexing and relevance. - External Scripts Analysis:
Purpose: Reviews the usage of external scripts (JavaScript) on the site, including known vulnerabilities in libraries.
Benefit: Mitigates risks of loading outdated or vulnerable JavaScript libraries, which could expose your site to cross-site scripting (XSS) or other attacks. Helps maintain high-security standards by flagging outdated scripts. - SSL/TLS Version Check:
Purpose: Ensures that SSL/TLS protocols are up-to-date and secure.
Benefit: Reduces the risk of man-in-the-middle attacks by ensuring your site doesn’t support deprecated SSL/TLS versions. Essential for data integrity and user trust. - HTTP Methods Check:
Purpose: Verifies which HTTP methods are enabled and if any insecure ones are accessible.
Benefit: Minimizes risk by restricting access to dangerous HTTP methods (e.g., PUT, DELETE) that could enable attackers to upload or delete files maliciously. - Directory Listing Check:
Purpose: Checks for any unprotected directories that expose file listings.
Benefit: Prevents exposure of sensitive files and site structure, reducing the risk of targeted attacks. Securing directory listings is crucial for maintaining confidentiality and control over website content. - SQL Injection Test:
Purpose: Tests for potential SQL injection vulnerabilities in user input handling.
Benefit: Ensures database security by proactively identifying SQL injection risks, protecting sensitive information, and safeguarding user data. - Test Site Speed:
Purpose: Analyzes the site’s loading speed and identifies potential bottlenecks.
Benefit: Helps improve user experience and SEO by ensuring fast load times. A faster site enhances engagement and ranks better in search engine results, especially for mobile users. - Render-blocking Resource Test:
Purpose: The Render-Blocking Resource Check finds CSS and JavaScript files that delay page rendering.
Benefit: Helps you identify files to load asynchronously or defer for faster page speed. It provides optimization tips and can save a list of blocking resources for easy review in Site_Blocking_Resources.txt. - XSS (Cross-Site Scripting) Test:
Purpose: Checks for vulnerabilities where attackers could inject malicious scripts.
Benefit: Ensures safe interaction for users, especially in forms or areas where content may be dynamically displayed. XSS vulnerabilities can lead to data theft, unauthorized actions, and damaged user trust.
Additional Usability Features
- Suggestion Aggregation: Collects improvement suggestions at the end of the scan.
- Benefit: Provides a consolidated list of actionable recommendations, making it easy to address all identified issues systematically.
- Optional Image Alt Tag Report: Allows the user to generate a report on missing alt tags.
- Benefit: Simplifies accessibility improvements by identifying images needing alternative text, which benefits both SEO and visually impaired users.
- Automatic Cache Clearing: Clears the cache at the start, ensuring the most up-to-date site version is analyzed.
- Benefit: Prevents outdated data from affecting test results, ensuring accuracy and reliability in reporting.
Overall Benefits
Using this tool provides a comprehensive and proactive approach to site maintenance. It identifies weaknesses and suggests best practices to improve site security, accessibility, and performance. By running this script regularly, you can:
- Stay Ahead of Security Threats: By identifying vulnerabilities before they’re exploited.
- Enhance User Experience: Through faster load times, accessible design, and stable functionality.
- Boost SEO: By maintaining a site structure, content optimization, and speed that search engines favor.
- Ensure Legal and Compliance Standards: Like GDPR, ADA, etc., by securing user data and meeting accessibility standards.
Overall, this script acts as an automated web audit, allowing you to maintain a high-quality site without manually checking each component. It saves time, offers insights based on actionable data, and helps keep your site in prime condition, ready to face both user expectations and potential security challenges.
Here are some key changes from the last version to this version. Last version, you had to open the file and edit in the URL of the site, then run the script. That is no longer the case, now to run it, open what ever terminal you are going to use, might it be PowerShell, Command Prompt, or using the terminal in VScode, what ever you use, Windows or Linux, it is as simple as just typing in this 1 command:
Code: [ Select all ]
python siteChecker.py https://www.YourSite.comOf course, you don't need the
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
| Please login to see this link Get registered or Log in |
If you find any bugs, please report it to me.
Forum: PC & Codeing Talk Posted: Mon Oct 28, 2024 8:57 am Subject: Website test/security script - [ Python ]
::UPDATE::
Read the 2nd post for more information.
Hey everyone!
For those who know me, I like to experiment with different tech, and with some recent downtime waiting on other scripts, I decided to learn a bit of Python. Naturally, the first project I took on was building a script to test my website for potential improvements in security and performance.
I've been at it for a few weeks now, and the script has already helped me make significant changes, especially to my .htaccess file. These updates have not only enhanced security but also boosted site speed. (Though I might have gone a bit too aggressive on caching—ended up dialing it back due to my site’s dynamic nature!) Once I’ve reviewed my updated .htaccess file with Lonestar, I may even recommend it as a new standard since the current default could use some upgrades.
About the Script
If you're familiar with Python, feel free to give this script a try. I’ve included it as an attachment in this post, along with the list of required modules at the top. You’ll find the command line for each one, so setup should be smooth. There are only three modules required.
Here's an example of the output using Apple’s site on PowerShell terminal:
Security Features
The script includes a range of checks designed to help spot vulnerabilities and enhance site security:
For Non-Python Users
I know most of you might be unfamiliar with Python and may not want to install it just for this test. If that’s the case, feel free to send me a PM with a link to your site, and I’ll run the test for you. I’ll provide a text document of the output and add any improvement recommendations as needed. No charge for this as usual, although, if you want to buy me a beer in return, I certainly won’t refuse!
Notes
This isn’t a full tutorial on using the script. You’ll need to know the basics of Python to run it independently. As for me, I’m still learning too—just felt it was time for a change from batch files!
Let me know if you have any questions, and I hope some of you find it useful!
Read the 2nd post for more information.
Hey everyone!
For those who know me, I like to experiment with different tech, and with some recent downtime waiting on other scripts, I decided to learn a bit of Python. Naturally, the first project I took on was building a script to test my website for potential improvements in security and performance.
I've been at it for a few weeks now, and the script has already helped me make significant changes, especially to my .htaccess file. These updates have not only enhanced security but also boosted site speed. (Though I might have gone a bit too aggressive on caching—ended up dialing it back due to my site’s dynamic nature!) Once I’ve reviewed my updated .htaccess file with Lonestar, I may even recommend it as a new standard since the current default could use some upgrades.
About the Script
If you're familiar with Python, feel free to give this script a try. I’ve included it as an attachment in this post, along with the list of required modules at the top. You’ll find the command line for each one, so setup should be smooth. There are only three modules required.
Here's an example of the output using Apple’s site on PowerShell terminal:
Security Features
The script includes a range of checks designed to help spot vulnerabilities and enhance site security:
- Session Management: Identifies insecure cookies (e.g., missing HttpOnly or Secure flags) to help reduce the risk of XSS and session hijacking.
- CSRF Protection: Scans forms for anti-CSRF tokens to ensure forms aren’t vulnerable to cross-site request forgery attacks.
- DNS Security: Checks for crucial DNS records (SPF, DKIM, and DMARC) to prevent email spoofing and phishing.
- Application Layer Security: Looks for weaknesses in your application headers (e.g., Content Security Policy and X-Frame-Options) to prevent common attacks.
- Vulnerable JavaScript Libraries: Scans your site’s JavaScript dependencies for known vulnerabilities. (Not accurate, but informs you on what to look out for and manually check)
- Host Header Injection: Tests the site’s response to manipulated headers to ensure it’s protected from Host Header Injection attacks.
For Non-Python Users
I know most of you might be unfamiliar with Python and may not want to install it just for this test. If that’s the case, feel free to send me a PM with a link to your site, and I’ll run the test for you. I’ll provide a text document of the output and add any improvement recommendations as needed. No charge for this as usual, although, if you want to buy me a beer in return, I certainly won’t refuse!
Notes
This isn’t a full tutorial on using the script. You’ll need to know the basics of Python to run it independently. As for me, I’m still learning too—just felt it was time for a change from batch files!
Let me know if you have any questions, and I hope some of you find it useful!