Let's see if I can explain this to you.
Fail 1) The very old SSl certificate. Looks like it came with XAMPP. As you seem incapable of grasping the basics, anyone with a copy of XAMPP also has a copy of your SSL certificate, and the private key needed to decode the traffic.
In simple terms, this means that your "extreme security" is actually no better than plain text over HTTP. Anyone in the world can decrypt your SSL traffic.
That certificate works fine if it's for testing on localhost (which is who it is issued to), but it is not supposed to be used on the wider internet.
Fail 2) Having written a patch designed to quickly plug XSS holes for tbdev, I think I would know if it was applied. You site will accept XSS attacks in at least 2 places, meaning I can steal cookies from your members.
Fail 3) Having also written a patch to quickly protect against stolen cookies, I can say that you haven't applied it.
Without protection from stolen cookies, I can then access their accounts.
Fail 4) Having further written patches to require the current password on email or password changes, guess what your site is lacking.
So after an attacker steals the cookies from your users, there is nothing to stop him changing their email and password, locking them out permanently.
Fail 5) Having also written a patch to stop users faking their connection IPs completely and easily, I can again say that this is not in place.
As long as I can tell your site that I am actually connecting from the whitehouse, good luck finding out who is attacking you and stealing the accounts of your users. You also cannot block their proxies, as they don't need to use any.
Fixing this is a requirement if you want to fix stolen cookies.
This isn't even touching on what can be done once an attacker steals an admin or sysop account.
If you cannot understand any of the above, then you have no business at all talking about security, let alone claiming to be totally secure.
If you cannot apply security patches to a basic source, you have no business claiming to have written your own custom code. We all know it's tbdev, applying a few patches does not a coder make.
Bookmarks