Ya, looks like it's just disabled on the theme poster at the bottom right. Still funny cause you can go get it out of your cached files. Perhaps they should disable the server from pushing it?....they would never take advice from a greaespot though.
Ya, looks like it's just disabled on the theme poster at the bottom right. Still funny cause you can go get it out of your cached files. Perhaps they should disable the server from pushing it?....they would never take advice from a greaespot though.
To make matters worse for them they allow their site to display the server banner and it allows subdirectory indexes to show. If someone where to decide to hack their site this info would get em off to a good start.
To make matters worse for them they allow their site to display the server banner and it allows subdirectory indexes to show. If someone where to decide to hack their site this info would get em off to a good start.
To make matters worse for them they allow their site to display the server banner and it allows subdirectory indexes to show. If someone where to decide to hack their site this info would get em off to a good start.
Allowing your web server to index a directory of images -- especially ones you are so concerned about you prevent people from right-clicking on them -- is plain carelessness.
I've never been a fan of hiding the server banner though (try doing it with Microsoft's ISS -- unless they've changed it in the last few years). It only matters if you never upgrade it and the version you're running has a known vulnerability. As long as you keep up, nothing wrong with it.
Besides, it's not that much harder to figure out what type and version of software a web site is running without the banner anyways.
Allowing your web server to index a directory of images -- especially ones you are so concerned about you prevent people from right-clicking on them -- is plain carelessness.
when I set up a site the first thing I do is lock down directories. generally one (and specifically I) wouldn't want random people going through hosted files.
Allowing your web server to index a directory of images -- especially ones you are so concerned about you prevent people from right-clicking on them -- is plain carelessness.
I've never been a fan of hiding the server banner though (try doing it with Microsoft's ISS -- unless they've changed it in the last few years). It only matters if you never upgrade it and the version you're running has a known vulnerability. As long as you keep up, nothing wrong with it.
Besides, it's not that much harder to figure out what type and version of software a web site is running without the banner anyways.
I'm not a fan of security through obscurity. However, I do spoof my server banners using mod_security. If I am not using mod_security then I will at least not let the apache version show. I avoid Microsoft IIS at all costs. I have layers and layers of security on my servers, and I run several, of which preventing directory indexing is one of the least and most fundamental elements. They'll take it seriously when they get hacked. I wouldn't be surprised if they already are.
I looked at the code for the new site. It's basic html/css site. Runs on some type of php cms/engine. Probably licensed from a company and then scrubbed of all the authors credits. Looks to be custom built and whoever did it did a nice job at a cursory glance. Someone needs to kick the server admin in the rear for not locking it down.
Here's where they call the no_right_click javascript function:
Totally noobish to have that and only call it from one link and then allow the server to push files to the client's cache that you are trying to protect. Not to mention the more noobish mistake of allowing directory indexing where you can get the file that is protected by the no right click joke. And this is likely a result of typical TWI micro management by BOD, and Rozilla. This is what happens when people like Rozilla, who know so very little about fields like IT, approve in the minutest of detail what their computer services people do with the website. It would make more sense to direct policy to state that the server be secured and let skilled people do so. Maybe this brings up another obvious point and that is they don't have skilled people in this field and are too goofy to outsource it where proper penetrating testing can be done. So goofy.
when I set up a site the first thing I do is lock down directories. generally one (and specifically I) wouldn't want random people going through hosted files.
The overall layout is better than the last one. It at least has a reasonable visual template. The biggest faux paus is the domain name. Shouldn't they have way.com, way.org, way.info? They dragged their heels on technology so long they lost the opportunity to buy their own domain name.
way.com - a URL shortner (a website that actually provides a service)
way.org - a religous website that sells books and drama (competition to TWI)
way.info - looks to be registered by a German search engine company
The overall layout is better than the last one. It at least has a reasonable visual template. The biggest faux paus is the domain name. Shouldn't they have way.com, way.org, way.info? They dragged their heels on technology so long they lost the opportunity to buy their own domain name.
way.com - a URL shortner (a website that actually provides a service)
way.org - a religous website that sells books and drama (competition to TWI)
way.info - looks to be registered by a German search engine company
Well, ya they missed all those other domains and probably a few others. I've camped domain names before so that I could buy them as soon as they become available. I actually acquired a .com domain with my business name in it. Took a long time but one day it came up and I have it now. The BOD are totally ignorant of these matters and would not have the humility or the brains to listen to the people who do know at HQ. They should have all those domains and a few others redirecting to the main one. Dolts.
Guess they fancy themselves a faithful remnant and aren't too worried about growth. Consider all they have missed by not social networking, using youtube and others, having downloadable content of their teachings, etc. Yep, they fail to discern the times.
Recommended Posts
OldSkool
Here's what biblical research looks like according to TWI.
I always get a chuckle out of the "expert lecturing the un-instructed" photo shoots. The strained smile is just creepy.
Glad they disabled right click. I bet they wouldn't want someone copying stuff off their site.
Edited by OldSkoolLink to comment
Share on other sites
OldSkool
Allen home is in the background.
I they did internet outreach you wouldn't need some dumb program like way duhsciple.
Ok, I better stop now....lol!
Edited by OldSkoolLink to comment
Share on other sites
potato
yeah the site looks better... just like a whited sepulcher.
but my right-click is not disabled. if anyone wanted that image they could just go to http://theway.org/common/images/posters/en/themeposter_0910_sm_en.jpg and copy it.
I see google analytics is analyzing traffic, too.
Link to comment
Share on other sites
OldSkool
Ya, looks like it's just disabled on the theme poster at the bottom right. Still funny cause you can go get it out of your cached files. Perhaps they should disable the server from pushing it?....they would never take advice from a greaespot though.
Link to comment
Share on other sites
potato
yeah, it doesn't make much sense.
Link to comment
Share on other sites
OldSkool
http://theway.org/common/images/posters/en/
To make matters worse for them they allow their site to display the server banner and it allows subdirectory indexes to show. If someone where to decide to hack their site this info would get em off to a good start.
Link to comment
Share on other sites
potato
nice!
Link to comment
Share on other sites
GT
Allowing your web server to index a directory of images -- especially ones you are so concerned about you prevent people from right-clicking on them -- is plain carelessness.
I've never been a fan of hiding the server banner though (try doing it with Microsoft's ISS -- unless they've changed it in the last few years). It only matters if you never upgrade it and the version you're running has a known vulnerability. As long as you keep up, nothing wrong with it.
Besides, it's not that much harder to figure out what type and version of software a web site is running without the banner anyways.
Link to comment
Share on other sites
potato
when I set up a site the first thing I do is lock down directories. generally one (and specifically I) wouldn't want random people going through hosted files.
Edited by potatoLink to comment
Share on other sites
OldSkool
I'm not a fan of security through obscurity. However, I do spoof my server banners using mod_security. If I am not using mod_security then I will at least not let the apache version show. I avoid Microsoft IIS at all costs. I have layers and layers of security on my servers, and I run several, of which preventing directory indexing is one of the least and most fundamental elements. They'll take it seriously when they get hacked. I wouldn't be surprised if they already are.
I looked at the code for the new site. It's basic html/css site. Runs on some type of php cms/engine. Probably licensed from a company and then scrubbed of all the authors credits. Looks to be custom built and whoever did it did a nice job at a cursory glance. Someone needs to kick the server admin in the rear for not locking it down.
Here's where they call the no_right_click javascript function:
<p class="f-lp"><a href="http://www.theway.org/topic.php?page=yeartheme&lang=en"><img ID="poster" src="http://www.theway.org/common/images/posters/en/themeposter_0910_sm_en.jpg" border="0" width="199" height="251" alt="" title="Our Yearly Theme" style="float:left" oncontextmenu="return norightclick();" /></a>Â </p>
</div>
Totally noobish to have that and only call it from one link and then allow the server to push files to the client's cache that you are trying to protect. Not to mention the more noobish mistake of allowing directory indexing where you can get the file that is protected by the no right click joke. And this is likely a result of typical TWI micro management by BOD, and Rozilla. This is what happens when people like Rozilla, who know so very little about fields like IT, approve in the minutest of detail what their computer services people do with the website. It would make more sense to direct policy to state that the server be secured and let skilled people do so. Maybe this brings up another obvious point and that is they don't have skilled people in this field and are too goofy to outsource it where proper penetrating testing can be done. So goofy.
yep, they're noobs alright.
Edited by OldSkoolLink to comment
Share on other sites
chockfull
The overall layout is better than the last one. It at least has a reasonable visual template. The biggest faux paus is the domain name. Shouldn't they have way.com, way.org, way.info? They dragged their heels on technology so long they lost the opportunity to buy their own domain name.
way.com - a URL shortner (a website that actually provides a service)
way.org - a religous website that sells books and drama (competition to TWI)
way.info - looks to be registered by a German search engine company
Link to comment
Share on other sites
OldSkool
Well, ya they missed all those other domains and probably a few others. I've camped domain names before so that I could buy them as soon as they become available. I actually acquired a .com domain with my business name in it. Took a long time but one day it came up and I have it now. The BOD are totally ignorant of these matters and would not have the humility or the brains to listen to the people who do know at HQ. They should have all those domains and a few others redirecting to the main one. Dolts.
Guess they fancy themselves a faithful remnant and aren't too worried about growth. Consider all they have missed by not social networking, using youtube and others, having downloadable content of their teachings, etc. Yep, they fail to discern the times.
Link to comment
Share on other sites
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.