1. Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.
    Dismiss Notice

GoDaddy, WordPress, GoCentral web Builder? What to use for WebSite?

Discussion in 'Product & Service Reviews' started by ronsimpson, Feb 11, 2018.

  1. ronsimpson

    ronsimpson Well-Known Member Most Helpful Member

    Joined:
    Apr 17, 2007
    Messages:
    8,032
    Likes:
    1,095
    Location:
    Loveland, CO USA
    ONLINE
    Years ago I made a website on GoDaddy using WordPress.
    Then there was are security problems where anyone could make changes and add programs to my website. GoDaddy.com had no solutions.
    I payed money to another company that remake the website and posted it some where different. For BIG MONEY they watch for changes every day.

    I am retrying GoDaddy. I tried "GoCentral" web builder but; I can not change font size. If in a year they will not fix some thing as simple as that, then don't use GoCentral web builder.

    Has WordPress fixed security problems? (in the last year) Does any one here use WordPress?
    I am looking for advice on where to host and what program to use.
     
  2. Cicero

    Cicero Active Member

    Joined:
    Nov 21, 2014
    Messages:
    425
    Likes:
    42
    Location:
    UK
    How many years ago?

    Things have progressed quite rapidly, and security is a high priority these days.
     
  3. ronsimpson

    ronsimpson Well-Known Member Most Helpful Member

    Joined:
    Apr 17, 2007
    Messages:
    8,032
    Likes:
    1,095
    Location:
    Loveland, CO USA
    ONLINE
    Six month ago I gave up and now pay $50/month to have some one watch for changes.
    So maybe 1.5 years ago it was getting hacked weekly.
    Word press said you must update to a new version every time there is a update. No delay!
    Godaddy.com has a price + price for SSL + $15/month to stop hacks + $250/year to fix hacks. (maybe the $50/month is not so bad)

    Several WordPress hosting sights don't have a "stop hacks" priced. So maybe now these is not a problem.
    GoDaddy has "$5/month" price "no one gets hacked now" but just before you hand over the credit card they strongly urge you to pay $16/month for "hack prevention". I don't know if I can trust them.

    If you don't have a problem then maybe I should give it another try.
     
  4. dave miyares

    Dave New Member

    Joined:
    Jan 12, 1997
    Messages:
    2
    Likes:
    -10


     
  5. unclejed613

    unclejed613 Well-Known Member

    Joined:
    Apr 3, 2009
    Messages:
    2,287
    Likes:
    157
    i recently helped a friend get their website up and running on their own raspberry pi as a server. i forget off the top of my head whether they bought their domain from godaddy or hostzilla, but after setting up an apache server, and blog software (nanoblogger) all it took was to use the dynamic dns service provided by the registrar (godaddy does have this service). the way it works, is you get an API key from godaddy, and you use a cron script on the web server to periodically update the DNS record. if you are like most people, your ISP changes your ip address occasionally, and the godaddy script updates your domain name to point to your ip. you can use whatever software you want on your server, but wordpress runs PHP scripts, and lots of nasty things like code injection in the url can ruin your day. an example of this would be putting the following after the question mark in a php url ";rm -rf . " which would delete everything on your web page. that's why i helped my friend set up nanoblogger. there is no executable code, because php is not being used. nanoblogger uses bash scripts to assemble the web page, and those scripts can't be run from a browser. if you really like wordpress, you can install that, but make sure you plug all of the security holes before putting the website up live. ip address scanning is so intense these days, that it takes about 10 seconds between putting a server up on the internet, and getting hit by exploit attempts.
     
  6. Cicero

    Cicero Active Member

    Joined:
    Nov 21, 2014
    Messages:
    425
    Likes:
    42
    Location:
    UK
    Wow that is nuts. I didn't really realise it was that bad. I have 3 websites, random **** really, but none of them have had any issues.
     
  7. ronsimpson

    ronsimpson Well-Known Member Most Helpful Member

    Joined:
    Apr 17, 2007
    Messages:
    8,032
    Likes:
    1,095
    Location:
    Loveland, CO USA
    ONLINE
    WordPress??
    I have a non WordPress sight that has not been hacked on years (decades).
     
  8. dave miyares

    Dave New Member

    Joined:
    Jan 12, 1997
    Messages:
    2
    Likes:
    -10


     
  9. unclejed613

    unclejed613 Well-Known Member

    Joined:
    Apr 3, 2009
    Messages:
    2,287
    Likes:
    157
    you can still put JS code on a website that doesn't use PHP, because JS executes in the browser, not on the server. if you want some examples of how PHP can do bad things to your server, go through some of the tutorials on hackthissite.com. i learned a lot about website security that way. they don't just teach the exploits, they teach the countermeasures as well. quite often (and this is true of wordpress) you have PHP code interfacing with an SQL server. you can ruin somebody's day if you issue SQL commands through the browser. if the website owner doesn't keep backups, then injecting a DROP_TABLE command can erase a database. of course there are fixes for that kind of thing, but some people still get in a hurry to meet a deadline, and forget to lock down PHP and SQL functions.
     
  10. Cicero

    Cicero Active Member

    Joined:
    Nov 21, 2014
    Messages:
    425
    Likes:
    42
    Location:
    UK
    Ah no, my current 3 aren't Wordpress I must admit.

    I've had one Wordpress site that was never hacked, but I stopped it years ago.
     
  11. ronsimpson

    ronsimpson Well-Known Member Most Helpful Member

    Joined:
    Apr 17, 2007
    Messages:
    8,032
    Likes:
    1,095
    Location:
    Loveland, CO USA
    ONLINE
    GoDaddy, today, told me that I have malware again.
    I moved to another host company and am just storing the old files with GoDaddy. (we paid for a year and am not using it)
    I don't even know how to get to the files because the name points to a different address now. Probably the numeric address works and some one entered and added malware again. I would think they could write protect the files but not.
     
  12. unclejed613

    unclejed613 Well-Known Member

    Joined:
    Apr 3, 2009
    Messages:
    2,287
    Likes:
    157
    you can look at your public html folder, and see what's been changed. you actually be able to look at your whole file tree from your login. did godaddy tell you what files were affected?
     
  13. ronsimpson

    ronsimpson Well-Known Member Most Helpful Member

    Joined:
    Apr 17, 2007
    Messages:
    8,032
    Likes:
    1,095
    Location:
    Loveland, CO USA
    ONLINE
    They gave a very long list of files that ended in "71195 more files". Which is not bad for a 3 page web sight.
    Most all html.bak*.php files.
    Most all html.bak*.html files.
    Most all html.back*.php files.
    1000. of html/wp-content/themes*.php files.
     
  14. unclejed613

    unclejed613 Well-Known Member

    Joined:
    Apr 3, 2009
    Messages:
    2,287
    Likes:
    157
    it would be interesting to see what the " infection" looks like. you probably will find it in the /cgi-bin folder, or in the .php scripts in the /public_html folder.

    that's why i recommend people to either use "static" website builders like nanoblogger (and you can do a lot with those, even having embedded audio and video, or javascript code) or read everything they can get their hands on about locking down security on PHP, CGI, and SQL. javascript, embedded video, embedded audio, all execute in the browser, but PHP, CGI, and SQL execute on the server, which is why they get attacked. if PHP code isn't locked down, somebody can enter data in a form, add a semicolon, and a command line, and the command line will execute on the server. when testing stuff like IOT devices, i try the following in the password prompt:

    password ;reboot

    if the IOT device reboots, it's got a serious security flaw that allows a form entry to be used to enter commands. password forms are usually php scripts. another thing that can ruin your day, is SQL injection. if you have a user database with passwords, etc... and someone does this on the form (we'll use the password entry again)

    password ;DROP_TABLE "users";

    your user database just went bye-bye...

    commands entered like that can copy files from outside the website into the website's root directory, the cgi-bin directory. they can upload a hacked copy of your index.html file with javascript code that will load malware onto the user's computer through weaknesses in the user's browser. these can be blocked by proper configuration of PHP, SQL databases, and the http server
     
    Last edited: Feb 27, 2018
  15. gophert

    gophert Active Member

    Joined:
    Jan 17, 2015
    Messages:
    548
    Likes:
    80
    Location:
    Western, PA (USA)
    Amazon web services is great and will let you set up a page for free for a year as a test-drive (the storage is in the range of 30Gb for the free tier). I calculated about $20/month thereafter.

    Here are the how-to instructions to set up a wordPress instance.

    If you have a domain name, you can link that as well. Or you can buy one through amazons web domain company "Route 51"

    Also, you get a dedicated "elastic IP" address for a minimal fee. The eleastic IP is yours as long as you maintain the instance.
    You can also buy a simple Linux instance and and serve pages with Apache2 and do everything manually.
     
  16. unclejed613

    unclejed613 Well-Known Member

    Joined:
    Apr 3, 2009
    Messages:
    2,287
    Likes:
    157
    my friend's domain was purchased from godaddy, and because of that, the dynamic dns service is free.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice