SocialTime
  • Gender Male

Recent Activity

Lists

Posts

    • -2
    Is Social Engine Team Dead Or What
    i have been trying to contact with social engine team. sending several email and here posting. nobody is replying me. 

    they dead or what ?
      • 3
      Kyle Hey all! Just wanted to let you guys know that we are definitely alive and well! It looks like this particular inquiry came in over the weekend but has been addressed and taken care of. We are happy to help with any issues you might have. You can email us over at sales@socialengine.com. Thanks everyone!
      • 2
      SocialTime Get Good Support from @Kyle
      • 2
      Alex Benzer Guys, we are very much not dead. I haven't received emails from any of you - please PM or email me if I can help you with something :)
    • 24 more comments
    • 1
    test mobile
    testy
    • 2
    Here Is How to Make Money With Social Engine Cloud and Api System
    After alot of research, i have found a way to make money with socialengine cloud. well, 40 USD per month i have to pay to Social Engine. so there should be a way to make money for server cost.

    here is full presentation of my idea with Social Engine Cloud : 

    http://q.gs/116813/socialengine-cloud

    The Api system should be ready for Social Engine Cloud. So my idea will be good for all community member.

    thanks
      • 2
      seTweaks For anyone who's interested in adding it to their site, you can easily add it yourself with their JS version for converting the links : https://adf.ly/publisher/tools#tools-fullpage

      <script type="text/javascript">
      var adfly_id = 5084506;
      var adfly_advert = 'int';
      var exclude_domains = ['example.com', 'yoursite.com'];
      </script>
      <script src="https://cdn.adf.ly/js/link-converter.js"></script>
      • 2
      seTweaks They have something similar with SE PHP. it's from viglink.com
      • 1
      SocialTime but adf.ly is much better. they pay on time.
    • 1 more comment
    • 0
    Test
    Test
    • 0
    无标题112.png
    • 1
    How to Create iphone and android apps for socialengine cloud
    can anyone explain about this.
    • 1
    # Incapsula or # Cloudflare - What Should You Use
    Protecting Your Website – CloudFlare or Incapsula?

    I get this question a lot whenever I talk with clients or give presentations, “How do I prevent my website from being hacked?”. Many actually confuse the service we offer at Sucuri as a preventive service. Good thing we don’t advertise preventive services.

    That’s right, our service sits in the detection and remediation realm. By the nature of what we do there are preventive components that we implement, but our service has always been about detection, and more importantly remediating the mess. For any InfoSec professional working in the security domain you can understand this approach; you have long learned that prevention is ideal but detection is key and that’s based around the understanding that prevention, like detection, will never be a 100% solution.

    That being said, I came across a recent report by Philip Tibom of Sweden titled Incapsula vs. CloudFlare (PDF Download). It was published October 15th, 2012 and in it he chronicles his experiences with both platforms over the last 6 months. If you’re not familiar with either then you’re really not that concerned with your security posture, and that’s ok of course but unfortunate none the less.

    I would argue that CloudFlare is likely winning the popular vote, entering into the most partnerships and making the most noise, but Incapsula is perhaps the most effective based on the report. The two services are software as a service (SaaS) based solutions targeting the preventive side of the house; yes these would be the first-line of defense solutions so many folks are looking for.

    They fall into the latest category of Web Application Firewalls (WAF) coming to the market designed to address the pandemic problem that is website attacks and web malware distribution. They are designed to slow down, if not completely, prevent the attacks from ever occurring; in essence doing away with your need for a detection / remediation service, right?

    If that were only the case..

    THE REPORT
    The report is much more in depth than I will outline here; here is a complete list of the questions he sought to answer:

    DNS changes – How does it affect your security?
    SQL injection protection – How well does it work?
    XSS (Cross Site Scripting) protection – How well does it work?
    Remote File Inclusion protection – How well does it work?
    OWASP Top 10 Vulnerabilities – Are they protected?
    SSL – Does it work? Is it easy?
    Control panel – How does it help you protect your site?
    Spam bot / Bad bot protection – Is it effective?
    PCI Compliance – Does the WAF meet the requirements?
    DDoS protection – Is it included?
    Here though I was specifically interested in three areas:

    SQL injection attacks
    Cross Site Scripting (XSS) attacks
    Remote File Inclusion Attacks (RFI)
    I chose these three areas as they make up a very high majority of the attack vectors attributed with most websites, specifically those built on Content Management Systems (CMS) like WordPress, Joomla and Drupal.

    SQL Injection Attack
    A quick definition of this attack:

    A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. Source: OWASP

    His test scenario included 30 different SQLi variations against a personal site in which he purposely introduced SQLi vulnerabilities. He actually made a very good video, which I watched, and which I recommend you watch as well. He goes through the process of enabling and disabling both services and showing you sample attacks so that you can see it in practice. Some of his points around the result pages are pretty insignificant, with exception to one:

    Once we have filled in those two words and requested access, we are free to post any SQLinjection we like without getting stopped!

    What he is referring to is the splash page that CloudFlare presents the browser after an attack. On it they provide you a CAPTCHA to verify you are human, once that is filled out, all subsequent attempts are allowed through unchallenged. If this is in fact true that is very dangerous. I have not tested this but do plan to in the coming months.

    In terms of the results: Incapsula blocked all 30 attacks and CloudFlare blocked 1

    Both tests were done on the same application; the only difference was when the application was turned on and off.

    Cross Site Scripting (XSS)
    A quick definition of this attack:

    Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it. Source: OWASP

    This is by far probably one of the more prevalent attack vectors today, impacting many of today’s websites. In short its the ability to pass actions to your browser that allow an attacker to make use of browser technologies like JavaScript, ActiveX and AJAX; allowing actions to take place without you ever knowing. These can be very dangerous, they can be used for a variety of actions like drive-by-download attempts, session / cookie hijacking and key / screen logging.

    Similar to the SQLi scenario, he used his personal site with built in vulnerabilities. He also made use of 15 different XSS test cases leveraging the well known XSS Filter Evasion Cheat Sheet by OWASP.

    In terms of the results: Incapsula blocked all 12 attacks and CloudFlare blocked 0

    Remote File Inclusion (RFI) Attack
    A quick definition of this attack:

    Remote File Include (RFI) is an attack technique used to exploit “dynamic file include” mechanisms in web applications. When web applications take user input (URL, parameter value, etc.) and pass them into file include commands, the web application might be tricked into including remote files with malicious code. Source: The Web Application Security Consortium

    If you’re trying to get your head around this type of attack try thinking about last year’s TimThumb outbreak. This was the type of attack conducted against the file. Unfortunately this attack is more common than many realize and can be found in a number of other files.

    In his example he pulled the example for his test right off wikipedia. Amazing how readily available some data is. The rest of the test scenario in this case was not as comprehensive as his XSS and SQLi tests; this one only included one scenario.

    In terms of the results: Incapsula blocked 0 and CloudFlare blocked 0

    FINAL THOUGHTS
    While Incapsula failed a few tests in the XSS attacks and failed the one RFI, based on his study, Incapsula appears to be the ideal solution for your everyday website owner looking for a preventive service. Understand that I have not tested these platforms for myself and am simply paraphrasing the findings in the a 23 page report.

    The report is well laid out and looking past the grammatical / a structural issue provides exceptional content that has not been provided elsewhere. It’s also important to note that the study only looked at the security components of both services. It did not attempt, or intend, to compare any of the various other features both providers offer.

    As it stands right now, based on what I have read and the sound judgment offered in the report, if someone were to ask me the same question today, I would say that Incapsula is the ideal solution from a preventive measure.

    From # http://tonyonsecurity.com/2012/11/13/
      • 1
      SocialTime here is Incapsula X-CDN : http://chinatravelcommunity.net/
      • 1
      SocialTime yeap. since 2011 i have using both of them.
      • 1
      Paul Thank you for the post, very informative and useful.
    • 3
    Livechat - Online Chat Solution for SocialEngine Cloud
    Chatwing can be an alternative and online chat solution for bloggers and websites to offer live chat on sites and provide a great interactive experience for users.
    • -1
    [Live HD 720p] 120715 - PSY - Gangnam style (Comeback stage) - Inkigayo
    Introducing all CapsuleHD Channels;

    Performances from Mnet (M Countdown, MUST) - http://www.youtube.com/CapsuleHD13
    Performances from K (Music Bank, Sketchbook, Open Concert, Gag Concert, 7080 Concert, Love Request) - http://www.youtube.com/CapsuleHD23
    Performances from M (Music Core, Beautiful Concert) - http://www.youtube.com/CapsuleHD18
    Performances from S (Inkigayo) - http://www.youtube.com/CapsuleHD20
    Performances from MTV (MTV The Show) - http://www.youtube.com/CapsuleHD10
    Other performances (Show Champion, Simply KPOP and others) - http://www.youtube.com/CapsuleHD6
    Immortal Song - http://www.youtube.com/CapsuleHD8
    Latest Music Videos - http://www.youtube.com/CapsuleMVHD
    Old performances (allow voting) - http://www.youtube.com/CapsuleReturnHD

    Previous Channels (No more uploads, old videos are still available)

    http://www.youtube.com/CapsuleHD3
    http://www.youtube.com/CapsuleHD9
    http://www.youtube.com/CapsuleHD12
    http://www.youtube.com/CapsuleHD15
    http://www.youtube.com/CapsuleHD21
    http://www.youtube.com/CapsuleHD22

    Please subscribe all CapsuleHD's Channel
    • -1
    Barack Obama Singing SexyBack by Justin Timberlake (ft. Joe Biden)
    If you like this video, please SHARE and SUBSCRIBE! Thanks :)
    Like on Facebook for updates! http://facebook.com/baracksdubs
    Or if you're a tweeter: http://twitter.com/baracksdubs

    Any video suggestions? Comment below!
    • 1
    Official support channel - HELP - Support NEEDED
    i urgently need to make a website

    i already send email. nobody reply. Except - Jung Kim

    i already send msg on : http://www.socialengine.com/contact
    • 1
    How edit much of the visible language right in the HTML templates
    How edit much of the visible language right in the HTML templates
      • 0
      Jung Kim You can change some of the language by editing the "lang" variable in the HTML templates. We are still working on fully supporting localization.
    • 1
    Backup SocialEngine via cPanel - YouTube
    Backup SocialEngine via cPanel - YouTube