-2

I'm not quite sure this is the place for such questions, but stackoverflow or superuser seem even less appropriate, so.

I want to ask if there is some kind of a site or service, similar to the stackexchange sites, where enthusiast hackers can offer some services for free in their spare time. What I need in particular is someone to try and hack my server, I will give them addresses and everything they need, that is public information. I want to make sure my server is secured properly, since I'm self taught, I don't really know if I did a good job or not.

php_nub_qq
  • 787
  • 1
  • 6
  • 13

1 Answers1

11

You're looking for a penetration tester.

You could also invite people on the net to try and hack your server, but that's a very risky business - you never know who's going after it. Telling the entire world that you may be vulnerable is... probably not a wise decision.

Professional penetration testers are skilled professionals, so be prepared to pay.

S.L. Barth
  • 5,486
  • 8
  • 38
  • 47
  • 2
    Luckily, we're not people on the net, or else this would be a risky proposition. – iAdjunct Aug 04 '16 at 13:34
  • Well, it may not be a good idea to tell the world I'm vulnerable, but it's a worse idea to not know I'm vulnerable, I think? I would rather get wrecked now, than some day when I least expect it :D – php_nub_qq Aug 04 '16 at 13:38
  • @php_nub_qq Really depends on who answers the challenge. And how much there is to lose already. Your best bet is to get a professional to look at it, but it'll cost you. BTW, if there is code involved that you have written yourself (e.g. PHP scripts), you can have it reviewed at our sister site [CodeReview.SE]. As always, read their Help Center before posting there. – S.L. Barth Aug 04 '16 at 13:42
  • 1
    @S.L.Barth Thanks for the concern. I'm a pretty advanced PHP developer (moment of glory) and I'm pretty certain my scripts are secure, what I'm worrying about is the linux administration (ports and services and stuff like that) in which I'm not very experienced. – php_nub_qq Aug 04 '16 at 13:43
  • 1
    I suppose some of the individual aspects of your setup could be answered on [SF], [Unix.SE] or [AU.SE], if they aren't already. Explain enough about your system, while staying on-topic, and you may get some advice on things you hadn't thought about as well. Also, we have some canonical questions about server hardening here on Security.SE - like [this one](http://security.stackexchange.com/questions/993/hardening-linux-server). – S.L. Barth Aug 04 '16 at 13:51
  • @S.L.Barth I'm going to look into those options, again big thank you. The problem with hiring "professionals" IMHO is that sometimes these professionals know less about the stuff I'm hiring them to do, than I do, and I don't have the spare money right now to gamble. – php_nub_qq Aug 04 '16 at 13:58
  • 3
    +1 to the warning about asking strangers from around the internet to hack your server. @php_nub_qq, you should definitely pursue a professional penetration testing service. Also, I am sure the members of the StackExchange sites would be willing to look over segments of your existing code and let you know if anything stands out. However, do *not* just ask strangers to hack your website. They could say "everything looks good", when there are actually issues, either because they simply are not qualified to determine if the server/site is truly safe, or so they can come back and hack it later. – Spencer D Aug 04 '16 at 16:57