[QUOTE=Semajnad;50145424]To be fair - ScriptFodder uses Bootstrap (I know it's not the same as Wordpress, but it's still a shortcut, especially as you mention the 'Horiffic UI'). However these above points do matter... and maybe the best thing is to take this thread as advice, improve, then come back, as it's not ready to go live just yet, but I'm sure it will. However Jamie there's no need to be a dick about it.
Wordpress is good for content sites, especially when handing the site over to a customer. However it's probably not great to use on a live business marketplace site.
HTTPS isn't really free, you can self sign, but you'd want to get a reputable company to sign your certificate. I've seen there's free sites out there that offer it, but I wouldn't trust my details with someone who gets a FREE HTTPS certificate.[/QUOTE]
That's one of the most retarded things I've ever heard... HTTPS is secure regardless of who signs it, and yes reputation may cause some people to 'run away' but most are only going to look for the green lock.
[QUOTE=Semajnad;50145489]Jamie, I actually do - I admit I didn't realise there were reputable sites out there offering SSL certificates. But I do think too many people use bootstrap, but that's personal opinion.
+ what I said IS true, you want a reputable site to supply your SSL certificate.
I was too quick to put down bootstrap though, as to be fair I'd rather have a responsive site using bootstrap then a non-bootsrap site that isn't mobile-friendly :P[/QUOTE]
Googling 'free SSL certificate' comes already with many results -- including [B]letsencrypt[/B] on first place.
[QUOTE=Semajnad;50145489]Jamie, I actually do - I admit I didn't realise there were reputable sites out there offering SSL certificates. But I do think too many people use bootstrap, but that's personal opinion.
+ what I said IS true, you want a reputable site to supply your SSL certificate.
I was too quick to put down bootstrap though, as to be fair I'd rather have a responsive site using bootstrap then a non-bootsrap site that isn't mobile-friendly :P[/QUOTE]
Clearly you don't, LetsEncrypt is reputable, they're backed by some [URL="https://share.jamiehankins.co.uk/Monosnap/Lets_Encrypt_-_Free_SSLTLS_Certificates__2016-04-17_00-29-20.png"]huge companies[/URL]. Stop spouting shit... Also you don't give the CA your private key so it's not like they can decrypt your traffic if they were able to MITM you anyway.
[QUOTE=Netheous;50145491]it can't stop them[/QUOTE]
But it can try. Through social engineering, social media with the power of their reputable brand and fanboys/fangals etc.
[QUOTE=jamie1130;50145500]Clearly you don't, LetsEncrypt is reputable, they're backed by some [URL="https://share.jamiehankins.co.uk/Monosnap/Lets_Encrypt_-_Free_SSLTLS_Certificates__2016-04-17_00-29-20.png"]huge companies[/URL]. Stop spouting shit... Also you don't give the CA your private key so it's not like they can decrypt your traffic if they were able to MITM you anyway.[/QUOTE]
You also should take care of your [URL="https://i.gyazo.com/bc5a4972d36272285b9040da2c6abaf8.png"]website errors[/URL] :v:
Ok, I may not be as informed as I think. I apolagise. However I'm sure it does matter who signs your SSL, otherwise why doesn't everyone just self sign? As I said before, I didn't realise letsencrypt was so well used. That's my lack of knowledge.
[QUOTE=Slowboi;50145509]But it can try. Through social engineering, social media with the power of their reputable brand and fanboys/fangals etc.[/QUOTE]
But that coming out into public is a) way too obvious b) reverse negative-ad
In other words: if someone found out SF is sending fanboys n stuff, it would work in favour of the other website.
Could you explain then why it doesn't matter who signs? As I'd like to know.
[QUOTE=Semajnad;50145512]Ok, I may not be as informed as I think. I apolagise. However I'm sure it does matter who signs your SSL, otherwise why doesn't everyone just self sign? As I said before, I didn't realise letsencrypt was so well used. That's my lack of knowledge.[/QUOTE]
Cus self signed doesn't often has the cute little green lock in the bar (atleast not for me), and most are too lazy and search for an easy method, by either buying one, or cloudflare :p
Plus having it signed by a big company gives, as said many times, good reputation.
EDIT!!
Also, self signed certs would make it easier for phishers etc to do things.
[QUOTE=whitestar;50145521]Cus self signed doesn't often has the cute little green lock in the bar (atleast not for me), and most are too lazy and search for an easy method, by either buying one, or cloudflare :p
Plus having it signed by a big company gives, as said many times, good reputation.[/QUOTE]
I didn't think that was the only reason? I thought there was a reason why getting a reputable company to sign it was good. If that's the only reason then fair enough.\
Sorry, I'll add - if you self sign it's just as secure - but I thought there were ways that people could self-sign and still be insecure if done maliciously, which is why getting a company to do it is more trustworthy on the client side.
Edit : [B]There you go - you've just added your point as mine.[/B]
So in theory, if a unreputable company signed your SSL, then they could lesson the security of your site, which is why I thought it was better to have a more trustworthy company sign it. As getting a non-well known company to sign is it no different then doing it yourself, in the way of trust.
[QUOTE=Semajnad;50145533]I didn't think that was the only reason? I thought there was a reason why getting a reputable company to sign it was good. If that's the only reason then fair enough.\
Sorry, I'll add - if you self sign it's just as secure - but I thought there were ways that people could self-sign and still be insecure if done maliciously, which is why getting a company to do it is more trustworthy on the client side.[/QUOTE]
its not the only reason. Putting trust into a big company, helps, because they are responsible for your cert, so if anyone decrypts your cert or shit, then you dont get into that much trouble, but they do, because its 'their' cert wich got breached, means you get big and 'instant in that case' support. there are many reasons to stick with a big company instead of self signing.
That's what I meant on the previous page when I said:
'HTTPS isn't really free, you can self sign, but you'd want to get a reputable company to sign your certificate. I've seen there's free sites out there that offer it, but I wouldn't trust my details with someone who gets a FREE HTTPS certificate.'
You can self sign for free, but customers won't trust you. And I wouldn't trust my details with someone who got a free HTTPS certificate from a unknown company - When I said 'who gets a FREE' one, I was uninformed about the current state of FREE SSL Certificates from reputable companies, so I apolagise for my ignorance.
Security is one area I do lack on, I shouldn't have opened my mouth before being sure.
[QUOTE=Semajnad;50145562]That's what I meant on the previous page when I said:
'HTTPS isn't really free, you can self sign, but you'd want to get a reputable company to sign your certificate. I've seen there's free sites out there that offer it, but I wouldn't trust my details with someone who gets a FREE HTTPS certificate.'
You can self sign for free, but customers won't trust you. And I wouldn't trust my details with someone who got a free HTTPS certificate from a unknown company - When I said 'who gets a FREE' one, I was uninformed about the current state of FREE SSL Certificates from reputable companies, so I apolagise for my ignorance.
Security is one area I do lack on, I shouldn't have opened my mouth before being sure.[/QUOTE]
Sure, a free cert from a company is still not the best, but its definitely better than self signing, you later on can still buy a 200$ cert if you have the money, wich will put the best trust possible.
Edit: I aint the best webdev, but when I develop something, I try to mainly put attention to security before doing it, even if the script itself is a bit slower/takes longer :p
Can we keep the little beefs to a minimum please :P
Anways, fixed the directory issue, thanks for pointing it out again!
also, I hope you switch to NGINX/NGINX+, because its faster and also provides load balancing -- wich requires you to have multiple servers though to send traffic to. I also hope you dont use a Shared webhosting from NFO, but a own dedicated server.
[QUOTE=whitestar;50145780]I also hope you dont use a Shared webhosting from NFO, but a own dedicated server.[/QUOTE]
:3
[IMG]https://i.gyazo.com/6efd9485fe3a4f8a0bf9a5c80f52ddcc.png[/IMG]
[QUOTE=Bings;50145834]:3
[IMG]https://i.gyazo.com/6efd9485fe3a4f8a0bf9a5c80f52ddcc.png[/IMG][/QUOTE]
for fucks sake. why do people never learn. it explains why its slow, a dedicated server would be even better, what happens if someone exploits the virtualization system, and gets access to things like, scripts(including expensive ones), and private keys?
As mentioned above, we had no idea we would get this much attention. We're switching to our dedi right now.
Out of complete curiosity how does Scriptspawn plan to deal with leaks? Will it have any protection methods being provided or will developers have to make their own? Would leakers that are detected by said system be banned and notify admins & moderators of any possible alt accounts? Just some things to think about so Scriptspawn can further develop itself.
When someone applies to become a developer, they are linked to a leak protection system. We also count on the community to reveal leakers so we can IP ban them. Letting us know about leakers is super simple with the contact form on the sidebar! Furthermore, our moderation team browses leak sites often just to add an extra layer of reassurance.
I've found that some links aren't working, ex. the ones under my profile picture.
[IMG]https://i.gyazo.com/9965c2a75a4be9585ad5cb44a5d78510.png[/IMG]
Awesome! Thanks for letting me know, I'll get right onto that as well.
[editline]16th April 2016[/editline]
Fixed.
[QUOTE=Sleggie;50146165]Awesome! Thanks for letting me know, I'll get right onto that as well.
[editline]16th April 2016[/editline]
Fixed.[/QUOTE]
Looks like the welcome message is bugged as well. Just to be clear I'm not trying to be an ass I just want to help you better your website. :smile:
[IMG]https://i.gyazo.com/4872cc71a17dc4507aac8dc5e5bd534b.png[/IMG]
The account links don't work either.
I'm just looking at the website and I have a few questions - are you ever going to change the colors of this:
[IMG]http://i.imgur.com/cBhqaoM.png[/IMG]
Also, why are there two register buttons so close to eachother?
[IMG]http://i.imgur.com/QckOsWo.png[/IMG]
[QUOTE=MPan1;50146240]I'm just looking at the website and I have a few questions - are you ever going to change the colors of this:
[IMG]http://i.imgur.com/cBhqaoM.png[/IMG]
Also, why are there two register buttons so close to eachother?
[IMG]http://i.imgur.com/QckOsWo.png[/IMG][/QUOTE]
Sure. Will make them darker (more subtle).
As for the Welcome bug, I'll look into that. What seems to be wrong with the links tho? They work fine for me! Also, you're definitely not being an ass and how can one think that you are for pointing out my mistakes?! You're awesome for helping me out :)
[QUOTE=Sleggie;50146463]words[/QUOTE]
The account link under the "Dashboard" dropdown gives me this page:
[IMG]https://i.gyazo.com/9903dd2a4aa556c13e5a27d8064b4e20.png[/IMG]
(used your account to test)
Fixed & working, thanks!
[QUOTE=Sleggie;50146487](used your account to test)
Fixed & working, thanks![/QUOTE]
No problem, glad to help! Please let me know if you need any additional help with the website as I'd love to be a part of this project/company (whichever it is intended to be).
