Issues resolved
Sorry, we forgot to post an update here. The issues were resolved. 
2 Likes
I only use cloudflare for their dns servers, I don’t even proxy. I just don’t trust russia to host my dns servers.
Cloudflare isn’t the only way to prevent DDoSing. I don’t use their ddos protection. I’ve had to have one of my servers even lag. It’s about how you manage the traffic.
I know AWS, OvH, DigitalOcean’s networks can take the traffic. It’s about how you manage it on your server.
1 Like
May I ask which hashing algo you use for passwords?
What is your experience also?
Have you tested for SQLi/XSS on the site??
Do you validate requests to the database for security?
1 Like
Thanks for the suggestion! We’ll decide later on whether or not our DDOS security should change.
Of course you may! 
We use the php password hash function.
Experience on what?
Yes, we indeed have! We don’t want our site to be vulnerable for any kind of attacks. 
Yes, all request are being validated before being executed. In case something would happen and data is being destroyed, we automatically back-up our database every 24 hours.
Kind regards,
Jonas
1 Like
Will you be releasing a “pro” or upgraded version for people who are willing to pay Robux or USD for it?
Examples of the features it might have:
- Fully customize-able design
- Roblox Ranking Bot
3 Likes
We’re indeed working on a pro version! Currently we are developing ranking bots. 
We’re as well developing a customizable in-game layout. However, what do you think of when we say fully customizable? Just the colors, or?
1 Like
That’s wonderful that you sanitize. Many forget.
Which version of PHP are you using? BCrypt as default wasn’t introduced til fairly recently. (5.5+).
Also, to another matter:
Was lightspeed a choice, or are you using a web host?
1 Like
Haha, so did I. @chrisopdemobiel reminded me to make sure to sanitize before using variables in queries.
7.2.26
We’re using a web host However, we’re as well running some stuff on a VPS.
Kind regards,
Jonas
Is the database hosted with the webhost as well? I’d personally see that as a security flaw. I dont have much faith in hosting providers.
5 Likes
It indeed is hosted at a hosting provider, however we use a decent one that’s really known. Our user’s security is important to us.
You willing to share the host you use? The lack of public information is a bit concerning, If I were to use this I would want to know where my data is, What I am accessing, etc. With a VPS I know my data is behind a password that the provider doesn’t have.
1 Like
That’s not a very good argument. All VPS hosts have a way for them (the host) to access your VPS if required. It is, after all, their machine.
It’d require them to modify the root password, would it not? Which then I’d know the touched the server.
Not to mention my ubuntu server virtual hard drive is encrypted, which means the data written to the actual drive is encrypted.
No — they can directly access it through the virtualisation layer, they can also just… change your root password back to what it was after if they do it that way?
How are they gonna modify an encrypted drive without the password, They can attempt to access, but they’d need root password, but if they externally look at the data. It. Is. Encrypted. They don’t know the password I used.
It’s just like roblox. They have all of our information. So does google. Google tracks our info and gives it to the government. NOTHING we do online gives us full protection. Yes they can access it. Anyone can access it.
1 Like
That is beyond the scope of not only this topic but the discussion and my point…
You’re talking in the sense that all hosts have the ability to access your information.
Now with our information, that’s something that would go in the privacy policy. Of course the hosts has access to our information, but I highly doubt they’ll use it illegally.
We use hostinger as our host. Sorry for the late replies, I have been sick.
1 Like
New update!
We’ve made you able to toggle the status of roles independently in your centre. This way, you’re able to stop people from applying for that one role you already found enough staff for.
Who can modify this status?
Only the owner of the application centre can, as well as anyone who you gave admin permissions. Readers do not see this switch, and cannot use the endpoint that’s behind it.
How do I enable or disable this?
It’s easy! Select a centre on your dashboard, and on the next page just toggle the switch. It auto-saves.
What if no applications are enabled? Will my centre still work?
Yes, your players won’t see any weird errors haha. They’ll just see this screen! (With your application name obviously)
Questions, concerns? Shoot a reply!
Kind regards,
Jonas
Founder of BloxTech Group
1 Like