Greetings. So I have finally finished building a website after weeks of work. I decided to take it to sitelock for added assurance to future members of the site. To my surprise, Sitelock XSS Scan Warning 04/27/2012 Sitelock has discovered 2 critical security issues. I get on the phone with sitelock immediately. The tech states that the site can easily be hacked due to this issue from the login page! I also asked him why did it only scan 21 pages, I know there are many more pages to this site. He stated that the robot.txt probally prevented from scanning the rest of the site. Which is good for security reasons, but sitelock can't go through and check the vulnerability of pages that definately needs scanning, i.e. Forums, Blogs,...etc. I come to a point of thinking..Have I put in all this work for nothing. What good is a website if it is not a secure website. The code that sitelock has flagged is as follows... All from the input login First: tookoutmysiteurlforsecurityreasonsdotcom/join?00e324463dc65a04faf58e1ebe49569a=1&10aa302213e51108349fe4ce86606870form_name=joinForm&joinSubmit=Join&month_birthdate=1&password=1&realname=1&relationship[]=1&repeatPassword=1&sex=1&termOfUse=1&userPhoto=1&username=1&year_birthdate=1 Second: tookoutmysiteurlforsecurityreasonsdotcom?00e324463dc65a04faf58e1ebe49569a=1&10aa302213e51108349fe4ce866068701&repeatPassword=1&sex=1&termOfUse=1&userPhoto=1&username=1&year_birthdate=1 I have no idea where to begin to fix this. But the guy was so kind to offer Sitelock reps to fix the problem for near $300. *smile*.... My question is, is this a legitimate issue/cause for concern. Or maybe a ploy to get money out of me that I do not have? Any help with this issue would be greatly appreciated. PMs welcomed.
The way to fix it would all depend on how your code works. If you would like the problem fixed for alot less then $300 just shoot me a PM.