Ασφάλεια Ιστού Jobs

I need our current password-reset page upgraded so it not only feels safer but actually is. Two key aims guide the work: • Functional improvement – add an email-verification step that triggers a secure link. After a user submits the reset form, they must click that single-use link before they can choose a new password. • Security enhancement – ensure the whole flow resists common attacks. Think expiring tokens, rate-limiting on requests, and server-side validation before any password update is accepted. You’ll adjust both the front-end form and the back-end logic so the experience remains smooth while the underlying process gains these extra checks. All existing styling stays; I only need the new verification link workflow wired in, fully tested, and documen...

After installation the wordpress site and theme works not good. It endless loading and timeout after adding one picture. Check server settings, theme and installation, memory space etc. and fix the issue

My WordPress install has been breached. I am seeing spam posts and pages sprinkled throughout the site and several malicious links have appeared in places I never touched. The attacker also managed to get into the main admin account, so I no longer trust any credentials or core files. I need a specialist who can: • Eradicate every spam post, page, and injected malicious link without harming legitimate content. • Audit and remove any backdoors, rogue users, or altered core, theme, and plugin files. • Restore secure admin access, forcing password resets and re-generating salts. • Patch WordPress, themes, and plugins to the latest stable versions and harden the installation (file permissions, disallowed editing, firewall rules, etc.). • Provide a brief hand-...

I operate two offices and I purchased two UniFi UDM Pro, and I want them linked so that staff can reach internal resources from either location as if they were on the same LAN or to work remotely (VPN access). Nothing is in place yet, so the full security stack must be designed and deployed from scratch. Scope of work • Build and test a site-to-site VPN between the two UDM Pros for seamless remote access. • Create granular firewall rules that allow only the traffic we specify while blocking everything else. • Enable and tune UniFi’s intrusion-detection/prevention features to catch unwanted activity without flooding us with false alarms. • Document every setting—screenshots or exported configs—so I can replicate or restore the setup if needed. ...

Saya sedang mempelajari cara kerja sebuah aplikasi berbasis web dan ingin memahami proses autentikasi penggunanya secara menyeluruh. Tolong bantu saya dengan penjelasan yang mudah dipahami namun tetap akurat secara teknis. Ruang lingkup yang saya butuhkan: • Alur login → dari formulir hingga verifikasi di server. • Mekanisme penyimpanan dan pengecekan kata sandi (hashing, salting, dsb.). • Cara pengelolaan sesi atau token (cookie-based, JWT, atau pendekatan lain). • Langkah pengamanan umum untuk mencegah serangan seperti brute force, session hijacking, dan CSRF. Silakan sajikan dalam format ringkas—boleh berupa poin-poin tertata, diagram sederhana, atau kombinasi keduanya—supaya saya bisa langsung memahaminya dan menerapkannya pada proyek ...

I need a Godaddy-issued SSL certificate installed and fully configured on my Windows Server 2019 VPS that is also hosted with Godaddy. The certificate has already been purchased; what’s left is generating the CSR (if you prefer, I can supply one), importing the returned certs, installing the intermediate chain, and binding everything to the correct IIS site so the domain loads only over HTTPS. Once the certificate is in place, please force-redirect all HTTP traffic to HTTPS, check for mixed-content warnings, and run an SSL Labs test to confirm an “A” rating or better. Deliverables • CSR generation (or validation of my existing CSR) • SSL certificate and chain correctly installed in IIS • HTTP-to-HTTPS redirect enabled and verified • Final rep...

I have a fresh domain - unable to make it live on my shared or VPS hosting server. Deliverables - Make the domain live and install WP on the domain - It should be accessible via , , or That’s it—straightforward job for someone comfortable with WordPress deployments and server setups. Let me know your timeline and any questions you have so we can get this live quickly.

O Facebook Sharing Debugger devolve os códigos 418 e 429 para todas as URLs do meu site, impedindo que meus artigos e posts de blog sejam exibidos corretamente ao compartilhar. Os metadados Open Graph já estão configurados, portanto o problema está, muito provavelmente, na forma como o crawler do Facebook chega ao servidor (DNS, firewall, cache, rate-limit ou configuração de headers). Sua missão: • Diagnosticar a causa exata desses retornos 418/429. • Ajustar a configuração necessária — seja no servidor web, proxy/CDN, regras de segurança ou limites de requisição — para que o Facebook consiga acessar qualquer página sem bloqueios. • Validar, no próprio Sh...

I'd need to create a social network with , I'd need hardening plus ensuring the platform will be deployable and production-ready

My network edge relies on a Sophos XG appliance and a Fortinet FortiGate unit. Both devices are in production, but their current configuration is a mix of legacy rules and quick fixes that now interfere with performance and security. I want a seasoned firewall engineer to step in, examine every setting, correct what is wrong, and design a clean, least-privilege rule base. Scope of work • Configuration – back up the existing setups, remove or refine redundant rules, and align all interfaces, NAT, VPN, IPS and logging options with best-practice guidelines for Sophos SFOS and FortiOS. • Troubleshooting – identify and eliminate the intermittent drops we see on site-to-site VPN and outbound web traffic. Validation must include live traffic tests and log review. &bul...

I run a Canadian real-estate search engine that must stay lightning-fast for genuine home-hunters while remaining fully crawlable by Google, Bing and other reputable AI/search bots. Right now Cloudflare shows ±100 k daily hits from malicious, spam and scraper bots; that traffic spikes the servers, ruins bounce-rate metrics and occasionally knocks the site offline. I have already: • Placed the site on Cloudflare, • Allowed full, captcha-free access for visitors inside Canada, • Forced most other countries through a captcha, • Experimented with firewall rules, IP and UA blocking. Unfortunately, Google’s crawler activity drops whenever the shield becomes too strict, so I’m looking for an expert who can strike the sweet spot: block malicious...

I am looking for an experienced Instagram account recovery specialist to help me regain access to my business Instagram account. I currently cannot log in to my account through any method: Password reset is not working Facebook login is not working Instagram recovery page shows “No account found” However, the username and account are still visible when checked from another Instagram account Additional details: This is a business account I still have access to the original email and phone number The issue happened suddenly, likely due to hacking or unauthorized changes What I need: Proper recovery through Instagram / Meta official support Assistance with hacked account appeal and verification No fake tools or scams — only legitimate recovery methods Requireme...

My QRadar deployment needs a sharper eye on phishing. I want a set of custom Alert and Correlation rules that reliably pick up everything from the first suspicious e-mail event to follow-up user activity that hints the attack is moving forward. Scope • Build correlation logic that ties together indicators such as mail-gateway detections, odd mailbox rules, risky web clicks, and any subsequent authentication anomalies. • Create alert rules that trigger actionable offenses the moment a phishing pattern emerges. The rules must fit neatly into existing QRadar best practices: use building blocks where appropriate, keep AQL searches efficient, and document each rule so another analyst can tune or extend it later. Acceptance A rule set that fires during lab replay of know...

Necesito que un/una sysadmin instale y deje funcionando un certificado SSL emitido por Cloudflare en mi servidor. Aún no he especificado si trabajo con Apache, Nginx u otra plataforma, por lo que valoro a alguien que pueda adaptarse a cualquiera de estos entornos y guiarme si hace falta ajustar la configuración. El resultado que espero: • Certificado SSL de Cloudflare correctamente instalado y verificado. • Sitio accesible a través de HTTPS sin advertencias del navegador. • Instrucciones breves de los pasos aplicados para futuras actualizaciones. Dispongo de acceso al panel de Cloudflare y a las credenciales del servidor; si se requiere algo adicional puedo facilitarlo durante el proceso. Busco una solución rápida, limpia y segura, id...

I need a thorough, methodical security assessment of my production-ready web application. The goal is to expose any weaknesses before launch, demonstrate real-world exploitability, and give me a clear, prioritized plan for remediation. Scope • Full application security testing: authentication, authorization logic, input validation, business-logic flows, session management, server configuration, and third-party integrations. • Black-box techniques are fine, but I can supply test credentials for deeper analysis if that helps you reach code paths hidden behind login. • Industry-standard tooling such as Burp Suite, OWASP ZAP, Nikto, or your preferred commercial scanner is expected, followed by manual verification so I’m not just getting automated false positives. ...

I’m managing a law-firm website on WordPress and need a Scrum-savvy professional to guide a short, focused sprint that uncovers every problem and closes each one out. At the moment the homepage, service pages, and contact forms are suffering from slow load times, broken links, visible placeholder text, and several security red-flags my host keeps warning me about. Here’s how I’d like us to tackle it: • Kick off with a rapid discovery session, turning existing pain points into a clear, prioritised backlog. • Run one or two time-boxed sprints (your call after the audit) to deliver: – Sub-two-second load times across the affected pages – Fully working links and forms, no placeholder copy left behind – Core Web Vitals in the gree...

My web application was prototyped in Google AI Studio and is already live in a sandbox environment, but a handful of thorny issues are blocking the ability to launch the app live. I’d like an experienced web-app engineer to comb through the code, confirm it meets best practices, and then resolve filtering errors based on the monetization model. Additionally, I need to connect a payment gateway and validate that it works. I will grant access and share environment credentials as soon as we start. A concise change log, commented commits, and a short validation report explaining what you reviewed and why you adjusted it will be the acceptance criteria.

I have a Base44 application that is already coded for the web and I want it running on my own virtual private server. The VPS is up, secured, and ready—what’s missing is the actual deployment. Here’s what I need to happen: clone or upload the current codebase to the server, install any required dependencies, configure environment variables, link up the database and storage locations I specify, and then expose the app at my domain with an SSL certificate in place. Once everything is live, a short, clear README or set of notes on the steps you took will help me maintain future updates without guesswork. Acceptance criteria • Application loads over HTTPS at the domain I provide. • All existing features work exactly as they do in my local build. • Deplo...

Need experienced Linux System Administrator for server hardening. Tasks include security audit, firewall configuration, SSH hardening, user access control, patch management, and security monitoring setup. Must have experience with Ubuntu/CentOS and tools like Fail2ban, SELinux. Provide documentation of all changes.

A recently rebuilt Windows workstation needs a bullet-proof antivirus setup carried out over a remote session. The job begins with selecting an effective AV suite (I am open to your recommendation—Norton, McAfee, Kaspersky, or another best-in-class option) and continues through full installation, optimisation, and hardening. Key protection goals • Online banking: isolate browser sessions, enable real-time phishing & key-logger defences, and verify safe-transaction modules are active. • Confidential files: enforce on-access scanning, tune heuristic settings for maximum detection, and lock down local folders with password-protected vaults or encryption available within the AV. • Google Drive sync: ensure cloud-storage scanning is enabled, block malicious file ...

My Classic ASP site was recently overrun by a black-hat SEO attack that injected gambling-related links into pages crawled by Google. Since then I’ve noticed a dip in performance, repeated security warnings, and spam URLs appearing in Search Console. I can give you full server access, including IIS and database credentials, plus the security logs and scans already generated by our endpoint software. What I need from you is a thorough forensic sweep to pinpoint every entry point—whether that’s a compromised .asp file, a rogue include, or a polluted database field—and then clean it without breaking the legitimate codebase or content. Deliverables • Complete scan of site files, MSSQL/Access tables and IIS logs • Written report listing each malicious...

I run a production-level Windows server that now needs steady, professional care. The box is already up and live; what I need is someone who can step in and take over the routine work that keeps it healthy and secure. Your core responsibility will be ongoing maintenance—installing patches, checking logs, pruning obsolete services, and making sure performance never drifts. In parallel, I want proactive security updates: closing vulnerabilities quickly, hardening configurations, and documenting every change so there are no surprises later. A typical month might include: • Scheduling and applying Microsoft updates with minimal downtime • Reviewing Event Viewer and other logs for early warning signs • Updating firewall rules or IPS policies when new threats emerge ...

Technical Status Report: Resource Exhaustion (503 Error) Site: Environment: A2 Hosting (Shared) | 2GB RAM Limit | 100% CPU Limit 1. The Issue The site is currently experiencing a persistent 503 Service Unavailable error. Analysis of the A2 Resource Usage shows the account is hitting its Physical Memory (2GB) and CPU (100%) ceilings almost immediately upon server reset. 2. Actions I HAVE already taken Plugin Isolation: Renamed the /plugins/ folder to plugins_hold. Process Reset: Cycled PHP versions (8.3 to 8.2 and back) to kill hanging lsphp processes. Caching: Flushed and Enabled LiteSpeed Web Cache via cPanel. Security: Briefly disabled ModSecurity (site attempted to load but crashed again instantly). Cron/XML-RPC: Added DISABLE_WP_CRON to and blocked via ....

I have, 40-core machine with 1 TB of RAM that needs to be turned into a practical development box for my team. The goal is to have both Windows Server and Ubuntu Server installed side-by-side, each ready for daily coding, testing, and collaboration. Here’s what I need from you: • Plan and carry out the installation of the two operating systems, making sure they coexist cleanly (dual-boot, virtualization, or any proven approach you recommend). • Partition and configure storage so that each OS has ample, clearly labeled space. • Enable remote access for multiple developers, with sensible user and permission settings already in place. • Apply baseline security hardening and system updates so we start from a solid, up-to-date foundation. Once finished, I s...

My Server4You VPS has triggered an abuse report and I need a one-time, decisive intervention. The first order of business is malware removal—locating and eradicating any malicious code sitting inside the WordPress installs. While doing so, I also need you to pinpoint which site is behind the current XML-RPC and brute-force login traffic, disable XML-RPC wherever it isn’t explicitly required, and verify no backdoor scripts are left behind. You will receive root (or sudo) SSH access. Once inside, please: • Scan every WordPress instance and the underlying file system, remove malware, and patch obvious vulnerabilities. • Trace the origin of the XML-RPC abuse and stop it without breaking legitimate functionality. • Review cron jobs, tighten file and directory pe...

I'm seeking a security assessment for my corporate website. The primary concern is phishing attacks. I'm looking for a detailed report and provides actionable recommendations to enhance security. Key Requirements: - Assessment of current security measures (basic) - Identification of phishing vulnerabilities - Recommendations for improvement Ideal Skills and Experience: - Experience with corporate website security - Expertise in phishing attack prevention

My WordPress site needs an urgent fix on two fronts. First, password-reset emails never reach users even though the site is configured with the WP Mail SMTP plugin. I need you to trace why the messages fail—whether that’s an SMTP authentication glitch, host restriction, or mis-routing—and make sure the reset flow works end-to-end, including successful delivery to common providers such as Gmail and Outlook. Second, bots are flooding the registration form. There is currently no CAPTCHA in place, so a solid anti-spam layer has to be added. I’m open to Google reCAPTCHA, hCaptcha, or any proven alternative you recommend. The spam accounts already created should be purged, and the loophole closed permanently without degrading the experience for legitimate users. Deli...

My web backend already handles real-time WebSocket traffic and device-to-server messaging, but the client management module now needs immediate attention. The current codebase shows signs of SQL injection issues and server misconfigurations, and an initial scan hints at possible backdoors. Here’s what I need you to do: • Conduct a full security audit across the PHP + MySQL stack (running on Apache in a XAMPP-style setup) as well as the Node.js WebSocket layer. • Isolate and remove any backdoors, patch every SQL-injection entry point you uncover, and fix configuration mistakes that could expose the server. • Redeploy the cleaned code on a fresh, standard Linux server image, migrate the database where necessary, and confirm that all WebSocket real-time features r...

I need an experienced developer to set up my GoGetSSL / Sectigo SSL certificate via ACME on Apache today. The domain is already pointing to the server, and credentials are ready. What you’ll do: Generate & validate the ACME order Install SSL + chain file on Apache Force HTTPS (HTTP → HTTPS) and restart Apache Verify SSL Labs rating “A” Set up automatic renewal or provide instructions Requirements: Proven experience with GoGetSSL / Sectigo + ACME Immediate availability Ability to provide a short log of commands used ✅ The goal: website fully secure with green padlock today.

I need a new subdomain created inside my Square space account so it points cleanly to , where all my online courses will live. has already supplied the precise CNAME and TXT records and I will pass those straight to you; they simply have to be entered without disturbing the rest of the zone file because other integrations are already running on the root domain. At the same time, I want my branded email address fully recognised by the CRM. That means adding or adjusting the accompanying MX, SPF, and DKIM records so outgoing messages authenticate and incoming replies land where they should. Deliverables • Subdomain resolves to the correct workspace over HTTPS and passes their custom-domain check. • Email records propagate, SPF/DKIM show “pass” in common tester...

My Shopify account has been compromised, and I need a thorough investigation. Key tasks: - Investigate account access issues - Identify and document unauthorized marketing activities - Provide evidence of account abuse Ideal skills and experience: - Strong background in cybersecurity - Experience with Shopify platform security - Ability to generate detailed investigative reports - Prior experience handling similar security breaches I expect a detailed report with evidence of abuse.