[null] Is it legal to hack your own website

[Tamaghna Basu]

Hi,   As part of CEH curriculum, they showed a site certifiedhacker.com which is hosted publicly and supposed to be hacked for classroom practice. Is it legal to do so?  Also I was thinking if I want to do something similar just for demo on internet, possible options I could think of: 1. Buy a domain from any provider and host my vulnerable website there and hack it. 2. Get a static ip for my own server and put stuff on that for hacking over internet. Would it be legal to do such kind of stuff. Otherwise how else I can do the same? P.S. - If anybody tried certifiedhacker.com then please let me know if anything interesting there. Regards,   T,   tamahawk-techguru.blogspot.com   basubhaimca.blogspot.com   TWEET: twitter.com/titanlambda

--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/

[Anurag Khanna]

Hi Tamaghna

Hacking any website if you have due permission from the owner is legal. 

So if its your own website you have the permission so in my opinion its completely legal.

Its like stealing from your own house :)

The two options you provided are good and can be done.

Anurag

--
Regards
Anurag Khanna

[Karan Ahuja]

hi tamaghna

I guess if it doesnt harm anyone it is legal ..
i mean if you carry out an experiment on your own website , surely no information is compromised and this must be legal

About your experiment , I am also thinking about getting upto speed on web security and wish to carry out similar experiments on a dummy site . I also have a list of tools that i want to try out .

We have a server and domain set up for our software demos . we could use a subdomain on the same server :)

we could try out a shop cart , a form and a cms .

In case , we can team up , please let me know .
I guess when we are done we could talk about this at our team.s  tech talks (every evening)
Also we could blog about it and summarise our learnings and doubts   :)

I guess the owasp also has a goat project similar to this but it is in java and i want to try LAMP(php)

Feel free to discuss .

Thanks and regards ,

Karan Ahuja
 Kodeplay  | in...@kodeplay.com | www.kodeplay.com
phone : 91-9820011185 | 91-022-42641185

Google Talk: karan2...@gmail.com Skype: karan.ahuja2

Lets Connect :-

On Thu, Apr 29, 2010 at 11:28 PM, Tamaghna Basu <titan_the...@yahoo.com> wrote:

[Siddharth Jagtiani]

Since you are hosting some place, you need to check with the hosters :) first. I believe its not legal. Setup a webserver yourself and hack it if you like, that should be legal.

 

Sid

[Dinesh O, Bareja]

There is nothing in the law that forbids this but legal issues come up when you are trying to hack into someone else's system. Thats why one needs to take proper written permissions before starting any PT on a client site.  Having said this, remember that your site / domain is hosted on someone else's infrastructure. Which means that you are going to try and hack someone else's infrastructure and this can mean trouble if the hosting company decides to take action against you.  Check with the host first and then move ahead. You cannot say that the because the site belongs to you, it means that you can do whatever because there will be terms of service too. For example many hosts explicitly forbid adult sites and will take down your site and sue you if you put up adult content.  The law here in India does not say anything on the action of doing stuff to your own site but do make sure that any and all connected persons are aware of your action(s). Document your plan and keep it safe. If someone comes knocking on your door it makes sense to have all this in hand rather than explaining that you are not harming anyone.  And finally, make sure you do not cross any boundaries in case you find any vulnerabilities on the host company infrastructure. Why not set up the infra in house and do your stuff !  -dinesh --- On Fri, 4/30/10, Siddharth Jagtiani <jagtiani....@gmail.com> wrote:

[Siddharth Jagtiani]

One small correction. There is a lot in the Indian Legal System that prohibits you from doing such tests. So dont be under the impression that there isn't.

Sid

[Tamaghna Basu]

Thank you all for replies.. Even, I kind of thought in similar direction. 1. Buying a domain and doing PT there still involves some complexities like getting approval from the service provider since I am still using their hardware. 2. I feel hosting it in my own server would be easier in that sense but still I have a question there. Do I still need to have approval of the ISP?       Regards,   T,   basubhaimca.blogspot.com   tamahawk-techguru.blogspot.com   TWEET: twitter.com/titanlambda

[I Bug]

yes u can buy a domain n host ur own website for hacking practice, but in my view it should be limited to ur php/html or whatever pages u hv hosted.

 

because the pages are hosted on ISP server, which is a shared resource for hosting multiple website by diff agencies.in that case it will be illegal.It will be a risk for other websites hosted on that ISP.