I am having a lot of trouble with spammers and hackers. I am currently hosting my site on a windows server.
[FONT='Calibri','sans-serif']What is the best tool that I can use to protect my web-site? The tool should be easy to use and require no JAVA or Pearl and other programming languages as I am not familiar with them.
How to hack a website at phpizabi engine?!
keywords:
?L=, cecen hacked, cecen, hacked, phpizabi hacked, How to hack phpizabi
Hacking mechanism:
1. this is not hacking indeed. This is usage of phpizabi engine imperfection
Usually the path till the admin area looks like this:
?L=admin.general.configure
If changing the path to
?L=admin//general//configure
Then anyone can obtain full access to the admin area and can do everything he wants.
Similarly changing the path till any keyword file on the web site you can freely get the access to the database.
HOW TO CORRECT THIS ERROR:
mechanism:
1. Below I’ll show an example on how to correct the imperfection of phpizabi engine. This is only example and I recommend all the programmers to code by themselves their own mechanism of this error correction. Unque character of this mechanism will be one more obstacle against hacking.
So, in the very beginning of the script index.php we should put the following code:
$ser_p = array("'[^.A-Za-z0-9]*?'si");
$rep_p = array("");
$_GET = preg_replace($ser_p,$rep_p,$_GET);
It cleans everything from the query except “dots”, “letters” and “digits”.
2. All the folders in main directory of the web site which are located under the path /pages/ should not be accessible for opening!
The easiest and fastest way is to set password access for all the folders in /pages/ through «Password Protect Directories» - this is client’s admin area on the hosting. You should set password to all except “chat” and “gallery”.
3. File upload:
By default any file can be uploaded for scripts phpizabi for dating web sites. They could be uploaded like a picture for gallery or attached file for other web site elements.
Specially created *.php file which will be loaded at the server, can give full access to hacker and finally to walk away it from you!
I do not enclose the correction code of this error as you should restrict file uploading on the server by the class objects jpg/jpeg, gif and png.
software that monitoring an web site such as: I add an url and every 5 minutes he access the site if http server is down he send email notifications.
View 4 Replies View RelatedDoes anyone know of a tool (I've seen it before but forgot the name) which is a bar like 100x30 in pixel and when you click it, a box popups allowing you to select facebook, orkut, myspace, wordpress, etc etc, and you can blog the current site url you are surfing?
View 4 Replies View RelatedI'm trying to find a tool that will thrash a site to the break point and report where that is. This is for testing sites before they go online so that they don't go online and then drop offline because they can't handle the load.
View 1 Replies View Relatedi did make a big message on here but it deleted when i back spaced
my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.
username: webforum
pass: password
someone attacking my VPS via port 80, which firewall u advice me to use on windows 2003 WEB edition ?
Or anyone have smillar experiance and can tell me what to do? Btw my hosting company is LeaseWeb.
This is probably a pretty complicated answer so please forgive me as I'm a newbie to making my own ecommerce website.
What steps are needed to protect/prevent one's site from being hacked? I have domain privacy (on WhoIs) but I feel this isn't enough.
Are there any scripts out there that can protect URLs? For an example I am trying to protect a megaupload.com URL with a masking URL and making sure that the masking URL is only access by a referral site. Can this be done?
View 1 Replies View Relatedi have another question is their a way to protect a directory without using .htaccess because i dont have modrewrite installed on my apache server.
View 4 Replies View RelatedLast days my site was hacked to the main page has been added the "iframe" tag with path to the virus loading. I don't know how somebody could edit the original page and insert this code to the html body. This time I have updated this page from archive but I would be glad to know how to protect my site in future. Could somebody advice me fast and effective methods?
View 7 Replies View Relatedwhat is the best way to protect whm and cpanel from unwanted login?
If i change the port they still can sniff, is there away to put another layer to protect it or assigned specific ip to be able to login ? I'm on a dedicate server and only hosting for 1 site so there no customer that i should worry about.
can i change /whm and /cpanel to something else just to hide it form novice users.
how to pwd protect directories with when using no control panel, I am planning to change the login details of the protected directories every few days as well as its top secret data, so I would like to know how to protect directories with pwd, I know how to do using control panel such as cPanel r Plesk but I am having no control panel at this interface
I intend to share the files under this protected directories only to my team, so plz help me with codes if there are any
its cent 0s5, apache handler
how to protect an linux dedicated server from bot attack. Im using linux server with cPanel, using CSF firewall + DOS Deflate.
View 5 Replies View Relatedis it way to protect Reverse IP information ?
I mean someone can't see friend sites in same vps/server.
This is my domain ( godaddy )
[url]
And another domain ( not me )
[url]
How can have clamv antivirues as auto protect mode in whm/cpanel server?
We need to configure clamv as auto protect.
Probably a cron file is updating one of my files every night. Then normally the script is not working, script owner is not responding my emails. So any ways to protect the file for being overwritten.
View 3 Replies View RelatedRecommendation to manage my server
Recommendation me for max send mail per hour for per account?
(I not want my server go to black list server and spam provider list)
I have protected one folder on my domain from Cpanel using function "web protect" also its asking for password but the password is not working.
I did checked the .htpasswd file in users home directory and it have the user created for protection.
is there a way to protect whm/cpanel access?
At the moment anyone can type
domain.com/cpanel or domain.com/whm or server/cpanel or server/whm.
I would like to limit access to these pages by adding additional password (like folder password) or restricting IP.
what steps procedures need to be done to keep your database as safe as possible from the hackers. Anyway to be alert when someone got into your db and try to dump, alter your database?
View 4 Replies View RelatedToday i was informed that some of Apache instances are vulnerable for serving content while client is constantly pressing F5 button in browsers - once is pressed CPU load is increasing, page became slow etc. (it's dynamic content served by back-end Tomcats). In the same time i see errors with connection between Apache and Tomcats' instances.
Is there any good way to protect Apache against it ?
how can i protect my users from dns Spy
for example this link show all of users by ip:
[url]
i found that one of attacker.which ddos our users use this method.
he ddos for example domain1.com and after ban his ip. he do it on another user's domain.
how to protect Windows server from Mpack?
View 1 Replies View RelatedI recently bought an SSL certificate to protect user data. I installed the cert in WHM. But when I go to my website in https://, my browser says (Safari can’t open the page [url] because Safari can’t establish a secure connection to the server “*domain name*”.)
Do you know what's happening and how to fix it? I've never dealt with SSL before, so this is very frustrating.
suPHP - Protect User's Files
I have suPHP
Am suffering from a hacker every time, he changes my client’s index (index..Php).
I changed FTP log, but still, it seems doesn’t work!
My simple question: How to protect the index page from hackers?
How to protect a folder in cpanel server without using slash
View 4 Replies View RelatedWe tried to use one software for offline browsing to download our site and test it if it will fail or not. We used 500 threads at once. Program was able to request 56 pages per second. Of course server (site) failed because there were no more available mysql connections. So site went down. Mod_evasive didn't block that.
Here is the config:
<IfModule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 30
DOSLogDir "/var/log/httpd"
</IfModule>
Here is the copy of text I found on one site about mod_evasive:
Mod_evasive does work relatively well for small to medium sized brute force or HTTP level DoS attacks. There is, however, an important limitation that mod_evasive has that you should be aware of. The mod_evasive module is not as good as it could be because it does not use shared memory in Apache to keep information about previous requests persistent. Instead, the information is kept with each child process or thread. Other Apache children that are then spawned know nothing about abuse against one of them. When a child serves the maximum number of requests and dies, the DoS information goes with it. So, what does this mean? This means that if an attacker sends their HTTP DoS requests and they do not use HTTP Keep-Alives, then Apache will spawn a new child process for every request and it will never trigger the mod_evasive thresholds. This is not good…
Is there any solution for such type of attack with Keep Alive disabled?
today i have DDos Attack in my server in port :80
what is the better way to secure my server from DDos Attack
I have subdomain, the index file was hacked
Who know how to protect the Index files with cpanel
