Jump to content

Primary: Sky Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Secondary: Sky Slate Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate Marble
Pattern: Blank Waves Squares Notes Sharp Wood Rockface Leather Honey Vertical Triangles
Welcome to PHPFox Camp
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account
cheap dedicated servers
Photo

How can I prevent my site from being hacked?

darkgoth hack hacked hacking

  • Please log in to reply
24 replies to this topic

#1
DarkGoth

DarkGoth

    Moderator

  • Moderators
  • 1,233 posts
  • LocationUnknown
NOTE : To all phpfoxcamp members DO NOT give your FTP, cPanel or admincp access to !!ANYONE!! who claimed or promised he can fixes your site problem/error easily without knowing his/her background, especially to members who have legit license to phpfox script, modules or themes because if these thieves shared your licensed phpfox stuff here then the developer find out, your account will be banned by them or they may upload malicious/shell/backdoor to your server. Keep this in mind ..

NEVER SHARE YOUR CREDENTIALS WITH ANYONE,NEVER!

------------------------------------------------------------------------------------------

1. Software and Scripts Up to Date.

If for some reason your running an old version of phpbb,phpfox, or maybe an old vbulletin or even a simple script, make sure you upgrade them to the latest version. That may get your website hacked easily using methods like RFI or SQL injections.

2. Plug ins, Add ons and Modules.

Running a CMS site? like Joomla, Mambo, Datalife,phpfox or maybe a forum like phpbb, SMF, vbulletin will think again before uploading/installing modules and plug ins. The developers of those scripts take good care of their codes to keep it clean of exploits and bugs. The plug-ins developers most of time don'€™t, they are the 70% cause of hacking those kinds of software'€™s.

3. It's Your Fault.

Most Webmasters think that if they get hacked it's because their Hosting sucks or the hosting staff isn'€™t doing its job, but they're WRONG. If you get hacked it's your fault. If you install a script with bugs, the hosting owner can'€™t do anything about it. If someone exploits your bug and gains access to your site it'€™s your fault, don'€™t blame your web hosting company, blame yourself. After being hacked you should try to look for your scripts in sites like milw0rm.com to see if your scripts did have any bugs.

4. Protect Your Password

If you run a very popular site then be careful! Some people may love you, some people may hate you. They could try to get into your FTP, cPanel, or hosting account. Some of them may even try to send you Keyloggers, Trojans and monitoring programs to get access to your websites. Be careful when accepting files, using instant messaging softwares like Yahoo, MSN, or AIM. Also always use the hardest password possible.

5. Keep your Hosting Account and PC Clean

Most people have lots of files they don'€™t even use on their hosting accounts and computers. On their hosting accounts this may cause wrong indexation in search engines like Google, Yahoo, Msn, and Ask. They may start indexing old sites in forgotten folders, as personal files like pictures and more, it’s always good to keep your hosting account with only your website updated content.

6. Quality Before Quantity.

Use quality software for your site. Why use phpbb (greatly Coded), if you can buy a vBulletin License. If you'€™re already making a revenue from your site using advertising programs like Google AdSense, cpx Interactive and more, then think that you have to invert to win. The more you invert, the better chances you have to win, this may keep your site clean of hackers.

7.Backups, Backups and yes.. Backups.

Most common mistakes people make is uploading and just uploading! Make a backup of your Site! Keep the files on your PC, or in your USB or External Hard Drive, it can save your life. I got hacked 5 times and you can ask my visitors if they have ever seen an hacked index on my sites.. NEVER. That'€™s the greatest satisfaction of a hacker. Never let your users see that you got hacked. Clean your whole hosting account before leaving that killing ranking index on your site.

8. Don'€™t put all your eggs on the same basket.

If you have some time in the Web Business and have more than 2 sites.. then protect them! Did you know that if one of your websites gets hacked, all of the other websites in the same hosting account may get hacked too? Yes, Defacers can easily upload a shell to your FTP and get access to all your sites. You can easily prevent this by buying a Reseller Account or buying more than one Hosting Account, even if they offer you a lot of hosting storage and bandwidth.

9. Knowledge is Power!

Learn, read, and search. Now days with the use of great search engines you can access a lot of information that may keep you safe and may even make you a Defacer or Hacker. Most of the Hackers have learned to use search engines and community forums. Underground community'€™s that provide them carding information, defacing information and a lot more. To Prevent them you gotta think like them.

10. Check CHMOD, Permissions.

Most of time while installing new scripts they ask you to CHMOD to 777, for some files, some times that may be fatal. When a Defacer comes into your site files it becomes easier to modify/edit/delete the files with 777, if you public_html folder has those permissions your basically done, and hacked. But if it doesn'€™t then he can only modify the ones with those permissions. It's good to keep in mind so that when you finish the installation you bring back all the old permissions.

Bonus: for those VPS / Reseller / Dedicated Costumers is important to keep in mind that the root'€™s password for MySQL is also a big factor when talking about hacking, it'€™s always good not let it as default, this may cause you lose all your tables and rows.

NOTE : To all phpfoxcamp members DO NOT give your FTP, cPanel or admincp access to !!ANYONE!! who claimed or promised he can fixes your site problem/error easily without knowing his/her background, especially to members who have legit license to phpfox script, modules or themes because if these thieves shared your licensed phpfox stuff here then the developer find out, your account will be banned by them or they may upload malicious/shell/backdoor to your server. Keep this in mind ..

NEVER SHARE YOUR CREDENTIALS WITH ANYONE,NEVER!

Regards,
DarkGoth


#2
blueFox

blueFox

    Camper

  • Campers
  • 1,113 posts
useful tutorial :muscle:

#3
ShadDaKlown

ShadDaKlown

    Business Developer

  • Campers
  • 391 posts
  • LocationThe Wicked Realms
great post. very useful information here. lets jsut hope that people will take heed to what you said. :)

#4
GoodJob

GoodJob

    Fresh Developer

  • Campers
  • 44 posts
  • LocationBlack Hole, Outerspace
Helpful information for me :yes:

#5
conex

conex

    Business Developer

  • Campers
  • 153 posts
  • LocationThe world
This is normal prevention, but fiew persons don't know about it :)
Thank Dark :)

#6
conex

conex

    Business Developer

  • Campers
  • 153 posts
  • LocationThe world
Who need help with website? :)
Give me your all passwords and login, I will help hahaha :)
This is joke of course, but many peoples wrote like this.
Take care of yourself and your websites.
Dark is 100 % right

#7
tak

tak

    Pro Developer

  • Campers
  • 824 posts
I read through it and found it very helpful. I knew a lot if it,but reading it was a nice reminder. Thanks.

#8
Honalnas0com

Honalnas0com

    Business Developer

  • Banned
  • 164 posts
thank you very much

#9
josh1307

josh1307

    Business Developer

  • Campers
  • 154 posts
Thank's :clap:

#10
billyf777

billyf777

    Business Developer

  • Campers
  • 401 posts
DG, do you think it might be prudent to include some protection against common hacking methods with the use of something like this in the htaccess?


## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts.
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

#11
imaman

imaman

    Business Developer

  • Banned
  • 214 posts
100% guaranteed way to protect yourself from hacking

dont own a website ;)

#12
MarkZuckerberg

MarkZuckerberg

    Business Developer

  • Fox Fan Club
  • 217 posts
Thanks alot @Daki...Very Informative Post. :coffee:

#13
lee

lee

    Business Developer

  • Fox Fan Club
  • 293 posts
  • LocationWales UK
Brilliant tut but to be honest didnt expect any less from Darkgoth....nice one mate very useful.

#14
hackerant

hackerant

    Pro Developer

  • Fox Fan Club
  • 729 posts
Good post bro.

#15
nancye

nancye

    Newbie

  • Campers
  • 7 posts
Be sure to completely revise and check all the php files and js script of .zip you download here

Edited by nancye, 29 September 2013 - 06:27 PM.


#16
zoldos

zoldos

    Business Developer

  • Campers
  • 121 posts

100% guaranteed way to protect yourself from hacking

dont own a website ;)

LOL Yeah but that's no fun. :D

#17
zoldos

zoldos

    Business Developer

  • Campers
  • 121 posts

DG, do you think it might be prudent to include some protection against common hacking methods with the use of something like this in the htaccess?


## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts.
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

I use something like this. It's supposed to protect against certain exploits. Seems to work...

#18
tak

tak

    Pro Developer

  • Campers
  • 824 posts

100% guaranteed way to protect yourself from hacking

dont own a website ;)


I have an even better way. Do not exist. Lol

#19
zoldos

zoldos

    Business Developer

  • Campers
  • 121 posts

I have an even better way. Do not exist. Lol

Nah, that wasn't as funny. :D

#20
code4f00d

code4f00d

    Newbie

  • Campers
  • 9 posts
do not share any information relating to your hosting for anyone :yes:





Also tagged with one or more of these keywords: darkgoth, hack, hacked, hacking

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users