Geek asks and answers

How to protect my site

I know that the protection of any website is a very complex and broad topic of discussion, but I want to connect this issue with my specific site that I am working on. It was encoded in php by another programmer around 2004, and I am responsible for managing it. My problem is that it is cracking again and again. I noticed the following things when it was hacked.

  • .htaccess it was changed.
  • index.phpand the config.phpfiles were changed
  • Administrator password changed
  • Uploading files to the server
  • changing permissions on files and folders

I worked on the code, it was properly escaped, and I think there is no chance of sql injection. Since most of the problem is related to files and resolution, I doubt the server’s security, but because of the reason it was encoded around 2004, it probably won’t have any security, so I still need to prevent in my code my site hacked for the above issues?

Thanks in advance.

+5
source share
4 answers

Since the files were modified, this is unlikely due to SQL injection errors.

Features for accessing files:

  • Guess / steal your FTP password
  • Hack the server (you can do nothing about it)
  • Insufficient isolation on the server, that is, other clients can modify your files (you also can not do anything about it)

, , 2004 , , eval include , site.php?section=foo, foo.php -, 2004 . eval regex include(.*\$.*), require(.*\$.*). , .

+5

-, , , (a) script (s) . , .

, , . - , , ..

+4

OWASP top 10 . .

  • , .
  • MySQL , , , , . - openID. , MySQL-, pronto , PDO ( ), .
  • / APACHE/PHP ?

:

  • OWASP. . . , , ?
  • , ?
+2
  • , / .
  • php.ini ( Google)
  • Apache/Nginx/...
  • ( SFTP, SSH,...)
  • ( cookie), /
  • ( , 0x00 , ,... , )
  • / /...
  • , .
  • (/) -
  • , -, , .
  • ,
  • reinstall the server, maybe you are rooted
  • Use prepared statements

What is it;) This will greatly increase your safety, but experienced forwards are tough.

+1
source

More articles:


All Articles