 |
If you are the only owner of any website or blog and want to protect your admin directory then you can allow that admin directory for just your IP and deny from all others. Here it is how.
It is easy to upload file when the Register_Globals are set to ON in the php.ini file (php configuration file) which is not recommended in any case for security reasons. When Globals are OFF then in this case I have tried this script and it works fine. Following is the script. Create two files. one html containing form and the other php file containing php script. This script will need a directory named as ‘img’ in root where this php script file is located according to the requirement of code. You can customize this code.
As a developer you must keep it in your mind that like any other programming platform PHP is also not secure. It can be hacked. Your website made in PHP can be stolen and hacked. There are softwares and exploits for attack. There are also vulnerabilities in PHP and there can be vulnerabilities in the PHP code you write. For that I have to suggest few things to you.
Prevent people to view your php.ini file via a browser a few lines needed to be put into the .htaccess file.
Locate your .htaccess file which will be in your site’s root directory (public_html or www)
Download and edit .htaccess
Paste the following code into the bottom of the file and then click save:
One of my website was hacked, exploited or whatever… recently. I thank that gentle hacker who just placed some files at my server and he was just checking log files and did not damage any file or database. I really thank him.
Well! I was using wordpress and I am with one of the best Web Hosting Servers available. Yes The BlueHost. They informed me that my website has been exploited and they stopped all services of my server till I approached them and asked for their help and they assisted me and we tracked the devil scripts and got rid of those.
- One file was about stealing Credit Card Information and then mailing script.
- Other file was including my errors log file to see doors for exploits.
Ohhh and one whole dangerous script which was meant for educational purposes as it was said in its headers but this guy was using it against website.
This script was for following purposes:
- Sql Injection Scanner
- Remote File Inclusion Scanner
- Local File Inclusion Scanner
- Remote Code Execution Scanner
- Mass Scan
- Integrated Shell, so you can execute commands on the server
- Security Mode to protect “dangerous” functions
- Spread Mode, to activate or disable Spread Function
- Single Spread Mode, to spread on RFI vulnerable sites
- Bypass Engines ON
