.htaccess file is a magic file. You can change the way your website works by using it. I have been reading a lot about .htaccess files. Perticularly .htaccess is very useful in shared web hosting environment where the users have no direct access to their servers or they want to implement some restrictions/security to their files. I will include here some very essential and useful .htaccess tricks. I have used some of these tricks and more to secure my websites according to my web server’s environment and to optimize speed/performance of my websites. Websites with heavy traffic, Digg traffic, Stumble upon or slashdot traffic will need to be optimized via many ways and .htaccess can help a lot.
(more…)
As a developer you must keep it in your mind that like any other programming platform PHP is also not secure. It can be hacked. Your website made in PHP can be stolen and hacked. There are softwares and exploits for attack. There are also vulnerabilities in PHP and there can be vulnerabilities in the PHP code you write. For that I have to suggest few things to you.
(more…)
Prevent people to view your php.ini file via a browser a few lines needed to be put into the .htaccess file.
Locate your .htaccess file which will be in your site’s root directory (public_html or www)
Download and edit .htaccess
Paste the following code into the bottom of the file and then click save:
(more…)
One of my website was hacked, exploited or whatever… recently. I thank that gentle hacker who just placed some files at my server and he was just checking log files and did not damage any file or database. I really thank him.
Well! I was using wordpress and I am with one of the best Web Hosting Servers available. Yes The BlueHost. They informed me that my website has been exploited and they stopped all services of my server till I approached them and asked for their help and they assisted me and we tracked the devil scripts and got rid of those.
- One file was about stealing Credit Card Information and then mailing script.
- Other file was including my errors log file to see doors for exploits.
Ohhh and one whole dangerous script which was meant for educational purposes as it was said in its headers but this guy was using it against website.
This script was for following purposes:
- Sql Injection Scanner
- Remote File Inclusion Scanner
- Local File Inclusion Scanner
- Remote Code Execution Scanner
- Mass Scan
- Integrated Shell, so you can execute commands on the server
- Security Mode to protect “dangerous” functions
- Spread Mode, to activate or disable Spread Function
- Single Spread Mode, to spread on RFI vulnerable sites
- Bypass Engines ON
(more…)
Suppose you want to protect you email address and want to put it online in form of image or you are displaying visitors emails in form of images while they had entered simple text, then this script is very useful. Text used in this example is my-email@hotmail.com under variable text. Find it and replace it or give input by a form and have image version of your entered text.
(more…)
