Security Guidelines for forum / website prevent local attack

Currently on the root that many brothers call or hacked web security guide, today sit idle should write this article to guide you a little bit, actually a lot of places also guides you somewhat and security should I just write back soon, each one of the different security and after this post I will guide you a little more secure again. 

Note that if you use any open source is frequently updated information error about the version you are using and fix bugs  .And the code you use, the hand is still the most attention SQL Injection, this error is very much alert but most often also suffering brother. 

Following are security guidelines brothers Part 1: (dc do this well okay okay) 

1, For open source, the first thing that needs to change config file path, here i will show you the VBB change because it is quite common with you. 

You first create a folder named # tenthumuc , note the # at the beginning there okay 

Copy config.php file here (can rename) 

Then the file includes / class_core.php find includes / config.php and replace it with the new path of the config file 

her example config folder name is # kai and root.php rename the config.php file, you open includes / class_core.php replace the entire includes / config.php into # kai / root.php 

Explanation: The directory name will be the # at the beginning of DC very much limited risk of attack, why? 
Since # is the separator particular address, for example: 

http://root.vn/hack.php # kai 

-> The browser will send a request to file http://root.vn/hack.php and the page load is finished it will scroll to the ID card is kai 

So if someone reads config.php file using shell ligament term 
If in the normal way, then it will call as follows: 





as you can see in the link on the # kai was separated from the chain link 
What would be the equivalent link on the following link 



-> How will the wrong path and not read the config again. 

2. Changing path location admin 

- VBB: 

In the config file to find the line 




admincp then replaced by the name you want to replace, and from now on you on a new path is admin under dc. 

- Joomla: Using the component forget that whatever name it  . Me will update later 

- Wordpress: There are many plugins but I felt pretty good hide_my_wp upright, view source when they are not experienced hacker can not recognize that the dc wordpress. Download it here dentist you http://file.root.vn/pod03bcg1 

And the other source to find decent .... 

3. Chmod folder protection 

- For children Cpanel: 

CHMOD 400 the file # tenthumuc / config.php includes / class_core.php 
CHMOD 100 the folder # tenthumuc and includes 

- For children DirectAdmin 

# Chmod 004 for files tenthumuc / config.php includes / class_core.php 
CHMOD 001 the folder # tenthumuc and includes 

- For children Kloxo: 

CHMOD 404 for config okay with Kloxo guy is a little bit special one that you can rename it will not look the # dc on hosts, via ftp can only look up to you via ftp it up okay. 

4. Distribution rights on the database user 

When you add the user to the database you selected in the Drop off the go, a lot to you or full rights. And you own what to spend your VB then it's okay to count page views topic 

5. Booking pass for admin directory 

With Cpanel: 

Right-click the folder to select Password protection Protect 



Enter your message at the login window when the user into this directory 




Then saved 



Then click back again to enter user, pass 



Click Add / Modify Authorized user is finished. 

With DirectAdmin 

Browse to the folder, select Protect protected 



Then fill out the information as shown 


6. Recommendation 

- Backup your data regularly. 
- Do not know the guy does pass  
- This method is only 1 part to protect you from attacks by hackers, so do not think your site is secure offline 
- Regular updates of your CMS patches are used. 
- At the regular ROOT