Use the. Htaccess file to protect against hacking local
Dienstag, 27. Mai 2014
On the website, then you do need to set some rights for the 0777 directory for image processing script. At issue is the right set for 0777 are vulnerable to hack folder local, one shell script. This case usually happens when you use Safe Mode ON hosting, the script can not handle recording thumbnail pictures into folders.
Staying on the network to find a code to use. Htaccess block scripts run in the folder and put it all subdirectories. Post up here to share with you and when to use it again to get out.
Quote:
RewriteEngine On
RewriteRule. (Php | php3 | php4 | php5 | PHPs | Phtml | shtm | shtml | cgi | pl | pm | asp | cfm | JSE | jsp | jar | py | exe | com | bat | dll | pif | scr | reg | inf | htaccess | txt | html | htm) $ - [F] |
Use the. Htaccess file to protect against hacking local
Okie, Pa kon cuttings from place to place making is also very much the way security forum, what is the index marks, the firewall is doing v. .. v. .. OG admin.php also study how this one ... OG feel it is very convenient .. Simple, easy to understand ... OG should share this idea for PA kon .. who like it do not like to outlaw.
Okie ... on key issues .. IBF (or any other public forum, too) .. usually there is one risk is quite high localhack.
LocalHack mean? In simple terms understandable to 2 people sharing 1 server (host) .. but if poor host security, we can take advantage of this weakness to read the conf file objects (for a shared server path should have the same format together) ... and get the info database objects.
So what we must do to prevent? Well, we can say that we can do everything in my ability. And in addition to depend on anymore .. Host (Host phony if I must vertices only) ... hix .. start again Goy digress .. sorry .. hehe ... (ehhh.. Outlaw but ..).
Alright, OG will guide you to protect the OG is key and critical thinking. Honestly the OG not know the first thing about hacking .. hehe ... that tattoo guide players always play .. take that.
IBF according to OG think there are 2 files .. the main risk in 2 files hacked this out.
1. Admin.php (admin rights if they win, you know what happens rùi Chien asthma).
2. Conf_global.php (hackers often use this file for your database info and edit or delete your database).
So to protect we need to do?
# 1. First, you have to check all the folders on your host. View files folder .. but there is not the main index file ... for example the folder where the images, music, files for downloads .. so .. so ... consider that folder already there is no index file? if they do not have a index.html with any 1 1 What content and leave it at that.
-Explained: How to spend so? Doing so USERS can not browse thru the folders in your browser. OG web wanders a lot of times you do not see a lot of index file in the folder .. even root directory (as root go to do not forget this forum or something) ... and there is still time to get all OG phpmyadmin again .. if OG is compromised, just 3 mouse clicks are only .. this is complete the database which it already.
# 2. Protect admin.php: Can you hack admin or mod file mark must always delete it. When the ACP need to up it up. (Note, every mod hack added that they must stick admin.php offline backup). Read this issue invite you to read all Hide admin.php Mod.
# 3. In this article OG wanted to emphasize is that this section. It is used. Conf_global.php htaccess file. That is why? If you use the host's Cpanel sure you are also familiar with the login screen instead of it??? This one looks like.
Here OG will guide you how to do.
This is the first site to read OG's fine, because it's been hacked 2 times one day, it may hire one to do this for its name and it has guided the forum.
Guide told to use it to create telnet. Va.htpasswd htaccess ... but you know ... tell what telnet is not well known OG ... OG hehehe .. so sit forever thinking up a new path this round. (Detour experts find that ..)
Rui .. bullshit while now enough r ... now please go to the rec stiff problems.
Often in his Host 1 the function it is to protect one folder .. make certain you know ... OK .. here is what you need to protect only 1 file .. no need to protect 1 original folder (as if the original protected folder on the forum, who also need a pass) .... that CPanel to protect the original one folder .. (OG 1 do not know whether the file is not protected?) here ... so how??? Do not worry ... you just create one folder named something out ... well .. (or if you want to protect any folder in the folder from the need to create a forum .. for example .. Music folder not term).
Then set your Cpanel .. and protection functions for newly created folder .. OG example here is a folder named Virtual kindled. Set username and password for that folder
for example:
username = vietspace
pass = tochathangnaohacktao
.. Done ... You used to log onto the FTP host .. looking to Virtual folders (or directories already set) ... You will see 1 file. Htaccess in it .... Ten Ten .. do not know how to use telnet, it must do so alone ... Open the file. htaccess it out ... (if it is not open on the host machine down down).
Open the content you will see that it is similar to this:
Code:
AuthType Basic
AuthName "Protected"
AuthUserFile "/ home / path / to / file / .htpasswds"
require valid-user
Okie .. I do not need to edit anything in this file .. what you both need here is the
Code:
/ Home / path / to / file / .htpasswds
It is the path to the file. Htpasswd his newly set in Cpanel. that is, the password = tochathangnaohacktao it.
Rui Copy the line to that place ... so 1 side ... now you create one file. Htaccess with the following content.
Code:
# / Home / path / to / folder / forum /. Htaccess
CODE
<FilesMatch "conf_global.php">
AuthName "Admin Only"
AuthType Basic
AuthUserFile /home/path/tới/file/.htpasswds
require valid-user
</FilesMatch>
# / Home / path / to / folder / forum / conf_global.php is protected
# / Home / path / to / folder / forum / index.php and all others are NOT protected
The red text file is copied from their line. Htpasswds head down there .. also some bold line path, you replace it with the correct path of your forum ..
Save it. Htaccess and it's up to par with index.php and admin.php (in the forum folder).
DZI then ... now if anyone is using IE to access this file, it will pass and who require access to the virtual directory. (Forum still function normally)
Only when someone type in ... htxp :/ / yourdomain.com / forum / conf_global.php it requires new pass (localhack it).
Demo: hxtp :/ / www.janandcindy.com/ ~ slavelo / VFC / conf_global.php
Write more but hip know people do not understand? hehehe .. tui describe Currency Wa ha .. because no school bags ... what telnet is the wai, I did not know ... hehehe .. but the bag is only good for a detour .. anyone know more about telnet is only for PA kon do more this way kindled.
In addition to prevention we must also regularly update on the forums or track IBP can see what new security bugs that do not update it up (eg SQL injection).
Kiến thức mạng
All comments [ 0 ]
Your comments