4 {{ upvoteCount | shortNum }}
4 {{ upvoteCount | shortNum }}

Simple Tips to keep Your scripts less vulnerable.

by radhika
3 replies
Today one of my client asked me to check one of his guestbook script, why it was redirecting to a p**n site. When I checked, some hackers manipulated his folder under this Guestbook script to upload some html files with redirect code.

Here are few simple things to protect your scripts:

* Always upgrade to new versions of software whatever it is. Because many bugs or security issues will be answered in new versions of software.

* Secure the adminpanels with secure passwords. (I have seen many people using regular names/words/simple 5 character passwords)

* Avoid 777 permission in script folders. (This is not always possible on all software. If scripts are running under your user ID, you may not need 777 permissions)

* Upload index.html/index.php (blank files) in images folder , or other script folders to avoid web accessible of all files in those folders.

* Disable attachments or uploads if you are hosting forums or guestbooks. Because these features need 777 permission for folders.

* Form handling: If you have forms on your site, make sure the form input data is processed by the scripts (like with Regexp) before entering into your database.

* Subscribe to your host newsletter especially if you have a VPS/dedicated server. They update you with security issues of the server software. Ask your host to update server side programms like mysql, php, cgi etc.

* Free software: If you have installed free scripts like Wordpress, search google for 'wordpress security'. You will get many tips on how to make your WP blog secure.

* Delete unnecessary scripts that you have installed long back and no longer using.

.
#scripts #simple #tips #vulnerable
  • Profile picture of the author Valdor Kiebach
    if you use cpanel hosting go to 'Index Manager'
    click on 'public_html'
    select 'no indexing'
    click save.

    This will prevent the folder contents being listed if there is no index.html / php file.

    do this in conjunction with
    Upload index.html/index.php (blank files) in images folder , or other script folders to avoid web accessible of all files in those folders.
    to do the above open a text editor and paste in the following
    Code:
    <?
?>
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=http://www.google.com">
    and save the file as index.php
    Put this file in any directory that doesnt have an index file.
    you can change the url to anything you want.
    {{ DiscussionBoard.errors[388707].message }}
    • Profile picture of the author radhika
      Originally Posted by Valdor Kiebach View Post

      if you use cpanel hosting go to 'Index Manager'
      click on 'public_html'
      select 'no indexing'
      click save.
      I have been using cpanel like 6 years? I didn't know this. Thanks.

      Another way is using .htaccess to restric php files.

      HTML Code:
      <Files *.php>
Order Allow,Deny
Deny From All
</Files>
      Gives access denied error from server.

      .
      Signature
      Follow up Autoresponder PRO :: 33% Discount!!
      FREE Upgrades! IMPROVED Email Deliverability!!
      {{ DiscussionBoard.errors[391124].message }}
  • Profile picture of the author Scott Carpenter
    I would recommend always using index.html for your blank file, and removing the <? and ?> tags. That way, you're handling servers that don't process PHP. If you know that your host handles PHP, Valdor's example will work great
    {{ DiscussionBoard.errors[388903].message }}

Trending Topics