Solved protect your website for attackers

[zwx_exploiter]

For several years now I have been observing how the tendency for hacks for sites is growing. Hundreds of thousands of sites suffered from hacks, millions of sites are susceptible to attacks.
I decided to share with the developments that have already been introduced into the SECURED DLE release for a year and ensure the normal operation of the site without loss of information. Many will condemn me for this patch, as for someone I will ruin the business, greatly complicating the hack. This operating time is suitable for almost any site where there is php. I do not hold a grudge against those who do not believe in the release security. And so I’ll tell you how to protect yourself from: shells, sql inj, php inj, xss First I’ll introduce my module, you need to connect it before connecting to the database.

You don't have permission to view the code content. Log in or register now.

You don't have permission to view the code content. Log in or register now.

The module checks all GET and POST requests and, if it finds bad ones, it blocks it, preventing the requests from leaving the database or beyond.

Next, we need to protect ourselves from shells on the site.
We need to edit php.ini and disable the following functions

You don't have permission to view the code content. Log in or register now.

The shells successfully use these functions, it is necessary to disable the functions at the server level, since if you have hosting, then the shells can work on the neighboring account, which can lead to hacking. Hope this one will help to all developers.

 

[whattheduck]

For several years now I have been observing how the tendency for hacks for sites is growing. Hundreds of thousands of sites suffered from hacks, millions of sites are susceptible to attacks.
I decided to share with the developments that have already been introduced into the SECURED DLE release for a year and ensure the normal operation of the site without loss of information. Many will condemn me for this patch, as for someone I will ruin the business, greatly complicating the hack. This operating time is suitable for almost any site where there is php. I do not hold a grudge against those who do not believe in the release security. And so I’ll tell you how to protect yourself from: shells, sql inj, php inj, xss First I’ll introduce my module, you need to connect it before connecting to the database.

You don't have permission to view the code content. Log in or register now.

You don't have permission to view the code content. Log in or register now.

The module checks all GET and POST requests and, if it finds bad ones, it blocks it, preventing the requests from leaving the database or beyond.

Next, we need to protect ourselves from shells on the site.
We need to edit php.ini and disable the following functions

You don't have permission to view the code content. Log in or register now.

The shells successfully use these functions, it is necessary to disable the functions at the server level, since if you have hosting, then the shells can work on the neighboring account, which can lead to hacking. Hope this one will help to all developers.

Why I don't have permission to view the code content?

 

[sparky94320]

Same for me, can't view the code.

For protecting your website you have multiple technical consideration to take in count, and after that it may be not enough, nothing is perfect.
Read some docs, follow the rules, control internal/external connection on your server, allow only ip/certs auth/2way auth, scan softwares for security breach

Free service for ddos protection exist also


Depending on your activities your attacker may target you many way

 

[rainbowgirl42]

You can just install ModSecurity on Apache or Nginx. ModSecurity is a WAF that does exactly what you want. Doing it through php.ini or doing it from a module that you created that isn't maintained or tried and tested isn't the best way of doing things.