• Do you Play DayZ, World of Tanks or STO? Why not visit our Partner website The Good Stuff Clan and join the gaming goodness they have to offer, click here to join their discord


Solved protect your website for attackers

zwx_exploiter

New Member
Joined
Sep 18, 2019
Messages
0
Reaction score
4
Points
2
Age
30
Location
anonymous
DS Credits
44D$
For several years now I have been observing how the tendency for hacks for sites is growing. Hundreds of thousands of sites suffered from hacks, millions of sites are susceptible to attacks.
I decided to share with the developments that have already been introduced into the SECURED DLE release for a year and ensure the normal operation of the site without loss of information. Many will condemn me for this patch, as for someone I will ruin the business, greatly complicating the hack. This operating time is suitable for almost any site where there is php. I do not hold a grudge against those who do not believe in the release security. And so I’ll tell you how to protect yourself from: shells, sql inj, php inj, xss First I’ll introduce my module, you need to connect it before connecting to the database.

Code:
You don't have permission to view the code content. Log in or register now.
Code:
You don't have permission to view the code content. Log in or register now.
The module checks all GET and POST requests and, if it finds bad ones, it blocks it, preventing the requests from leaving the database or beyond.

Next, we need to protect ourselves from shells on the site.
We need to edit php.ini and disable the following functions

Code:
You don't have permission to view the code content. Log in or register now.
The shells successfully use these functions, it is necessary to disable the functions at the server level, since if you have hosting, then the shells can work on the neighboring account, which can lead to hacking. Hope this one will help to all developers.
 

whattheduck

New Member
Joined
Jan 25, 2020
Messages
4
Reaction score
3
Points
11
Age
43
Location
AU
DS Credits
66D$
For several years now I have been observing how the tendency for hacks for sites is growing. Hundreds of thousands of sites suffered from hacks, millions of sites are susceptible to attacks.
I decided to share with the developments that have already been introduced into the SECURED DLE release for a year and ensure the normal operation of the site without loss of information. Many will condemn me for this patch, as for someone I will ruin the business, greatly complicating the hack. This operating time is suitable for almost any site where there is php. I do not hold a grudge against those who do not believe in the release security. And so I’ll tell you how to protect yourself from: shells, sql inj, php inj, xss First I’ll introduce my module, you need to connect it before connecting to the database.

Code:
You don't have permission to view the code content. Log in or register now.
Code:
You don't have permission to view the code content. Log in or register now.
The module checks all GET and POST requests and, if it finds bad ones, it blocks it, preventing the requests from leaving the database or beyond.

Next, we need to protect ourselves from shells on the site.
We need to edit php.ini and disable the following functions

Code:
You don't have permission to view the code content. Log in or register now.
The shells successfully use these functions, it is necessary to disable the functions at the server level, since if you have hosting, then the shells can work on the neighboring account, which can lead to hacking. Hope this one will help to all developers.
Why I don't have permission to view the code content?
 

sparky94320

Member
Joined
Apr 20, 2020
Messages
5
Reaction score
4
Points
8
Age
28
Location
Paris
DS Credits
18D$
Same for me, can't view the code.

For protecting your website you have multiple technical consideration to take in count, and after that it may be not enough, nothing is perfect.
Read some docs, follow the rules, control internal/external connection on your server, allow only ip/certs auth/2way auth, scan softwares for security breach

Free service for ddos protection exist also


Depending on your activities your attacker may target you many way
 

rainbowgirl42

New Member
Joined
Apr 23, 2020
Messages
2
Reaction score
1
Points
8
Age
30
Location
Australia
DS Credits
20D$
You can just install ModSecurity on Apache or Nginx. ModSecurity is a WAF that does exactly what you want. Doing it through php.ini or doing it from a module that you created that isn't maintained or tried and tested isn't the best way of doing things.
 
  • Like
Reactions: sparky94320
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features of our website. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock