zwx_exploiter
New Member
For several years now I have been observing how the tendency for hacks for sites is growing. Hundreds of thousands of sites suffered from hacks, millions of sites are susceptible to attacks.
I decided to share with the developments that have already been introduced into the SECURED DLE release for a year and ensure the normal operation of the site without loss of information. Many will condemn me for this patch, as for someone I will ruin the business, greatly complicating the hack. This operating time is suitable for almost any site where there is php. I do not hold a grudge against those who do not believe in the release security. And so I’ll tell you how to protect yourself from: shells, sql inj, php inj, xss First I’ll introduce my module, you need to connect it before connecting to the database.
The module checks all GET and POST requests and, if it finds bad ones, it blocks it, preventing the requests from leaving the database or beyond.
Next, we need to protect ourselves from shells on the site.
We need to edit php.ini and disable the following functions
The shells successfully use these functions, it is necessary to disable the functions at the server level, since if you have hosting, then the shells can work on the neighboring account, which can lead to hacking. Hope this one will help to all developers.
I decided to share with the developments that have already been introduced into the SECURED DLE release for a year and ensure the normal operation of the site without loss of information. Many will condemn me for this patch, as for someone I will ruin the business, greatly complicating the hack. This operating time is suitable for almost any site where there is php. I do not hold a grudge against those who do not believe in the release security. And so I’ll tell you how to protect yourself from: shells, sql inj, php inj, xss First I’ll introduce my module, you need to connect it before connecting to the database.
Code:
You don't have permission to view the code content. Log in or register now.
Code:
You don't have permission to view the code content. Log in or register now.
Next, we need to protect ourselves from shells on the site.
We need to edit php.ini and disable the following functions
Code:
You don't have permission to view the code content. Log in or register now.