NOOBS GUIDE TO SECURE YOUR SITE , SERVER AND EMAIL

[1nject0r]

if u have just website i am not talking about server if u have just website u can secure it by following this method

1) use cloudflare to block hacker to ddos your site
2) use firewall for your site
3) buy ssl certificate
4) use secure password
5) move your admin panel to other place like yoursite.com/admin into yoursite.com/noaccess or whatever u want
6) protect your file by using passwords

if you are using joomla wordpress or any forum make sure to update and always hide your version number

your website can be hacked via this meth0d

1) SQL Injection

2) OS Command Injection

3) Unchecked Path Parameter / Directory Traversal

4) Improper Session Management

5) Cross-Site Scripting

6) CSRF (Cross-Site Request Forgery)

7) HTTP Header Injection

Mail Header Injection

9) Lack of Authentication and Authorization


If your website look like this php=id? or u have installed shopping cart make sure its not vuln to sql injection

if u have search box in ur site make sure ur site not vuln to xss

xss = cross site scripting if u need cheat google it and put on searchbox of ur site

SMF MYBB VBULLETIN  >>> always make new admin panel directory for security reason

vbulletin.com/admincp to vbulletin.com/9929348440 or whatever u like




More coming soon

[1nject0r]

if u recently installed any software make sure there is not install.php or install folder

always secure ur config.php file by chmoding 777 or if yes always rename the file name

use secure ftp and remember to check no anonymous user allowed


secure your .htaccess file to prevent the hackers

dont use nulled or cracked software for ur website they hve always backdoored installed and they can hack ur website

[1nject0r]

If your site is based on php read this to secure
PHP has often been accused of being
security-lax as over the years many
exploitable bugs have been found within it.
However, it has matured steadily and most
of the bugs tend to be avoidable by either
configuring the installation correctly and/or
writing the code securely.

Here are some configuration tips (writing
secure code is covered in a later section)
that relate to the variables in the “php.ini”
file:

Ì Set ‘register_globals’ off

Ì Set ‘safe_mode’ on

Ì Set ‘open_basedir’ to the base
directory of the website

Ì Set ‘display_errors’ off

Ì Set ‘log_errors’ on

Ì Set ‘allow_url_fopen’ off

[1nject0r]

Popular server-side applications that have
had problems in the past with critical,
exploitable bugs include (but is certainly not
limited to!):

Ì Wordpress (blogging software)

Ì phpBB Mybb and SMF (forum software)

Ì CMS Made Simple (CMS Software)

Ì PHPNuke (CMS Software)

Ì bBlog (blogging software)

Ì JBoss (application server)

Ì Coppermine (image gallery software)

[1nject0r]

1. How to keep your Windows computer up-to-date, http://support.microsoft.com/kb/311047

2. Apache Security Tips, http://httpd.apache.org/docs/2.2/misc/security_tips.html

3. Securing Apache 2: Step-by-Step, http://www.securityfocus.com/infocus/1786

4. 20 ways to Secure your Apache Configuration, http://www.petefreitag.com/item/505.cfm

5. The CodeIgniter PHP Framework, http://www.codeigniter.com

6. Ten Security Checks for PHP, Part 1, http://www.onlamp.com/pub/a/php/2003/03/20/php_security.html

7. Creating a Secure PHP Login Script, http://www.devshed.com/c/a/PHP/Creating-a-Secure-PHP-Login-Script/

8. Securing PHP: Step-by-Step, http://www.securityfocus.com/infocus/1706

9. Securing MySQL: Step-By-Step, http://www.securityfocus.com/infocus/1726

10. Apache Attack Samples, http://www.ossec.net/wiki/index.php/Apache_attack_samples