Forgot Password / Register
Most Popular189
Graphic Design17
Desktop Programming19
Web Development197
Operating Systems9
Video & Audio Editing0
App Development
Hardware0
Site Statistics
Total Members: 520
Total Tutorials: 242
Newsest User: 8884244477
Todays Unique Hits: 748
0 Users 4 Guests Online

User System Tips

In this tutorial you will learn a few different things that you can use to protect your user system from being attacked by hackers.

First Tip:

You can change your file endings with a simple line in your .htaccess file wether you want the file ending to be .lol or something random like .abc123

So, open up you .htaccess and add this line:
Code

application/x-httpd-php .abc123


This would allow you to do as i said, make file with the ending of .abc123

By using this you could save yourself from fopen attempts from other web servers and what-not because the file would be harder to guess.

Second Tip:

Config files are usually a prime target because users tend to just copy and paste coding with common variables such as $user or $pass.

One way to make them mharder to guess is by defining such as in the script below:
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<?php
define("HOST""localhost"); //the defined variable of host
define("USER""root"); //your database username
define("PASS"""); //the database password
define("DATA""testdatabase"); //finally the database

$error "<html><head><title>Error</title>
               <style>P,BODY{ font-family:arial,sans-serif; font-size:11px; }</style></head><body>
               &nbsp;<br><br><blockquote><b>There appears to be an error with the database.</b><br>

               You can try to refresh the page by clicking <a href=\"javascript:window.location=window.location;\">here</a>.<br></body></html>"//error to be used

@mysql_connect(HOSTUSERPASS) or die($error); //connect or die with the error above.
@mysql_select_db(DATA) or die($error); //select DB or die with above error
?>


You should change the defined variable to something harder.
Note: if dashes are in the name you will get an error.

Third Tip:

Using simple encryption methods such as just one md5:
PHP Code
1
2
3
4
<?
$pw md5($_POST[pass]);
?>

Website such as milw0rm and programs such as Cain And Abel are able to crack these thus revealing your password to the hacker.

Using methods with more than one md5 or sha1 process may greatly increase security.
you could use something like:
PHP Code
1
2
3
4
5
6
7
8
9
10
<?php
function secure($var){
    $s1 md5(md5(md5(md5(md5($var))))); //lets md5 the pass
    $s2 sha1(sha1(sha1(sha1(sha1($var))))); //lets sha1 the password
    $makeone "!-$s1-$s2-!"//compile both for a longer password
    $secure sha1(md5($makeone)); //make the makeone variable safer
return $secure//return the secure password
}
?>


This could safe your usersystem due to the effect if the said hacker knows what to do and wishes to waste time on decoding about 10+ md5/sha1 passwords then they may if not, they might just leave your site alone.

User System Start: User System Part 1
ShadowMage
Author:
Views:
4475
Rating:
Posted on Sunday 22nd February 2009 at 12:36 PM
lajevardi
lajevardi
use the code below on the first tip:
<code>
<IfModule mod_mime.c>
AddType application/x-httpd-php .py
</IfModule>
</code>
Posted on Tuesday 15th January 2008 at 06:14 PM
Agw2012
Agw2012
Good Job ;)
Better Than The Old Database Error :)
Posted on Friday 18th May 2007 at 09:19 PM
cyruswu
cyruswu
Good job!
Copyright © TutorialNinja 2014
Terms of ServicePrivacy Policy