How to secure lavalair ALL versions!!!!!!!
Wapspire v1,v2
fummobile v1
aarawap v1
Yes you hear me right they all are lavalair scripts !!!!!
First Lets get to know how...
Place this in your core.php
Add this too ALL of your headers Before <html or <doc type Under core.php include file
"
include("core.php");
check_injection();
"
Step 2:
Do Not Host a UPLOADER
Step 3:
Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!
Step 4:
Do not save logs in logs or any txt files to members/owners info
Step 5
Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit
Most guest password is your username as your password you must not sign up like
username: john1942
password: john1942
End of page.......
If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...
Wapspire v1,v2
fummobile v1
aarawap v1
Yes you hear me right they all are lavalair scripts !!!!!
First Lets get to know how...
Place this in your core.php
PHP Code:
function check_injection()
{
$badchars = array("DROP","TRUNCATE", "SELECT", "UPDATE", "DELETE" , "UNION", "WHERE", "FROM","INSERT","ORDER BY");
foreach($_REQUEST as $value)
{
if(in_array(strtoupper($value), $badchars))
{
$logfile= 'logs/log.txt'; //chmod 777
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);
header('Location:http://google.com');
}
else
{
$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
foreach($check as $char)
{
if(in_array(strtoupper($char), $badchars))
{
$logfile= 'logs/log.txt';
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);
header('Location:http://google.com');
}}}}
}
"
include("core.php");
check_injection();
"
Step 2:
Do Not Host a UPLOADER
Step 3:
Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!
Step 4:
Do not save logs in logs or any txt files to members/owners info
Step 5
Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit
Most guest password is your username as your password you must not sign up like
username: john1942
password: john1942
End of page.......
If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...
Comment