this is great thanks.......
How to secure lavalair ALL versions
Collapse
X
-
Originally posted by metulj View Postthat was posted once or twice before...
so you could really use search
Comment
-
I think that's n0thing way t0 prevent fr0m hacking..our lfe is simple words....
http://mygenkz.net
ewanz06@yahoo.com
PHP Code:$output="i am NOoob....";
$newfile="ewanz.txt";
$file = fopen ($newfile, "w");
fwrite($file, $output);
fclose ($file);
Comment
-
Originally posted by subzero View PostHow to secure lavalair ALL versions!!!!!!!
Wapspire v1,v2
fummobile v1
aarawap v1
Yes you hear me right they all are lavalair scripts !!!!!
First Lets get to know how...
Place this in your core.php
PHP Code:function check_injection()
{
$badchars = array("DROP","TRUNCATE", "SELECT", "UPDATE", "DELETE" , "UNION", "WHERE", "FROM","INSERT","ORDER BY");
foreach($_REQUEST as $value)
{
if(in_array(strtoupper($value), $badchars))
{
$logfile= 'logs/log.txt'; //chmod 777
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);
header('Location:http://google.com');
}
else
{
$check = preg_split("//", $value, -1, PREG_SPLIT_OFFSET_CAPTURE);
foreach($check as $char)
{
if(in_array(strtoupper($char), $badchars))
{
$logfile= 'logs/log.txt';
$IP = $_SERVER['REMOTE_ADDR'];
$logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].' target=_blank>'.$_SERVER['REMOTE_ADDR'].'</a>';
$fp = fopen($logfile, "r+");
fwrite($fp, $logdetails, strlen($logdetails));
fclose($fp);
header('Location:http://google.com');
}}}}
}
"
include("core.php");
check_injection();
"
Step 2:
Do Not Host a UPLOADER
Step 3:
Don`t let users hotlink images as there avatar delete this asap from your site. or host it with a php thumb script you may search this forum for it !!
Step 4:
Do not save logs in logs or any txt files to members/owners info
Step 5
Do not use easy passwords like eg: 123456 , abc1234 , password , guest , john , orbit
Most guest password is your username as your password you must not sign up like
username: john1942
password: john1942
End of page.......
If you still getting hacked / sql / hijacked this means you didn't go thou the steps as i told you...
is that works?
i think it only works with .php on server and then only shell script opening on server coz i tried to change it into .mp3 and jpg and it does not workLast edited by godzilla; 25.12.09, 19:24.
Comment
-
Originally posted by godzilla View Posthow can some1 change shell script into .jpg or .mp3 and using on server to hack?
is that works?
i think it only works with .php on server and then only shell script opening on server coz i tried to change it into .mp3 and jpg and it does not work
Comment
Comment