Secure a Lava Script (Wapdesire)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    Originally posted by DjMatrix View Post
    if it makes it harder for noobs to hack then it is more secure aint it?
    Incorrect, just hiding a session don't make it more secure as the sessions still show on images etc and it will make more holes and alot more easy to hack.

    i found that out about a day ago. and tested what i was told and it worked.. so really hiding the session is unleasing a whole new hole.

    Comment


      #17
      is there other way to secure site up then whitewarrior

      Comment


        #18
        What an original lavalair or wapdesire?.. nope, it only way it can be done is to FULLY recode it and find all the holes and fix them..

        thats why its pointless in creating topic saying "secure lavalair"..
        the script is very out dated now and there are LOADS of good/bad edits but ALL have holes.. and simple to get into if you know how.

        The script has to run globals ON what in itself is unsecure. and apche IS will disable it when they update.. so its pointless in working on an lava script. make a new script..
        if you can edit then you can code.. editing is harder then coding.

        Comment


          #19
          Originally posted by WhiteWarrior View Post
          What an original lavalair or wapdesire?.. nope, it only way it can be done is to FULLY recode it and find all the holes and fix them..

          thats why its pointless in creating topic saying "secure lavalair"..
          the script is very out dated now and there are LOADS of good/bad edits but ALL have holes.. and simple to get into if you know how.

          The script has to run globals ON what in itself is unsecure. and apche IS will disable it when they update.. so its pointless in working on an lava script. make a new script..
          if you can edit then you can code.. editing is harder then coding.
          It Doesnt need fully re-coding but does need a lot of work. (every page needs working on)
          But then again it is a good idea to learn on lava and find the holes yourself
          So then when your ready to code your own site your not going to make the same mistakes

          Comment


            #20
            Originally posted by something else View Post
            It Doesnt need fully re-coding but does need a lot of work. (every page needs working on)
            But then again it is a good idea to learn on lava and find the holes yourself
            So then when your ready to code your own site your not going to make the same mistakes
            To get RID of the holes it will need fully recoding..
            like you just said. EVERY page will need working on.. why not just FULLY re-code it? it will save time..
            Finding holes/bugs will take you longer then coding your own script.

            Comment


              #21
              but if your not aware of holes like that .. u will end up putting them in your new script... rendering it pointless writing a new script.
              So learning from lava holes is a good experence. what ever hackers do to your site will only make it stronger.
              Im sure you wouldnt be aware of some weak points if it wasnt for lava.
              just because you have moved on from lava and wrote your own script (maybe) doesnt mean that lava is now pointless....
              if lava wasnt on coding-talk it would be a very empty site.

              So my advice is try and find the holes yourself and learn how to fix them.

              Comment


                #22
                Originally posted by something else View Post
                but if your not aware of holes like that .. u will end up putting them in your new script... rendering it pointless writing a new script.
                So learning from lava holes is a good experence. what ever hackers do to your site will only make it stronger.
                Im sure you wouldnt be aware of some weak points if it wasnt for lava.
                just because you have moved on from lava and wrote your own script (maybe) doesnt mean that lava is now pointless....
                if lava wasnt on coding-talk it would be a very empty site.

                So my advice is try and find the holes yourself and learn how to fix them.
                Ok, i agree, learning from the holes in lava is good BUT why learn from a script that is full of them? almost the same hole in the entire script? when coding YOUR own script you can code past the holes..
                And when i was using lava it was pointless, its not a new thing to me, lava is pointless even if you do or don't have your own script. and i totally agree with you on if it wasn't for lava then this forum would be empty..

                ""if your not aware of holes like that .. u will end up putting them in your new script... rendering it pointless writing a new script.""

                Thats incorrect, UNLESS you will base the script off lavalair.. and its not pointless making your own script.. why use someone elses work what originally wasn't ment to be shared?..

                NOBODY knows everything about a lava script apart from the people who coded it at the start and it was still based on the script prodigits..

                i ain't saying DON'T try and learn from it but the people who are learning from it are just learning how to create a script full of holes..

                you cannot learn NOTHING from a script full of holes that everybody has.. you will learn the basics etc.. but nothing to be happy about.

                i will make a script BASED from lava and then you can find and fix all the holes?.. and i will time you..

                Finding and fixing holes and bugs WILL take longer then building a new script!. its the most hardest thing todo in coding.. fixing a bug/hole. and if your going to do it in a lava script then fixing one hole will just open another hole.

                Comment


                  #23
                  So what script do suggest learn from then? lol

                  Comment


                    #24
                    You don't need to learn from a lava script..

                    buy a book, goto college, research on the internet..

                    or even better, find a secure script and learn from that

                    Comment


                      #25
                      Yes, you are right. I have been trying myself to make lava secure. Everytime i fixed a hole, I opened two new ones. If you make a new script from zero (no need for best coding, just don't be lazy), until the database structure is unknown to others and the script has not misscoding, it is secure.

                      Because, the exit(); code will simply just exit, and doesn't matter whats next...

                      And people, this is Coding-Talk, not Lava-Talk.
                      mysterio.al - programming is a functional art

                      Comment


                        #26
                        Originally posted by WhiteWarrior View Post
                        You don't need to learn from a lava script..

                        buy a book, goto college, research on the internet..

                        or even better, find a secure script and learn from that
                        But just remember you run a lava script once lol and your earlier codings such as chapel
                        were exactly same as lava coding and even has a major security flaw in it ..... so guess where you learned?

                        I give up lol what ever i say is going to be wrong lol

                        Comment


                          #27
                          Warrior you said the session will still be on the images okay i agree with that but for this i suggested to use phpthumb as it doesnt pasts the session

                          PHP Code:
                          foreach ($_SERVER as $server => $value)
                          {
                          echo 
                          "$server is $value<br />";

                          Comment


                            #28
                            Lol..The very old lava..Peepz still don't know how will they make it secure..I suggest modify the whole script, find that assholes that might be cause of your hack..But if your weak and you can't find it one by one, then i will just say sorry but your noob..Study more..You grew old with lava and here in coding-talk yet you still can't find or don't know where that assholes are..And it's just like fighting with someone but you can't do anything to win it..You don't know how to counter someone's attack..Your noob, your weak!
                            My Blog: http://jhommark.blogspot.com
                            My Facebook: http://www.facebook.com/jhommark
                            My Official Site: http://www.undergroundweb.tk
                            My Community Site: http://undergroundwap.xtreemhost.com

                            Comment


                              #29
                              Originally posted by something else View Post
                              But just remember you run a lava script once lol and your earlier codings such as chapel
                              were exactly same as lava coding and even has a major security flaw in it ..... so guess where you learned?

                              I give up lol what ever i say is going to be wrong lol
                              you're not wrong lol i made the chapel for lava script so the coding needed to work with lava and i do agree... you're right, it was full of holes

                              Comment


                                #30
                                Originally posted by DjMatrix View Post
                                In this Tutorial i will explain the basics of how to secure a lava script:
                                1. Lets Remove the Sessions
                                The easiest way of removing the session in lava is to use
                                PHP Code:
                                session_start(); 
                                lets put that at the beginning of every page right after the <?php
                                ok that still dont removes the sessions right? Thats what we do next
                                Wapdesire right from the start checks if a session is already existing in a database we need to delete that and start a new session :
                                PHP Code:
                                  if (isset($_SESSION['sid']))
                                  {
                                  
                                mysql_query("DELETE FROM ibwf_ses WHERE id='$_SESSION[sid]'");
                                  unset(
                                $_SESSION['sid']);
                                  
                                  }
                                  else
                                  {
                                  
                                $_SESSION['sid'] = $sid;
                                  } 
                                ok now we go to every page again you will note the
                                PHP Code:
                                $sid $_GET['sid']; 
                                there we are going to change it to
                                PHP Code:
                                $sid $_SESSION['sid']; 
                                after we have done that you can securly remove the &amp;sid=$sid from the links
                                We have just removed the sessions from the url congrats
                                2. Secure posted data like you might have noted there are a lot of $_GET or $_POST statements lets secure them here is a simple function that will do the job simply put it in core.php
                                PHP Code:
                                function getget($name$def '') {
                                  if (isset(
                                $_REQUEST[$name]))
                                    return 
                                $_REQUEST[$name];
                                  else 
                                    return 
                                $def;

                                and instead of $_GET or post we use
                                PHP Code:
                                $pass getget('pass'$pass);
                                $user getget('user'$user); 
                                for example

                                3. Lets secure the gallery

                                use phpthumb for gallery simply look in google for phpthumb then in user profiles or in gallery use it the way how to use it is discribed in the phpthumb file

                                hope this helps you guys
                                i tried removing my session but it kept telling me session expired, i followed the steps u said, please help..
                                http://myfacepals.com
                                MYFACEPALS SOCIAL NETWORKsigpic

                                Comment

                                Working...
                                X