Simple way to protect ur site fr4 session hack.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Simple way to protect ur site fr4 session hack.

    Create ur site. But do not add ownercp and head admincp. Just make a new path like this siteurl.com/code then in dis path put ownercp and head admincp. And dont tel any1 except trusted staf about this url. If any1 hacks ur owner id in siteurl.com there will be no ownercp and head admincp it wil just contain mod/log . Then the person cant do anything wid ur id. Hope this tutorial helps u

    #2
    i steal your id

    Now im logged in

    Now i look at the buttom screen at admin or ownercp.php

    Find it then boom ... easy 123 steps knowing where.
    Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
    Visit: WapMasterz Coming Back Soon!
    _______
    SCRIPTS FOR SALE BY SUBZERO
    Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
    FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
    _______
    Info & Tips
    php.net
    w3schools.com

    Comment


      #3
      nice tutorial.. but it is for session hacking.. hide your tools from the hacker, in easiest way you can add password to your tools. but it cant prevent injections, only in session hacking. to prevent session hacking remove all bbcodes that the user can add links, and remove all url upload, specialy in gallery. they can use it as their avatar. when you view his/her profile, thats it.. he got your session.. all linking, or replace php, php3, php4, php5 etc. to prevent accidentaly clicking and running their linked script., and always log out your account before leaving the site.. to cut the session
      Last edited by huwad; 26.12.09, 14:13.

      Comment


        #4
        Originally posted by subzero View Post
        i steal your id

        Now im logged in

        Now i look at the buttom screen at admin or ownercp.php

        Find it then boom ... easy 123 steps knowing where.
        yeah but when u wil steal my id u wil be like dis siteurl.com/index.php?action=main&sid=GWM.MGWMGDGJADGMDJ ! u wil never get ownercp.php coz its found in this siteurl.com/code/index.php?action=main&sid=gmpwgdmgd its here that u wil find the owner cp bcoz in the first url i havent add ownercp.php the ownercp.php is found in second url

        Comment


          #5
          Originally posted by huwad View Post
          nice tutorial.. but it is for session hacking.. hide your tools from the hacker, in easiest way you can add password to your tools. but it cant prevent injections, only in session hacking. to prevent session hacking remove all bbcodes that the user can add links, and remove all url upload. all linking, or replace php, php3, php4, php5 etc. to prevent accidentaly clicking and running their linked script
          this also nice way to protect ur site

          Comment


            #6
            This what i will done.

            mod_rewrite the hiden folder to Ramdom 2937uesdrrvhj98123t9 each time user reflash his screen but the real folder is admin_29fi__9292929__92598__haha
            Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
            Visit: WapMasterz Coming Back Soon!
            _______
            SCRIPTS FOR SALE BY SUBZERO
            Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
            FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
            _______
            Info & Tips
            php.net
            w3schools.com

            Comment


              #7
              ahaha. . i found this thread.. this is the best way to protect your site.. very effective.. credits from WhiteWarrior

              Originally posted by WhiteWarrior View Post
              Here i will talk you thru how to REALLY secure a lava script!
              once you have done everything of i have said your lava script will be 100% hacker proof.. nobody in the world will beable to hack it!!

              Got the script already installed?? if so..
              download something like CUTEFTP

              login to your server via this,
              click public_html or www
              highlight ALL files and folders.
              right click and press DELETE.

              now login to your cpanel,
              goto phpmyadmin,
              Then Click DELETE *database*

              Then goto your domain name

              B00M nothing is there..
              you have fully secured your lava version.
              no more hackers, no more bugs, no more coming on here Inboxing me and asking about hackers.
              no more crappy topics saying "secure a lava script"

              Keep it real.!
              Last edited by huwad; 26.12.09, 14:28.

              Comment


                #8
                what a joke lol

                Comment


                  #9
                  ehehe .. sounds funny but he has a point..

                  Comment


                    #10
                    lava is secure if you dont have stafflist ...... means no need 2 staff only members full spaming and everyone is free to do anything.

                    result = huge ugly traffic lol

                    [tired by sid hack]
                    JUST JOIN FOR FUN !
                    http://wapmaster2.com

                    Comment


                      #11
                      Originally posted by subzero View Post
                      i steal your id

                      Now im logged in

                      Now i look at the buttom screen at admin or ownercp.php

                      Find it then boom ... easy 123 steps knowing where.
                      imagine this...
                      i give you my session...
                      (or you could try to steal it, but i should turn OFF some security s**t first)
                      then you look everywhere... and finally you find link saying Admin CP...
                      you click on link and......
                      .....
                      ..........
                      ...................
                      .............................
                      ........................................
                      well you only get loged and kicked out
                      as there isnt any admin control panel PMPL
                      It's better to keep your mouth shut and give the impression that you're stupid, than to open it and remove all doubt.
                      ⓣⓗⓔ ⓠⓤⓘⓔⓣⓔⓡ ⓨⓞⓤ ⓑⓔ©ⓞⓜⓔ, ⓣⓗⓔ ⓜⓞⓡⓔ ⓨⓞⓤ ⓐⓡⓔ ⓐⓑⓛⓔ ⓣⓞ ⓗⓔⓐⓡ !
                      ιη тнєσяу, тнє ρяα¢тι¢є ιѕ α яєѕυℓт σƒ тнє тнєσяу, вυт ιη ρяα¢тι¢є ιѕ тнє σρρσѕιтє.
                      キノgんイノ刀g 4 ア乇ムc乇 ノ丂 レノズ乇 キucズノ刀g 4 √ノ尺gノ刀ノイリ!

                      Comment


                        #12
                        omg.. you all have no idea how much i am laughing at all this crap
                        dont use stafflist makes lava secure, change dir on admincp and **** haha omfg

                        IF.. only it was that easy geezus christ

                        Comment


                          #13
                          thats is true LMAO

                          Ppl cant scure a site
                          Visit: Chat4u.mobi - The New Lay Of being a site of your dreams!
                          Visit: WapMasterz Coming Back Soon!
                          _______
                          SCRIPTS FOR SALE BY SUBZERO
                          Chat4u Script : coding-talk.com/f28/chat4u-mobi-script-only-150-a-17677/ - > Best Script for your site no other can be hacked by sql or uploaders.
                          FileShare Script : coding-talk.com/f28/file-wap-share-6596/ -> Uploader you will never regret buying yeah it mite be old now but it still seems to own others...
                          _______
                          Info & Tips
                          php.net
                          w3schools.com

                          Comment


                            #14
                            No one safe if a professional hacker want hack any site (hacking could start from normal to delete full site) he can do it because there are many other way which we dont know and never know before how to safe a site.. its internet world your single but how many people trying to shut down you ?you dont know its just say try to safe as much as you can your site theese normal tarcks wont work such as hide folder etc its just injection things bruteforce attck , DDOS attacks ,mysql attack (which i get know are days ) try to add /update security if you get any clue such as where is hole ...best of luck

                            Asking others for help that doesnt mean you dont know any thing ....they may be dont know which knowldge you have ...so share ....

                            And add this to your .htaccess for even further protection against hacking attempts...

                            Code:
                            Code:
                            RewriteEngine on
                             
                            #Prevent SQL injection attempts
                            RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC]
                             
                            #Disable command line hacks via XSS scripting w/ vulnerable PHP options & includes
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)chmod(.*) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)chown(.*) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)wget(.*) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)cmd(.*) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)cd%20(.*) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)scp(.*) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)curl(.*) [OR]
                             
                            #Disable TRACE & TRACK methods
                            RewriteCond %{REQUEST_METHOD} TRACE [OR]
                            RewriteCond %{REQUEST_METHOD} TRACK [OR]
                             
                            #Other hack prevention, mostly windows-based
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system32/(.*) [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system/(.*) [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system32/(.*) [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system/(.*) [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/cmd\.exe[$|\?(.*)] [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadc/root\.exe[$|\?(.*)] [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\\\.\.(.*) [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/admin\.dll[$|\?(.*)] [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadcs\.dll[$|\?(.*)] [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/ext\.dll[$|\?(.*)] [NC,OR]
                            RewriteCond %{REQUEST_URI} (.*)/\.(.*) [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/php\.exe[$|\?(.*)] [NC,OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\|(.*) [OR]
                            RewriteCond %{REQUEST_URI} (.{255,}) [OR]
                            RewriteCond %{QUERY_STRING} (.{127,}) [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x00-\x1f]+ [OR]
                            RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x7f|\xff]+
                            RewriteRule .* - [F]
                            Last edited by GiLL; 27.12.09, 02:12.
                            left wap stuff

                            Comment


                              #15
                              Have just been hack again, am sick and tired of coding
                              http://myfacepals.com
                              MYFACEPALS SOCIAL NETWORKsigpic

                              Comment

                              Working...
                              X