Simple way to protect ur site fr4 session hack.

**subzero** · 26.12.09, 14:01

i steal your id

Now im logged in

Now i look at the buttom screen at admin or ownercp.php

Find it then boom ... easy 123 steps knowing where.

**~~huwad~~** · 26.12.09, 14:04

nice tutorial.. but it is for session hacking.. hide your tools from the hacker, in easiest way you can add password to your tools. but it cant prevent injections, only in session hacking. to prevent session hacking remove all bbcodes that the user can add links, and remove all url upload, specialy in gallery. they can use it as their avatar. when you view his/her profile, thats it.. he got your session.. all linking, or replace php, php3, php4, php5 etc. to prevent accidentaly clicking and running their linked script., and always log out your account before leaving the site.. to cut the session

**KiLLeR_mAcHInE** · 26.12.09, 14:10

Originally posted by subzero View Post

i steal your id

Now im logged in

Now i look at the buttom screen at admin or ownercp.php

Find it then boom ... easy 123 steps knowing where.

yeah but when u wil steal my id u wil be like dis siteurl.com/index.php?action=main&sid=GWM.MGWMGDGJADGMDJ ! u wil never get ownercp.php coz its found in this siteurl.com/code/index.php?action=main&sid=gmpwgdmgd its here that u wil find the owner cp bcoz in the first url i havent add ownercp.php the ownercp.php is found in second url

**KiLLeR_mAcHInE** · 26.12.09, 14:12

Originally posted by huwad View Post

nice tutorial.. but it is for session hacking.. hide your tools from the hacker, in easiest way you can add password to your tools. but it cant prevent injections, only in session hacking. to prevent session hacking remove all bbcodes that the user can add links, and remove all url upload. all linking, or replace php, php3, php4, php5 etc. to prevent accidentaly clicking and running their linked script

this also nice way to protect ur site

**subzero** · 26.12.09, 14:15

This what i will done.

mod_rewrite the hiden folder to Ramdom 2937uesdrrvhj98123t9 each time user reflash his screen but the real folder is admin_29fi__9292929__92598__haha

**~~huwad~~** · 26.12.09, 14:24

ahaha. . i found this thread.. this is the best way to protect your site.. very effective.. credits from WhiteWarrior

Originally posted by WhiteWarrior View Post

Here i will talk you thru how to REALLY secure a lava script!
once you have done everything of i have said your lava script will be 100% hacker proof.. nobody in the world will beable to hack it!!

Got the script already installed?? if so..
download something like CUTEFTP

login to your server via this,
click public_html or www
highlight ALL files and folders.
right click and press DELETE.

now login to your cpanel,
goto phpmyadmin,
Then Click DELETE *database*

Then goto your domain name

B00M nothing is there..
you have fully secured your lava version.
no more hackers, no more bugs, no more coming on here Inboxing me and asking about hackers.
no more crappy topics saying "secure a lava script"

Keep it real.!

**WereWolveZ** · 26.12.09, 16:02

what a joke lol

**~~huwad~~** · 26.12.09, 16:13

ehehe .. sounds funny but he has a point..

**wapmaster2** · 26.12.09, 20:05

lava is secure if you dont have stafflist ...... means no need 2 staff only members full spaming and everyone is free to do anything.

result = huge ugly traffic lol

[tired by sid hack]

**metulj** · 26.12.09, 20:44

Originally posted by subzero View Post

i steal your id

Now im logged in

Now i look at the buttom screen at admin or ownercp.php

Find it then boom ... easy 123 steps knowing where.

imagine this...
i give you my session...
(or you could try to steal it, but i should turn OFF some security s**t first)
then you look everywhere... and finally you find link saying Admin CP...
you click on link and......
.....
..........
...................
.............................
........................................
well you only get loged and kicked out
as there isnt any admin control panel PMPL

**amylee** · 26.12.09, 22:10

omg.. you all have no idea how much i am laughing at all this crap
dont use stafflist makes lava secure, change dir on admincp and **** haha omfg

IF.. only it was that easy geezus christ

**subzero** · 26.12.09, 23:20

thats is true LMAO

Ppl cant scure a site

**GiLL** · 27.12.09, 02:09

No one safe if a professional hacker want hack any site (hacking could start from normal to delete full site) he can do it because there are many other way which we dont know and never know before how to safe a site.. its internet world your single but how many people trying to shut down you ?you dont know its just say try to safe as much as you can your site theese normal tarcks wont work such as hide folder etc its just injection things bruteforce attck , DDOS attacks ,mysql attack (which i get know are days ) try to add /update security if you get any clue such as where is hole ...best of luck

Asking others for help that doesnt mean you dont know any thing ....they may be dont know which knowldge you have ...so share ....

And add this to your .htaccess for even further protection against hacking attempts...

Code:

Code:

RewriteEngine on
 
#Prevent SQL injection attempts
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC]
 
#Disable command line hacks via XSS scripting w/ vulnerable PHP options & includes
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)chmod(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)chown(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)wget(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)cmd(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)cd%20(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)scp(.*) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)curl(.*) [OR]
 
#Disable TRACE & TRACK methods
RewriteCond %{REQUEST_METHOD} TRACE [OR]
RewriteCond %{REQUEST_METHOD} TRACK [OR]
 
#Other hack prevention, mostly windows-based
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system32/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/winnt/system/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system32/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/windows/system/(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/cmd\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadc/root\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\\\.\.(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/admin\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/msadcs\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/ext\.dll[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI} (.*)/\.(.*) [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)/php\.exe[$|\?(.*)] [NC,OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} (.*)\|(.*) [OR]
RewriteCond %{REQUEST_URI} (.{255,}) [OR]
RewriteCond %{QUERY_STRING} (.{127,}) [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x00-\x1f]+ [OR]
RewriteCond %{REQUEST_URI}?%{QUERY_STRING} [\x7f|\xff]+
RewriteRule .* - [F]

**makvanpor2000** · 27.12.09, 02:54

Have just been hack again, am sick and tired of coding

Simple way to protect ur site fr4 session hack.

Simple way to protect ur site fr4 session hack.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment