User System Tips - RMB Scripting

In this tutorial you will learn a few different things that you can use to protect your user system from being attacked by hackers.

First Tip:

You can change your file endings with a simple line in your .htaccess file wether you want the file ending to be .lol or something random like .abc123

So, open up you .htaccess and add this line:

CODE:

application/x-httpd-php .abc123

This would allow you to do as i said, make file with the ending of .abc123

By using this you could save yourself from fopen attempts from other web servers and what-not because the file would be harder to guess.

Second Tip:

Config files are usually a prime target because users tend to just copy and paste coding with common variables such as $user or $pass.

One way to make them mharder to guess is by defining such as in the script below:

PHP:




<?php

define("HOST", "localhost"); //the defined variable of host

define("USER", "root"); //your database username

define("PASS", ""); //the database password

define("DATA", "testdatabase"); //finally the database



$error = "<html><head><title>Error</title>

               <style>P,BODY{ font-family:arial,sans-serif; font-size:11px; }</style></head><body>

               &nbsp;<br><br><blockquote><b>There appears to be an error with the database.</b><br>



               You can try to refresh the page by clicking <a href=\"javascript:window.location=window.location;\">here</a>.<br></body></html>"; //error to be used



@mysql_connect(HOST, USER, PASS) or die($error); //connect or die with the error above.

@mysql_select_db(DATA) or die($error); //select DB or die with above error

?>

You should change the defined variable to something harder.
Note: if dashes are in the name you will get an error.

Third Tip:

Using simple encryption methods such as just one md5:

PHP:




<?

$pw = md5($_POST[pass]);

?>

Website such as milw0rm and programs such as Cain And Abel are able to crack these thus revealing your password to the hacker.

Using methods with more than one md5 or sha1 process may greatly increase security.
you could use something like:

PHP:




<?php

function secure($var){

    $s1 = md5(md5(md5(md5(md5($var))))); //lets md5 the pass

    $s2 = sha1(sha1(sha1(sha1(sha1($var))))); //lets sha1 the password

    $makeone = "!-$s1-$s2-!"; //compile both for a longer password

    $secure = sha1(md5($makeone)); //make the makeone variable safer

return $secure; //return the secure password

}

?>

This could safe your usersystem due to the effect if the said hacker knows what to do and wishes to waste time on decoding about 10+ md5/sha1 passwords then they may if not, they might just leave your site alone.

User System Start: User System Part 1

Difficulty: Easy
Views: 2481

Rating:

Comments

Posted on Friday 18th May 2007 at 09:19 PM
cyruswu	Good job!
Posted on Tuesday 15th January 2008 at 06:14 PM
Agw2012	Good Job ;) Better Than The Old Database Error :)

Notice:
Remember to post long codes on our pastbin! - (http://rmb.pastebin.com/)

Add Comment

You must be logged in to post a comment.

Good Afternoon Guest

Username:
Password:
Remember Username

Register

Links

Affiliates