 | MEMBER LOGIN |
|
|
 |
|
 | SERVICES & FEATURES |
|
|
|
|
 | THE 20 LATEST PROJECTS |
|
|
Project: make site hacker safe 
ID: 1216834408 |  |  |
| |
|
Status: |
Closed (Cancelled)
|
|
Budget: |
N/A
|
|
Created: |
7/23/2008 at 13:33 EST
|
|
Cancelled: |
8/3/2008 at 1:27 EST
|
|
Project Creator: |
jeannette
Rating:
(No Feedback Yet)
|
|
Description: |
I am looking for a person who can take a look at my site/php script, look for vulnaribilities and make my site hacker safe. I am looking for a security expert with long experience in the field.
I know a general check like this below has to be done but I want a real solid work to be done. If a inside firewall in the script could be added etc.
Set register_globals to OFF
Turn off Display Error/Warning Messages. Set error_display to ZERO.
Never run unescaped queries
Validate all user inputs. Items on Forms, in URLs and so on
Move config.php and files containing Passwords to MySQL to a secure directory outside of the public_html folder
Access Control: You don't want the user to have access to any Admin function or Clean up scripts
The .htaccess file is your friend. Use it to deny access to your site or files. (We also have an easy IP Deny Manager tool in the cpanel)
PHP can parse any valid script, whether it is called foo.php, very_long_name.php.php.php, or even deleteme.bat.
Using the default extension of ".php" means that before your hackers start you have already told them you are using PHP.
As mentioned, you can use any filename for your scripts - if you are using PHP for every script on your server, consider using the ".html" extension for your scripts and making PHP parse HTML files.
You can change your file extension by adding this line to the .htaccess or turn it on via the Apache Handlers in the cPanel (AddHandler application/x-httpd-php5 .html)
To protect against SQL injection attacks Sometimes hackers will try to screw up your database by inserting SQL code into your form input fields. They can for example, insert code that could delete all the data in your database!
To protect against this, you need to use this PHP function:
mysql_real_escape_string()
This function escapes (makes safe) any special characters in a string (programmers call text a 'string') for MySQL.
Example: $name = $_REQUEST['name']; $safe_name = mysql_real_escape_string($name); Now you know the variable $safe_name, is safe to use with your SQL code.
Keep the PHP code to yourself. If anyone can see it they can expliot vulnerabilities.
You should take care to store your PHP files and the necessary passwords to access your MySQL databases in protected files or folders.
The easy way to do this is to put the database access passwords in a file with a .inc.php extension (such as config.inc.php), and then place this file in a directory which is above the server's document root (and thus not accessible to surfers of your site).
Then, refer to the file in your PHP code with a require_once command.
By doing things this way, your PHP code can read the included file easily but hackers will find it almost impossible to hack your site.
Only contact me if you are serious (on time and professional)and can start as soon as possible.
|
|
Job Type: |
|
| |
 |
|
Messages Posted: 3 |
|
Programmers |
Bid  |
Delivery Within |
Time of Bid |
Rating |
|
proggexpert |
$100 |
1 day |
7/26/2008 at 11:52 EST | 
(1 review) |
| Please check PMB
| | |
|
tudorilisoi |
$300 |
3 days |
7/26/2008 at 11:38 EST |
(14 reviews) |
| Hi,
I cannot bid accurately until I see the actual scripts and estimate the amount of modifications required. I never been hacked since 2006, since I applied my own defense layers.
Thanks,
Tudor
| | |
|
loushou |
$22,000 |
45 days |
7/26/2008 at 8:27 EST |
(7 reviews) |
| Making a site safe against most hackers can be done. Read PMB for more information.
| | |
|
infowayindia |
$40,000 |
60 days |
7/25/2008 at 16:19 EST | (No Feedback Yet) |
| Hi.
We are a Web Design and Development Company from California with excellent skill and knowledge in PHP/Mysql/JavaScript/AJAX/Pear teams. We have excellent web layout design skills, logo design skill and corporate identity with cross browser table less validated XHTML/CSS2.0 coding.
We have excellent skill in working with open source themes.
Look forward to building a mutually beneficial relationship.
For viewing our portfolio just log on http://www.infowaylive.com/portfolio.html
Thanks
| | |
|
greentech12 |
$60,000 |
80 days |
7/25/2008 at 15:59 EST |
(56 reviews) |
|
| | | | |
