how to protect the web site created on the phpizabi engine
keywords:
?L=, cecen hacked, cecen, hacked, phpizabi hacked, How to hack phpizabi
Hacking mechanism:
1. this is not hacking indeed. This is usage of phpizabi engine imperfection
Usually the path till the admin area looks like this:
?L=admin.general.configure
If changing the path to
?L=admin//general//configure
Then anyone can obtain full access to the admin area and can do everything he wants.
Similarly changing the path till any keyword file on the web site you can freely get the access to the database.
HOW TO CORRECT THIS ERROR:
mechanism:
1. Below Ill show an example on how to correct the imperfection of phpizabi engine. This is only example and I recommend all the programmers to code by themselves their own mechanism of this error correction. Unque character of this mechanism will be one more obstacle against hacking.
So, in the very beginning of the script index.php we should put the following code:
$ser_p = array("'[^.A-Za-z0-9]*?'si");
$rep_p = array("");
$_GET = preg_replace($ser_p,$rep_p,$_GET);
It cleans everything from the query except dots, letters and digits.
2. All the folders in main directory of the web site which are located under the path /pages/ should not be accessible for opening!
The easiest and fastest way is to set password access for all the folders in /pages/ through «Password Protect Directories» - this is clients admin area on the hosting. You should set password to all except chat and gallery.
3. File upload:
By default any file can be uploaded for scripts phpizabi for dating web sites. They could be uploaded like a picture for gallery or attached file for other web site elements.
Specially created *.php file which will be loaded at the server, can give full access to hacker and finally to walk away it from you!
I do not enclose the correction code of this error as you should restrict file uploading on the server by the class objects jpg/jpeg, gif and png.
Good luck!
