I know securing any website is a very tough and broad topic to be discussed upon but i want to relate this question to my specific website which i've been working on. It was coded in php by some other programmer around 2004 and i am responsible for it's management. My problem is it's being hacked time and again. I have noticed following things when it's been hacked.
.htaccess
file has been modifiedindex.php
and config.php
files were modifiedI have worked on the code, it has been properly escaped and i think there is no probability of sql injection. Since most of the problem is related to files and permission i have a doubt about the server security but due to the reason that it was coded around 2004 surely it will lack some security, so what other things do i need work upon in my code to prevent my site being hacked for above mentioned problems?
Thanks in advance.
The reason you are seeing the “Not Secure” warning is because the web page or website you are visiting is not providing an encrypted connection. When your Chrome browser connects to a website it can either use the HTTP (insecure) or HTTPS (secure).
Since files have been modified, this is unlikely due to SQL injection bugs.
Possibilities to get to the files:
Now since you say the website is from 2004, it could be that it uses eval
for templating or include
for things like site.php?section=foo
and then include foo.php
in the code somewhere which were both done frequently back in 2004. So I'd do a quick file search for eval and the regex include(.*\$.*)
as well as require(.*\$.*)
. Those are prime suspects depending on how they were used.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With