Security
How To Knock £100 Off Of Anything
Ok, before I go into this, let me state that I have not done this – its a wee bit naughty if you ask me, but the theory itself is sound as a pound…just don’t let the lions know I let on to this secret. This idea can, in theory, allow you to get £100 or more off of a lot of things, yet it borders on the realm of the unethical. I’d like to hear your views on it, although I probably know what they will be, lol.
Ethical Protection Statement: I only provide the following below to give you an idea of how susceptible some ’systems’ are, and to allow you to possibly protect yourself against it
How CommentLuv Can Help Find Hackers
So yesterday I was catching up with what was going around on the various blogs I visit, trying out a few new ones to see how they fit and feel, when I noticed that I was having a problem with comment-luv. Now the problem wasn’t on my site, but rather it was an error when I was attempting to leave comments on others websites – simply put, I was receiving an ‘XML error’ instead of comment-luv displaying my latest post!
XML error: Invalid document end at line 261, column 1
Obviously me being the loving person that I am, and not being just out for the links (I am such an angel), I continued posting and thought of it as just a glitch…oh how wrong I was…
Security – The Root of The Issue
Now I have seen a lot of posts recently about blog security – about users who have been hacked and lost their blog contents because they didn’t back up. Now on reading these posts, I thought two things – one, I need to get some backup software! Two, no-one is discussing the root cause of the issue!
Now through my varied searching a few weeks ago, I actually stumbled across a way that some people have been ‘breaking into’ blogs, which would enable them to essentially delete your database. Now I’m not going to give out the precise details, but let it be known that the information needed to ‘delete’ your database is actually available on google through a search!
You see, there is one file which is quite crucial to the working of your blog, and this file would be the wp-config.php file. This file contains all the information regarding your database – your username, password, and where to look for it! If an attacker knows this, then they can easily take your site down. Even worse, if they are very ‘talented’, they could manipulate your posts to their own ends, possibly placing harmful code on your site.
So what can you do? Well, a lot of you shouldn’t have to do anything, once uploaded it should be fine. However, there isn’t any harm in taking up a bit of extra security is there, especially if the unfortunate did happen, and access was someone given to your wp-config file. First, you should make sure that your CHMOD settings on that file are set to 640. You can do that via any ftp program, right clicking on the file and choosing ‘CHMOD’ on the options. A free ftp program is WinSCP. Depending on your hosting provider, you may be able to do this via some form of cpanel also.
A further way to protect your config file is in your .htaccess file. If you add the following to it, it will stop people from accessing the file itself:
#protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>
This will protect your config file. To protect your .htaccess file, simply replace the ‘file wp-config.php’ text with ‘file .htaccess’. This will help prevent people getting at your ever-so-important database information! However, I am yet unable to protect you against lions who have learnt to use the internet…they seem to have skills that are incomparable to humans…we should be scared…so very, very scared.
Dan
|
|||||||||
Subscribe via rss
