webmaster1 Posted November 14, 2008 Share Posted November 14, 2008 Hi Freaks, A freind of mine once used crawling to download/view (not sure) the contents of another site. Firstly how do I prevent this from happening to page and secondly how can I go about doing it (to check my own site). I'm concerned that my if my php forms are accessed/downloaded/viewed that any would-be hacker will be able to view my passwords and begin to mess with my site. Link to comment https://forums.phpfreaks.com/topic/132669-php-hacking-web-crawling-and-security/ Share on other sites More sharing options...
cunoodle2 Posted November 14, 2008 Share Posted November 14, 2008 Any page on the internet can be downloaded but I think that you are semi mistaken as to exactly what is going on there. This page that you are currently viewing on phpfreaks can be downloaded to your local computer but that does not mean that you can actually view all of the php code on the page itself. All that your friend was doing was downloading html files/images etc. I assure you that he was not actually accessing php source code. If he was it was one of two things... either he was lying to you or he had the actual user names and passwords of the websites. There is no other way around it. Your best bet is to make sure that you have a secure user name and password for your website (I'm referring specifically to that of your ftp password). Also be sure that you are writing good code that is secure. Make sure that you are using prepared statements to prevent mysql injections to your forms. Link to comment https://forums.phpfreaks.com/topic/132669-php-hacking-web-crawling-and-security/#findComment-689980 Share on other sites More sharing options...
webmaster1 Posted November 14, 2008 Author Share Posted November 14, 2008 Thanks for sharing your insight. I'm using an intermediary PHP form to validate a password form so since there's no SQL involved I should be set. Thanks. Link to comment https://forums.phpfreaks.com/topic/132669-php-hacking-web-crawling-and-security/#findComment-689988 Share on other sites More sharing options...
cunoodle2 Posted November 14, 2008 Share Posted November 14, 2008 Yes you should be all set. Just make sure that you have a very secure password for your control panel/ftp. Also be sure to avoid using free open source application as much as possible but if you absolutely need them be sure to keep them as up to date as possible to avoid be exploited. If I'm not mistaken phpFreaks was actually hacked due to the fact that they were using a open source application that happened to have a vulnerability in it. Link to comment https://forums.phpfreaks.com/topic/132669-php-hacking-web-crawling-and-security/#findComment-689993 Share on other sites More sharing options...
webmaster1 Posted November 14, 2008 Author Share Posted November 14, 2008 I never considered myself a paranoid individual until I began looking into PHP. Link to comment https://forums.phpfreaks.com/topic/132669-php-hacking-web-crawling-and-security/#findComment-689995 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.