asmith Posted December 2, 2008 Share Posted December 2, 2008 Hey guys It's more than a year which I'm coding in php. I've run a few sites. None of my sites had any problem with hacking or so. The only thing I know about a site being hack is sql injections. So I strictly validate every $_POST or $_GET data coming to my site.(Except html select or checkboxes $_POST coming, never validated them) and I couldn't code for more security as these are the only things I know. lately I've seen some similar sites to mine being hacked. and it has just made me pay more attention to this field. What other ways my site can be hacked? Thanks Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/ Share on other sites More sharing options...
Daniel0 Posted December 2, 2008 Share Posted December 2, 2008 You may want to read this: http://www.phpfreaks.com/tutorial/php-security Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-703766 Share on other sites More sharing options...
asmith Posted December 2, 2008 Author Share Posted December 2, 2008 Thanks Daniel0 I've just finished it. It is very nice. Good news for me, I unconsciously have consider all the issues discussed in that tutorial in my sites The thing I had never heard of was XSS. Good to faced it now. Thanks again! Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-703786 Share on other sites More sharing options...
GingerRobot Posted December 2, 2008 Share Posted December 2, 2008 Except html select or checkboxes $_POST coming, never validated them Why on earth not? Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-703881 Share on other sites More sharing options...
waynew Posted December 2, 2008 Share Posted December 2, 2008 Except html select or checkboxes $_POST coming, never validated them Why on earth not? Opera ftw. Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-703942 Share on other sites More sharing options...
asmith Posted December 2, 2008 Author Share Posted December 2, 2008 Why on earth not? Bad habbit When I was learning about validation , I used to think that a user can't send what he wants with a selection box. Anyway, Is there a law or something for a site get hack? I mean can you sue the hacker? Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-704164 Share on other sites More sharing options...
Daniel0 Posted December 2, 2008 Share Posted December 2, 2008 Anyway, Is there a law or something for a site get hack? I mean can you sue the hacker? If you can prove who it is and if that person is either in the same country as you are, or in a country where the government is willing to deliver the person to your country's authorities, then yes, you can. Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-704189 Share on other sites More sharing options...
asmith Posted December 2, 2008 Author Share Posted December 2, 2008 If you can prove who it is and if that person is either in the same country as you are, or in a country where the government is willing to deliver the person to your country's authorities, then yes, you can. Other way to say "No, You can't". well if I can prove that the recorded ip address is the hacker's, To who? The police in his country? Will they ever take it serious? I'd rather punish the person in his own country , Not to bring him to mine Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-704244 Share on other sites More sharing options...
Daniel0 Posted December 2, 2008 Share Posted December 2, 2008 Will they ever take it serious? I'd rather punish the person in his own country , Not to bring him to mine Then you have to go to a court where he is. well if I can prove that the recorded ip address is the hacker's, To who? The police in his country? Your best bet would probably be to contact his ISP and request that his subscription be terminated. Quote Link to comment https://forums.phpfreaks.com/topic/135106-prevent-various-ways-of-being-hacked/#findComment-704246 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.