Test your site to see if it is vulnerable to cross site scripting attacks (XSS) and SQl Injection attacks (SQLi), or can otherwise be comprimised. Test for Cross Site Scripting (XSS): Copy/paste the following javascript "alert" script in all fields a user can access (e.g., "login Username/password"/"Search"/"Comments" And then try it UPPERCASE THEN check for XSS filter evasion (use the following in the same test method as the above)- See: http://ha.ckers.org/xss.html If you get a popup alert, then your vulnerable and will need to add "htmlentities" scripting and/or otherwise santize the data imput. Check for sql Injection: In the address bar, and all fields append your url string with "/'" For example, my site is http://www.havocarcade.com So I would enter the following in the address bar- Enter ' in all user fields (username/password/email/search/comments/tell a friend mailers/contact forms/etc Then do the same with this (not a functional query, but the server should treat it as an sql injection threat-if it doesnt you have a problem) Enter the following into ALL fields that take User imput: Further you may be susceptable to Spammers using your site which can result in your domain/site being blacklisted/banned if you have a "Tell a friend" emailer on your site- Either add a GD captcha to it, or disable it (having a GD captcha on your User Registration form/Contact Us form is also strongly recommended) You can get an easily configurable GD Captcha exactly like the one used here: http://www.havocarcade.com/register/register.html Download the GD Captcha: http://www.white-hat-web-design.co.uk/articles/php-captcha.php Now check your PC: A vulnerable PC will give access to FTP accounts, Frontpage Extentions, and Server/Website login Credentials. Test your pc here (use full scan/clean options): http://www.eset.com/online-scanner ps- Eset NOD32 is one of the top antivirus/antimalware apps currently available, and performs better consistantly test after test, year after year in certified lab tests (VB100, AV-Comparatives, East Coast Labs), then Mcafee, Norton, AVG, Avira, Avast, Trend Micro, Malwarebytes, Spysweeper, etc. Good luck.
Also... Check for Remote File Inclusion This exploit is a method used to gain full access to a website, and exploits the PHP "Include()function". If not coded properly, the script will not check where the file is coming from, and this will allow script to be hosted on one site, but run on another site. Shells can be uploaded and used to execute SQL commands/upload/delete- giving full control over that website. Sites using this function will have links similiar to: The following two types of code are vulnerable to this-
Some other bugs to check for include Command Line Injection, Directory Traversal, and Cross-Site Request Forgery.
thank s for share orhers need this i want to know how make boot system for my page and also want to know how to update this all thanks