Archive for the ‘security’ Category

Referrer spam has always been a nuisance, specially if you have some traffic restrictions on your hosting. The referral traffic robs your site from the precious bandwidth allocated (also know as Bandwidth Theft). Also with a large number of spam traffic, legitimate users will be greeted with a slow and sometimes non responsive site. Htaccess [...]

Drupal is one of the most popular free and open source web application frameworks. Drupal is almost infinitely extensible through not only various theme possibilities but also the vast library of modules or add-ons. However, this great extensibility is also a point of weakness should insecure or vulnerable code be used in either themes or [...]

Image plagiarism is one of the common issues faced by websites, specially by designers and photographers. Besides the technique of attaching a copyright text or a hidden watermark, the other most common method of preventing casual copying of images from websites is by disabling right-click using JavaScript. Another scheme I recently found uses a method [...]

One of the main sources spammers harvest emails ids are from websites and Google. An easy way to prevent email harvesting is to not disclose email ids on your website, least not in an obvious way.  If your site has a few dozen pages than you can manually scan those to see if any email [...]

There is nothing worse for a site owner to endure than to have his site hacked with no backup to restore from. Many people rely on the hosting providers backup feature or if unavailable make a copy themselves on a regular basis. Unfortunately, ‘Regular’ can mean weeks or months, depending on how serious the issue [...]

Transferring files over FTP using PHP is easily done using various PHP functions and cURL. However transferring files over SFTP raises various problems and is not easily supported via PHP and cURL. phpseclib provides a nice library wrapper that enables easy access to the sftp protocol and various cryptography functions. phpseclib is designed to be [...]

It can be surprising how easy it is to overlook security issues in software design. WordPress for example, after all the versions, still displays login error information that can be informative for a potential hacker. Rather than displaying a generic login error message, WordPress admin specifically displays whether a ‘username’ was entered wrong or a [...]

With WordPress installations on the rise, security threats are a common concern for users. Below is a small collection of WordPress plugins that I found adequate for use on most WordPress installations to keep security in check. As always security is not 100% achievable, but the following plugins will help you find any loopholes in [...]

There is some confusion among users regarding the new HTML5 keygen element. The keygen element generates a public/private key pair and then creates a certificate request. Many users want to know the exact use of the element when SSL is available. This is my take on the subject. Correct me if I’m wrong. <form action="process.cgi" [...]

Today a couple of hours back my site got compromised. Not much changes to the code, but the .htacces was changed and some code like the below was added to the .htaccess file, which redirected the traffic coming from search engines to a malware site.