How to block referrer spam traffic

Referrer spam has always been a nuisance, specially if you have some traffic restrictions on your hosting. The referral traffic robs your site from the precious bandwidth allocated (also know as Bandwidth Theft). Also with a large number of spam traffic, legitimate users will be greeted with a slow and sometimes non responsive site.

Htaccess enables one to block certain referrer sites and prevent referrer spam. The following post list some techniques to do so. One way to prevent referrer spam is to force a error and stop any further redirection. Note that the following requires that ‘mod_rewrite’ is enabled on your server.
(more…)

Read More

Tips and Tricks for Improved Drupal Security

Drupal is one of the most popular free and open source web application frameworks. Drupal is almost infinitely extensible through not only various theme possibilities but also the vast library of modules or add-ons. However, this great extensibility is also a point of weakness should insecure or vulnerable code be used in either themes or community contributed modules that can result in compromise. The following guide on best practices for Drupal covers main areas of attention in regards to security for any Drupal web administrator.
(more…)

Read More

Splitting images to prevent image copying from web sites

Image plagiarism is one of the common issues faced by websites, specially by designers and photographers. Besides the technique of attaching a copyright text or a hidden watermark, the other most common method of preventing casual copying of images from websites is by disabling right-click using JavaScript. Another scheme I recently found uses a method wherein the image is split into three parts and then displayed on the page. So whenever the user tries to save the image he gets three different parts of the image rather than a single image. This prevents casual copying of images from web pages. Of course, this is not a fool-proof method, and with some workaround one is able to create the original image but with some extra effort. This method can also be useful to prevent automated bots from easily downloading your images.
(more…)

Read More

Preventing spam email harvesting

One of the main sources spammers harvest emails ids are from websites and Google. An easy way to prevent email harvesting is to not disclose email ids on your website, least not in an obvious way.  If your site has a few dozen pages than you can manually scan those to see if any email id is being displayed. However, for large site with hundreds of pages it is not an easy process. One tool that can make the process easier is ‘theHarvester’.
(more…)

Read More

Mirroring your website to your local PC with Wget

There is nothing worse for a site owner to endure than to have his site hacked with no backup to restore from. Many people rely on the hosting providers backup feature or if unavailable make a copy themselves on a regular basis. Unfortunately, ‘Regular’ can mean weeks or months, depending on how serious the issue of security is for the site owner or webmaster. However people are not to blame; for most people data backup is a chore that needs to be get done with, much like flossing after a good meal.

(more…)

Read More

Uploading files over SFTP using PHP

Transferring files over FTP using PHP is easily done using various PHP functions and cURL. However transferring files over SFTP raises various problems and is not easily supported via PHP and cURL. phpseclib provides a nice library wrapper that enables easy access to the sftp protocol and various cryptography functions. phpseclib is designed to be fully interoperable with OpenSSL and other standardized cryptography programs and protocols.
(more…)

Read More

Changing WordPress admin login error message

It can be surprising how easy it is to overlook security issues in software design. WordPress for example, after all the versions, still displays login error information that can be informative for a potential hacker. Rather than displaying a generic login error message, WordPress admin specifically displays whether a ‘username’ was entered wrong or a ‘password’ as the following screenshot shows.
(more…)

Read More

WordPress plugins to check for security threats

With WordPress installations on the rise, security threats are a common concern for users. Below is a small collection of WordPress plugins that I found adequate for use on most WordPress installations to keep security in check. As always security is not 100% achievable, but the following plugins will help you find any loopholes in your site and help you monitor for any security breaches.
(more…)

Read More

The HTML5 keygen element

There is some confusion among users regarding the new HTML5 keygen element. The keygen element generates a public/private key pair and then creates a certificate request. Many users want to know the exact use of the element when SSL is available. This is my take on the subject. Correct me if I’m wrong.

<form action="process.cgi" method="post" enctype="multipart/form-data">
 <p><keygen name="key"></keygen></p>
 <p><input type=submit value="Submit key..."/></p>
</form>

(more…)

Read More