Session hijacking is mimicking a different person by using that person’s session id. That is, if person A gets the session cookie information of person B and A stores that cookie in his web browser manually (similar to how B has stored the cookie in his browser). Then A can get the same access as that of B if that session file is present in the server. This is called session hijacking.
‘Spider - SQL Injection Detection Tool’ is a web application testing tool. This tool is developed for testing security of PHP projects. This testing tool recursively reads and tests every GET and POST requests of the project and identify SQL injection holes.
If you are looking to move your website from an http protocol to https protocol then you don't necessarily have to go for a paid SSL certificate. You could use the certificate provided by Let's Encrypt, which is a valid certifying authority. Here is a high level outline of what you should do to set up https on your webserver. We have documented how you should do it for nginx but a similar approach should work for other webservers as well.
According to a recent British government research, two third of large UK businesses are hit by cyber breach or attacks in the last year 1. The British government is urging business to protect themselves against cyber attacks. Cybersecurity measures can be to a large extent handled proactively with a well mapped out strategy that is reviewed continuously.
Thinking your site won’t be hacked or is not worth hacking, can cause you to not take that extra precaution needed. Hacking is usually for using the server to send spam emails or as a temporary web server to serve files of inappropriate even illegal content. Hackers search the internet with automated scripts to find possible security issues in software.
Here are 5 ways to keep your site safe from hackers.
On certain servers, there are chances of our IP addresses getting blocked when we accidentally enter the wrong password multiple times or when we unintentionally try to ssh via the wrong port multiple times. The IP will be blocked for a certain period of time. If you have faced the same issue then read on to know how to block blacklisted IP addresses on a WHM based GNU/Linux server.
If your Drupal website is delivering content to other third party sites through web syndication mechanisms like the RSS feed you need to purify the HTML markup before delivering it to them to prevent an XSS attack on those sites through your feeds. Read on to know how to programmatically purify the contents of your Drupal website's feed .
Most web developers & system administrators have to do SSH logins to WHM based servers to make the necessary changes there. The default port used for ssh logins is port 22. However there might be unusual circumstances where port 22 is not the default port. In such a scenario we need to identify the default ssh-port used by the server. If you are facing a similar situation then read on to know how to find out the current port being used by SSH on a WHM based server.
Apache allows you to protect contents of specific directories in your website or the whole website from unauthorized access using a mechanism called httpd password protection. During development of new sites the partially built sites are protected from unauthorized access using httpd authentication. This could sometimes interfere with testing of integration with third party services that might expect some of your URLs to be accessible without authentication. Here is how you can exclude a given file or directory from httpd authentication
Password-protecting drupal development site with .htaccess file
There might be few scenarios when we need to protect our site from the general public and make it accessible to a selected group of users. One of the most common scenarios in the development workflow of a Drupal site is when you want to avoid your half-complete drupal site showing up in Google search results.For such needs, it is advisable to go for password-protecting the site using HTTP authentication.
If you have cPanel installed on your hosting server, you can use the ‘Password Protect Directories’ option from the ‘Security’ section on the cPanel home page. Click here to read on How to enable HTTP Authentication using cPanel (link to an article for the same on our site)
For those without cPanel, here’s how to get Apache work your way: