How exactly do you do this? The reason is my CMS has been breached, well, mainly because the username and password is fairly common (my bad). But I've always thought that it is save, since the directory name is pretty un-common and hard to guess (not the usual /cms/ or /admin/). Brute-forcing from a script? or maybe some Google tricks?
update : my CMS is in PHP and I developed it myself. I don't remember putting the link to it everywhere, except once in email I sent to my friend via gmail.
update 2 : as this could be used by some people to attack a site, please don't put any script in the answer. My intention is just to know the general ways to do it, so that I could prevent further attacks like this.
Thanks in advance.
Did you ever surf somewhere via a link from your CMS? Your browser would have sent a referer (note the misspelling) header, indicating where you came from.
Maybe you had a link to administrative area somewhere?
Or maybe accessing main directory without filename renders directory index?
I.e. you're using mod_autoindex?
My guess is, that somebody linked to your CMS URL and an automated (evil) script found it using Google search results looking for some common patterns.
Search in Google using this query
link:http://www.example.com/myCmsFolder
to verify if your link/pages are contained in Google.
Related
I'm a WordPress website designer. I'm not a programmer. I'm trying to fix some security/SEO issues with a website.
I ran a diagnostic test on a website and one of the things I'm trying to fix is a security issue on "protocol-relative resource links". This is how the program tells me to fix it: "Update any resource links to be absolute links including the scheme (HTTPS) to avoid security and performance issues."
I have googled everything I can think of and I think I have found a way to fix it, but it is going to mean going through 177 pages of the websites code and finding the specific links and fixing them each individually. That is because they are not image links or bigger links like that, but they are obscure links like font links. The only way I've been able to find them is through the source code (I think that's what it's called.) As far as I know they all unique links so I can't do search and replace and even if I could I don't know what links need to be replaced.
Here is the description of the problem that was given to me: "URLs that load resources such as images, JavaScript and CSS using protocol-relative links. A protocol-relative link is simply a link to a URL without specifying the scheme (for example, //screamingfrog.co.uk). It helps save developers time from having to specify the protocol and lets the browser determine it based upon the current connection to the resource. However, this technique is now an anti-pattern with HTTPS everywhere, and can expose some sites to 'man in the middle' compromises and performance issues"
I am self-taught and know basically no code or programming languages, so I need basic beginner help if possible. Links to tutorials are welcome. I'm trying to find a quicker way to solve this problem or at least have it confirmed that this is the way I'll have to do it. Thank you for any help you are able to give!
I'd like to code a website where you can find search results from many websites.
So my question is, if this scenario is possible and if yes, if you guys have any suggestions how I would be able to do this.
Here my workflow:
I search for something on my website. For example: "asdf"
My code then executes the search from the other website. for example:
https://www.google.ch/#q=asdf&safe=images
Then there will be shown some results, of course. But how can I directly take the results and show them on my website, without opening the other website?
I have to say, that the websites I'm looking for, haven't got any API for that.
I probably wouldn't recommend to scrap a web page directly in the client.
I'm not even sure if you can achieve it easily without getting some Cross Domain Policy problems anyway.
A solution like APIfy might help you doing what you want:
http://apify.heroku.com/resources
Or you can still make your own server site API "layer" for this particular website?
Keeping in mind that scrapping a web page is always a fragile process where the format can chance at any moment.
I have a simple HTML site with 100+ pages or so. I want to add a search bar at the top so the user can search the site. I know about Google Custom Search, but it shows ads unless you pay at least $100. Obviously I'd like ad-less search on my site for free if at all possible!
I've also heard about Lucene/Solr, but they do not actually crawl the site. For that I would apparently need Nutch.
Anyway, the site I have runs on a Microsoft IIS6 server, but I have basically no knowledge as to how Solr, Nutch, etc. gets "installed" on the server.
Also: I'd like to point out that I do have a local copy of the site. Perhaps I can do one big initial nutch "crawl" locally that will create an .xml for Solr?? That would help me get "up and running", but probably wouldn't be a good long-term solution.
..so should I just use Google Custom Search? or is there a not-extremely-painful-to-implement alternative? The brain hurts folks.
You did not mention how many search requests you want to handle but if you use the json-rest-api of google's custom search you have 100 searchqueries a day for free and you can display them without any ads on your page.
An simple example request can be found here.
Here is an easy way that works pretty well, although you may be looking for something more than this.
http://sitecomber.com/getsitecomber/
You can create code to paste into your site in about 2 minutes. It doesn't get easier than that. Search is powered by Google, but results are isolated to your website.
EDIT: This no longer works.
If I build a site using Wordpress, is there a straightforward way to restrict access to the whole site to only those who I specify?
I've looked a few plugins that attempt to redirect unregistered users to the login page, but most seem old, fragile, or generally just hacks.
I want to know if a standard Wordpress installation lets you do this, or otherwise if there's a decent and secure plugin to do it. I need a solution that doesn't involve changing the default wordpress PHP scripts as I don't have direct access to the server. It's quite important that the solution is secure.
Any help or past experience would be appreciated.
EDIT: Apologies if this is better suited to http://wordpress.stackexchange.com, wasn't aware this existed. Please move if necessary :-)
The new version of WP, I believe v 3.1.2, has this option for pages and posts under the quick edit.
You can set a password per post / page or mark them as private.
What is a (free) technology which requires the least amount of code for creating a website with the following requirements:
Sign-up/login
Form for adding your personal info. which gets databased
Each person can view and edit their own info
Admin can view and edit any
The form needs to be easily customizable and extensible (by the website's owner, not during run-time)
Is there a beginner tutorial for such a thing?
(For me, this question is about a friend who wants me to do this, but I want him to do it himself so I don't have to get roped into maintenance. I also want to keep it more general for the sake of Stack Overflow and future readers.)
Edit: I thought I remembered some ASP.NET tutorials that were mostly drag/drop or things where it was all but made for you from the database schema (which can be made with SSMS's GUI) but I can't seem to find them now.
Responding to posts below requesting specifics: this site will be for potential clients to sign-up and enter their company's info and fill out a form about their advertising needs.
I thought about putting this on SU instead, but since there was likely going to be some coding involved (I assumed no-code was an unreachable goal) SO seemed more appropriate.
Your friend can consider a framework like drupal. It has a bit of a learning code but, you can create a website with everything you ask for without code. You may want to modify it to change the look but there are themes for that.
Also, some hosts like godaddy.com have this installed and you do not have to worry about the complex installation procedures. Just start modifying the content of the site, select a built in template and go...
PhpBB? I think you need to specify what the website is going to be used for before you can get better/more specific answers.
... have a look at Drupal or Joomla, expect a learning curve nevertheless.
Is this friend a programmer as well? If so, I'd suggest building such a site using a PHP framework. Deploying an existing forum/wiki is also an option of course, but will probably have much more features than you describe. But if s/he's not a programmer, I don't see how s/he will be able to develop a site like that in a reasonable amount of time.
Why not using a CMS like wordpress, drupal and co. ?