During creation and administration of the website of one of the main problems there is an ensuring its safety. For check of reliability of a resource it should be studied on presence of vulnerabilities, at the same time testing is usually held by the same methods and utilities which hackers use.
Instruction
1. To enter on the website with the rights of the administrator, the corresponding form of authorization can be required by the hacker. Having found it, it can try to pick up the password, using brutforser – the programs touching passwords according to the dictionary. Perhaps, the hacker already got the data (the login and the password) from the database interesting him, using the found sql-vulnerability. To take control of the website, it is enough to it to enter the stolen data into an authorization form. Respectively, the it is more difficult to find the admin panel, the safety of the website is higher.
2. You can check safety of the resource, using special utilities. For example, use the Admin Finder program, you will easily find it in network. It is enough to enter into it the website address, and the program will give paths of all pages connected with administration. Consider that some antiviruses can define the program as undesirable software and to block its work. With guarantee to avoid presence at the utility of the Trojan program, look for Admin Finder on hacker resources. On the websites and forums the hackers will not spread the infected utilities.
3. Rather often hackers check the robots.txt file in which administrators list the files prohibited for indexing by search robots. In this file there can quite be also data necessary for the malefactor.
4. For viewing structure of the website it is possible to use special scanners. For example, good results are shown by the small console SiteScaner utility. Start it, enter the address of the website. Look in the displayed list whether pages which you would like to hide are specified.
5. There are network services which are rather in detail showing structure of the website. For example, this: http://defec.ru/scaner/ Enter the address of the website in the search field, insert the security code and click SCAN. In the opened list you will see structure of your Internet resource.
6. By search of the admin panel the hacker can just touch the most widespread options. For example, such: / admin, / login, index/admin.php, admin.php, login.php, admin/index.php, admincp/index.php. Configuring the website, try to avoid the known names of directories and files. It concerns also databases – hacker utilities know more than five hundred their widespread names.
7. Check the resource for resistance to cracking by means of the XSpider program. It is quite legal software, its demoversion you can download from the website of vendor. The program is intended for system administrators and allows to receive the report on possible paths of penetration on an Internet resource.
8. Rather often administrators do not expose the right for viewing directories that allows the hacker to travel around directories of the website almost freely. It is possible to protect the folder from viewing very easy way: insert into it a page of index.html with the text reporting that this directory is closed for viewing. In attempt to glance in the directory this page will automatically open.