Need Security Advice Fast
Posted: Wed May 04, 2005 6:24 pm
I know that I'm doing this backwards by posting first and searching later, but I need help on this issue fast. Please accept my apologies.
Here's my situation. I just learned that a student at my high school has hacked my passwords for the school's web site (I'm a staff member and the webmaster) and I need to plug these security holes ASAP. The word is that my .htaccess passwords were hacked with a tool called "John XXX XXXXXX" [I won't print the actual name of the program just to be safe] and that he may have hacked his way into some passwords in my PHP files.
I know this is a PHP forum, but if anyone could point me to a good resource for securing my htaccess files, I'd really appreciate it. As for the security of my PHP files, I'll describe how I have things set up and hopefully some of you experts can comment and help me increase security. Thanks in advance.
All of the passwords I use in PHP are located in a configuration file stored outside the public_html directory of our web site, which is on a shared hosting account. Pages inside the public_html directory call for this file by use of an include statement. The configuration file contains the database and table names, login name, and password.
Okay, just how vulnerable am I? And how do I improve the security?
Here's my situation. I just learned that a student at my high school has hacked my passwords for the school's web site (I'm a staff member and the webmaster) and I need to plug these security holes ASAP. The word is that my .htaccess passwords were hacked with a tool called "John XXX XXXXXX" [I won't print the actual name of the program just to be safe] and that he may have hacked his way into some passwords in my PHP files.
I know this is a PHP forum, but if anyone could point me to a good resource for securing my htaccess files, I'd really appreciate it. As for the security of my PHP files, I'll describe how I have things set up and hopefully some of you experts can comment and help me increase security. Thanks in advance.
All of the passwords I use in PHP are located in a configuration file stored outside the public_html directory of our web site, which is on a shared hosting account. Pages inside the public_html directory call for this file by use of an include statement. The configuration file contains the database and table names, login name, and password.
Okay, just how vulnerable am I? And how do I improve the security?