funkyCode.net

Whilst my PHPmotion demo site is far from being a possible target for hackers some of you may have much busier web sites! Which also means you’re more at risk then me

And as the saying goes better safe then sorry I thought a quick safety post wouldn’t hurt anyone, now I’m no expert with security issues by any means however after looking around several other open source projects I noticed a few easy to do things which could help prevent an attack or at least make it harder for them

Starting off simply with remove with removing setup.php from /siteadmin/ I found out several peoples database details within 10 minutes of searching… Now I’m no hacker but I’m guessing someone with bad intentions could get up to no good if you leave this info lying about…YOU HAVE BEEN WARNED

Change the name of siteadmin folder, nothing is stopping you from simply changing the name of the folder. For example anyone who knows PHPmotion knows the admin area is there. But it doesn’t have to be! Call it something else even if it’s only siteadmin123 you’ll still have safer feeling knowing that people will have more trouble finding your admin area.

Did you know that currently whilst the PHPMotion script itself is pretty safe yet it’s structure makes it easy to help yourself to everyone else’s videos? A way to make things just a little bit harder for people is to add a blank index.htm (except root of course) file in every directory. Trust me this is IMPORTANT without these anybody can download any file (yes even php) which means all the insides of site are laid bare.

Anyway hope these helps some of you, now don’t you feel slightly safer?