Welcome Anonymous
Protecting your site against hackers ⇒ Frequently Asked Questions ⇒ CPG Dragonfly™ CMS
Change your table prefix
If you are going to install a fresh CPG-Nuke driven website we advise that you change $prefix and $user_prefix to something of your own choosing.
If you forgot to do that, or you already have a running CPG-Nuke site, just follow these instructions...
First BACKUP your database
Then, in the below script, change "NEWPREFIX" to the new prefix you'd like to use. Save and upload this script, execute it from your browser, and run the listed SQL commands in phpMyAdmin. Once you have run these commands DELETE this file!
Then open your config.php and change the values of $prefix and $user_prefix to match the new prefix you chose in the script. Save and upload the new config.php.
Good Luck!
If you forgot to do that, or you already have a running CPG-Nuke site, just follow these instructions...
First BACKUP your database
Then, in the below script, change "NEWPREFIX" to the new prefix you'd like to use. Save and upload this script, execute it from your browser, and run the listed SQL commands in phpMyAdmin. Once you have run these commands DELETE this file!
define('CPG_NUKE', true);
require_once('config.php');
mysql_connect($dbhost, $dbuname, $dbpass, $dbname);
$result = mysql_list_tables($dbname);
while ($row = mysql_fetch_row($result) or die(mysql_error())) {
$table = $row[0];
if (eregi($prefix, $table)) {
echo "ALTER TABLE $row[0] RENAME ".eregi_replace($prefix,"NEWPREFIX",$table).";<br />";
}
}Then open your config.php and change the values of $prefix and $user_prefix to match the new prefix you chose in the script. Save and upload the new config.php.
Good Luck!
Protect subdirectories
CPG-Nuke 8.2 and above has a .htaccess in the subdirectories which protects every PHP file to run on it's own (for ex. modules/Your_Account/register.php)
This could give a conflict when a module/add-on asks a file like that in the browser.
Now you can create a new .htaccess file which allows to run (only) that file from a subdirectory.
It's better to change the link for that specific file then to use above script to keep security.
This could give a conflict when a module/add-on asks a file like that in the browser.
Now you can create a new .htaccess file which allows to run (only) that file from a subdirectory.
<filesmatch "\.php$">
Allow from all
</filesmatch>It's better to change the link for that specific file then to use above script to keep security.
Run a cronjob to backup database
You can run a 'cronjob' to make a backup each day/week/month of your database to keep a backup even when you get hacked.
create a shell file with following
'/PATH/TO/YOUR/ROOT' for example /home/mydom.com/backup
don't put in '/home/mydom.com/public_html' for security reasons.
HOSTNAME: for example 'localhost'
USERNAME: the name you use to connect with database
PASSWORD: the password of the user
DBNAME: name of the database
These are actualy the same as in config.php
Upload the file to your root (ex. /home/mydom.com/dbbackup.sh )
Then in your cPanel/Ensim create a cronjob for it.
Don't forget to download the backups and delete them once in a while to keep your serverspace
create a shell file with following
#! /bin/sh
FILE=DBNAME-`date +%Y%m%d%H%M`.sql
DIR=/PATH/TO/YOUR/ROOT
mysqldump -f -hHOSTNAME -uUSERNAME -pPASSWORD DBNAME --add-drop-table | gzip -9c >${DIR}${FILE}.gz'/PATH/TO/YOUR/ROOT' for example /home/mydom.com/backup
don't put in '/home/mydom.com/public_html' for security reasons.
HOSTNAME: for example 'localhost'
USERNAME: the name you use to connect with database
PASSWORD: the password of the user
DBNAME: name of the database
These are actualy the same as in config.php
Upload the file to your root (ex. /home/mydom.com/dbbackup.sh )
Then in your cPanel/Ensim create a cronjob for it.
Don't forget to download the backups and delete them once in a while to keep your serverspace
User Info
Welcome Anonymous
