Protecting your site against hackers ⇒ Frequently Asked Questions ⇒ CPG Dragonfly™ CMS

Change your table prefix

If you are going to install a fresh CPG-Nuke driven website we advise that you change $prefix and $user_prefix to something of your own choosing.

If you forgot to do that, or you already have a running CPG-Nuke site, just follow these instructions...

First BACKUP your database

Then, in the below script, change "NEWPREFIX" to the new prefix you'd like to use. Save and upload this script, execute it from your browser, and run the listed SQL commands in phpMyAdmin. Once you have run these commands DELETE this file!
define('CPG_NUKE', true); require_once('config.php'); mysql_connect($dbhost, $dbuname, $dbpass, $dbname); $result = mysql_list_tables($dbname); while ($row = mysql_fetch_row($result) or die(mysql_error())) { $table = $row[0]; if (eregi($prefix, $table)) { echo "ALTER TABLE $row[0] RENAME ".eregi_replace($prefix,"NEWPREFIX",$table).";<br />"; } }

Then open your config.php and change the values of $prefix and $user_prefix to match the new prefix you chose in the script. Save and upload the new config.php.

Good Luck!

Protect subdirectories

CPG-Nuke 8.2 and above has a .htaccess in the subdirectories which protects every PHP file to run on it's own (for ex. modules/Your_Account/register.php)

This could give a conflict when a module/add-on asks a file like that in the browser.
Now you can create a new .htaccess file which allows to run (only) that file from a subdirectory.
<filesmatch "\.php$"> Allow from all </filesmatch>

It's better to change the link for that specific file then to use above script to keep security.

Run a cronjob to backup database

You can run a 'cronjob' to make a backup each day/week/month of your database to keep a backup even when you get hacked.
create a shell file with following#! /bin/sh FILE=DBNAME-`date +%Y%m%d%H%M`.sql DIR=/PATH/TO/YOUR/ROOT mysqldump -f -hHOSTNAME -uUSERNAME -pPASSWORD DBNAME --add-drop-table | gzip -9c >${DIR}${FILE}.gz

'/PATH/TO/YOUR/ROOT' for example /home/mydom.com/backup
don't put in '/home/mydom.com/public_html' for security reasons.

HOSTNAME: for example 'localhost'
USERNAME: the name you use to connect with database
PASSWORD: the password of the user
DBNAME: name of the database

These are actualy the same as in config.php

Upload the file to your root (ex. /home/mydom.com/dbbackup.sh )
Then in your cPanel/Ensim create a cronjob for it.

Don't forget to download the backups and delete them once in a while to keep your serverspace
User Info

Welcome Anonymous



(Register)
Community

Support for DragonflyCMS in a other languages:

Deutsch
Español