Secure site ?

Hello everyone, I'm looking for a way to secure my site (MPOG) because

my site is hacked (LEVEL 99 ALL).

anti-sql injection

Could you give me one?

go to release section Xzeeon made a topic of it.. but his way is not rly safe/

Quote:

---

Originally Posted by ~Fallen

go to release section Xzeeon made a topic of it.. but his way is not rly safe/

---

Wizkidje released his one..

Look in the release section he replied it somewhere

its on the same topic

Code:

---

function sanitize_data ( $sql ) {
  return preg_replace( "/[^a-zA-Z0-9 ]/i", "", $sql );
}

---

~Iceman

Don't use that web, neither FGunZs one.

Ok , So add that?

Quote:

---

Originally Posted by iceman4154

Code:

---

function sanitize_data ( $sql ) {
  return preg_replace( "/[^a-zA-Z0-9 ]/i", "", $sql );
}

---

~Iceman

---

That one clearly sucks. It blocks any slash, dot, comma, and so forth. Just clean ', " and \.

What site taken. ? please

MPOG = no
FGUNZ = no
And .. ...

Quote:

---

Originally Posted by Alkyron

What site taken. ? please

MPOG = no
FGUNZ = no
And .. ...

---

make ur own ;)

Quote:

---

Originally Posted by Wizkidje

That one clearly sucks. It blocks any slash, dot, comma, and so forth. Just clean ', " and \.

---

No, it strips out anything but a-z, A-Z, and 0-9. And I find it laughable you're suggesting as I told you, despite still promoting your "safe" anti-SQL function.

Quote:

---

Originally Posted by iceman4154

Code:

---

function sanitize_data ( $sql ) {
  return preg_replace( "/[^a-zA-Z0-9 ]/i", "", $sql );
}

---

~Iceman

---

Considering this is what I posted earlier, I'd say it's perfectly safe - as long as sanitize_data() is called for all data being accepted via $_GET and $_POST, and you should be clean thus far. e.g.:

Code:

---

$user = $_GET['user'];

---

..would be..

Code:

---

$user = sanitize_data ( $_GET['user'] );

---

Don't forget to include the sanitize_data function in whatever script is calling it!

Quote:

---

Originally Posted by ~Fallen

anti-sql injection

---

"anti-sql injection" isn't the key to solving all possible security vulnerabilities - what about XSS? What if another vulnerability in the MServer daemon resulted in root (e.g.: Unchecked buffer - possibility for a buffer overflow).

Not to mention, any other vulnerable service could be at fault.

OP, there's too many possible areas that could be gone wrong - start by fixing the forementioned.

I dont understand -_- , i need anti sql for my regpage and my upload emblem clan , please .

Quote:

---

Originally Posted by gWX0

No, it strips out anything but a-z, A-Z, and 0-9. And I find it laughable you're suggesting as I told you, despite still promoting your "safe" anti-SQL function.



Considering this is what I posted earlier, I'd say it's perfectly safe - as long as sanitize_data() is called for all data being accepted via $_GET and $_POST, and you should be clean thus far. e.g.:

Code:

---

$user = $_GET['user'];

---

..would be..

Code:

---

$user = sanitize_data ( $_GET['user'] );

---

Don't forget to include the sanitize_data function in whatever script is calling it!



"anti-sql injection" isn't the key to solving all possible security vulnerabilities - what about XSS? What if another vulnerability in the MServer daemon resulted in root (e.g.: Unchecked buffer - possibility for a buffer overflow).

Not to mention, any other vulnerable service could be at fault.

OP, there's too many possible areas that could be gone wrong - start by fixing the forementioned.

---

Can't you test your site against SQL/XSS injections via the firefox extensions SQL Inject Me and XSS Me?
I have to ask cause I'm not sure if they actually are able to detect if they are vulnerable since all of mine comes up as all green (green means its protected)