Tidbit Time: PHP Security for your server…

I am always learning and I also find that I never learn anything….for the bad guys are always a step ahead of simpletons like me when it comes to servers and websites and such…

When you have a website that certain people hate? And I have such a site, that has been attacked constantly for many years. You learn that if you are complacent, you will be undermined. I guess I have much to learn to keep out the bad guys?

So lets at least find a site to learn what happened to WtR and was done by our antagonistic types on the web:

PHP is the world’s most popular server-side web programming language. According to W3Techs data from April 2019, 79% of websites are powered by PHP. Among those websites are Facebook, Yahoo, and Wikipedia.

Since PHP is so popular, PHP security is essential and the number of vulnerable PHP applications is large. Most PHP web applications share parts of code or scripts with other web applications. If the shared piece of code is found to be vulnerable, all the applications that are using it are also vulnerable.

Source: PHP Security and SQL Security – Part 1

If you are interested the above is some very good information about PHP and security vulnerabilities. I never knew, I just assumed that since this was basically software beyond my reach on the server we are on, what would be my use to learn about it….?

I was wrong and if you have a website? There is nothing about your site that you should not learn about and know about….we had a PHP injection of some type and this is what started the non-loading by our own IP locally. They have no idea and of course, I sure do not have any idea about such things. Well until now…

I have found out that I am in control of what version of PHP is being run on my website. There are reasons for this, yet I still am not sure why such an important software is in my control. I am a simpleton and many many more are so much more simpleton than I am, that it seems dangerous to allow me to mess up such stuff. Dunno…

Yet, for WtR it is an aspect that I corrected and now my site is humming along again. The version that was being used was 5.6 PHP and now I am upgraded to 7.4 PHP….yes, I was very much behind in such upgrades and it transformed the site stability and speed completely. Amazing…

The PHP injection was cleaned out with upgrading the server PHP version. Makes sense to me and I can even go back to an earlier version to clean it out again. That way, if I see issues (and now I know what to look for) I can clean it up and make everyone happy. I suspect that my IP has some automated protection software and they caught an anomaly in my sites address as I tried to load it. Yet they do not have any idea about such stuff. Gotta figure out how to convey such information to them?

I am not here to teach about this subject, the link above is to a series of articles that tell all you need to know. I am lucky, I am able to learn and follow directions very good. I also am able to pinpoint trouble very good, yet since I am kinda not very technical, it takes me time to find the issue…

My son and Svetochka’s son would laugh at me. They live and breath this kind of stuff, yet I try…

They make me feel like a “mental midget” at times!

WtR

PS: Just a tidbit more of info…

The rest of the article links below…

I am very thankful to Acunetix: https://www.acunetix.com/

For more details on preventing SQL Injections in PHP, see the following article:

Preventing SQL Injections.

PHP Security 1:

PHP Security 3:

PHP Security 4:

PHP Security 5:

kKEETON @ Windows to Russia…

Permission to reprint in whole or in part is gladly granted, provided full credit is given...