security

Filezilla and plain-text clear, unsecure password storage

Everyone knows FileZilla FTP-client programm. It is fast, easy to use and offers most used functions for a good ftp-client. And it is open source & free. But there is a big problem: Filezilla stores passwords in a very unsecure way. Filezilla stores passwords of recent servers, passwords of sites in site-manager in plain text.

Files (and path) storing passwords:

Path for Windows XP/2K: “C:\Documents and Settings\USERNAME\Application Data\FileZilla”
Path for Windows 7/Vista: “C:\Users\USERNAME\AppData\Roaming\FileZilla\”
Path for Linux: “/home/USERNAME/.filezilla/”

How to select a secure password for your online logins

What is a good password?

A good paswword is:

- at least 8 char long
- includes letters, CAPS and numbers
- never repeated somewhere else
- cannot be found as a string on a search engines, Google finds 0 result for it
- cannot be found in any dictionary/database exists on the world
- nobody incl. your wife can guess / estimate it
- easy to remember for you

To do this build a long sentence, take the first chars of words, combine with usename-userid and service u logging on, encrpyt it with a formel just you know.

Never do:

How to hide / encrypt CCK Email field with JS against spammer

I got headche while searching for a filter to encrypt/hide email cck field to protect email addresses from spambots. I have installed , deinstalled, activated-deactivated rearranged input filters with both invisimail and spamspan but no luck! Finally I decide to change code in email.module. It works! Go and open "sites/all/modules/email/email.module" and find the line 115 like this:

/**
 * Theme function for 'default' email field formatter.
 */
function theme_email_formatter_default($element) {

Check password safety with JavaScript while typing

You can show password strength to your visitors while typing before even submitting the page to the webserver. There are four character groups: letters, caps, numbers and symbols. A password which is longer than 7 characters and contains at least one character from each group is strong vz537gnjua. A password which is at least 8 character long and has all characters from one group is weak (but not very weak). A password which contains all characters from one group and at least 20 characters long is also strong.

Register Globals Emulator for PHP

If your webhosting turned register-globals off and you are still using a script/software which requires register-globals on you have a problem. But there is an easy solution: Just put this code at the top of your php script(s). Attention!!! "register_globals=on" means a huge security risk. Do not turn it on unless you know what are you doing!
Technorati Profile

foreach(array($_GET, $_POST, $_COOKIE) as $k=>$v){
	foreach($v as $k2=>$v2){
		$$k2 = $v2;
	}
}

Alternative captcha ideas for future

Now there are multiple captcha types against spam/abuse:

image captcha
ascii captcha
audio captcha
math captcha
easy questions

How will next generation captchas look like? I think in the future there will be much more captchas types like:

car captcha
film captcha
famous people
famous places
number to text
word suggestion with add remove extra letters(ie: gogle, new yoork)
animals (ie: which animals do you see in this picture from left to right)
traffic captcha

What do you think what more could be one of next spam-preventing technologies?

Check password strength / safety with PHP and Regex

Password Validation with PHP and Regular Expressions

What is a good password? Your birthday, favorite star or first school, car, ...? None of them, because all similar passwords are very easy to crack.

My golden rule for safe-passwords is simple: Google or any search engine should NOT find any result for your password-string. But do not search for your password without changing some characters, because it will be visible as clear-text to all networks between your pc and Google server.

How do I secure my web site?

  1. Brute force dedection should be enabled.
  2. Cache directories should be secured.
  3. Captcha's should be enabled and required for anonym users to avoid spam.
  4. Code Injection should be prevented.
  5. Cookies should NOT be used to store passwords and sensitive data.
  6. CSRF should be prevented.
  7. Directory listing should be disabled.

Iframe Trojan / Virus of Alcobro.net

Hello! We have a big security problem. Website of a friend is infected with iframe code from alcobro.net. Every .php, .html, .htm, .js file has an iframe code at the end of file. Norton can find infected files but cannot repair it. They are more than 1000 files. Too much to clean manually. I need help to clean these files because there is no clean backup. And I must be sure that .swf files are not infected.

MD5 / SHA1 Checksum of a Folder - Directory

I want to be sure than nobody changed any file in my www directory. To do this I want to create a md5 or sha1 checksum of whole folder. Is it possible and if yes how? Thanks a lot!

Syndicate content

CafeWebmaster.com(CW) is a free online community for webdevelopers and beginners. Anybody can share their code, articles, tips, tutorials, code-examples or other webdesign related material on the site. Newbies can submit their questions and reply to existing questions. CW does not guarantee or warrant reliability of code, data and information published on the site. Use the site on your own risk. The site takes no responsibility of direct or indirect loss or any kind of harm to its users. The site also doesn't take responsibility of infected files or source code with any kind of infection or viruses, worms, spywares, malwares, trojan horses. CW reserves the right to edit, move, or delete any of content for any reason.