Security and Blocking
Access to One File in Locked Directory
Access to one file can be granted in an otherwise-locked directory.
When a server is hacked, one or more files are changed, added, or deleted. Files Monitor, the Server Hacking Alert System, detects those kinds of changes.
A Hacker Experience (And Protecting Your Site)
A hacker tried to break into a client's website a few days ago. Persistent dude, tried for several days.
Are They Stealing Your Search Engine Traffic?
When someone finds you in a search engine and clicks on the link to go to your site, they are taken to the thief's site, instead. The links in the search result go to your site, just like they're supposed to. Your site redirects the visitor to the traffic thief's site.
Password protect PDF download with PHP script. No separate password-protected directory required.
Block Content Theft via URL Masking
There are ways to prevent content theft with URL masking.
Blocking WP Login Snooping Bots
If you do not have WordPress installed on your website, I'll show you an easy way to block bots looking for a WP login page.
Block Spambot Phone/Email Harvesting
Here is a way to block spambots from harvesting email addresses and telephone numbers from your website — and still have them visible and clickable to humans who visit your pages.
This article contains a general step-by-step method to clean up your website. Provided your website is on a Unix/Linux web server. (I have no experience disinfecting Microsoft IIS web servers.)
Many feel certain a secure server connection means information is secure. But that's not so. With a secure server connection, only the transmission of information between browser and server is secure.
There is a lot to know about security. Many of the things to be aware of during Internet use and website management are common sense. Only three are addressed here, pointing out some common sense issues, not as comprehensive treatments.
Web page links are method Get. There is a way to convert link clicks into method Post.
It's easy to spoof a cookie. Did you know that? Do you know how to protect yourself?
Cross-Domain Ajax That Works (When You Let It)
An Ajax call from someone else's domain can get content from your domain. When you let it.
CSS Line-Wrap Control for Textarea Form Fields
CSS can be used to tell current browsers to keep lines intact within the textarea field box.
Directory Blocked to All but Specific Software
It's possible to give your software access to directories that are blocked to everybody else.
There are several levels or types of directory security, preventing content from being displayed in browsers or provided to robots/spiders that are not authorized to view or have the content.
Some people tap faster than their browser can respond with. So they tap again. Perhaps several times.
Effective Block for Browsers and Bots
There is a way to block all browsers and bots from specific directories – without resorting to password protection (which might be guessed). It's an effective block.
A recent denial-of-service attack became an opportunity to learn some things.
There is some protection available from malicious form probes.
There are a number of reasons why it may make sense to programmatically retrieve web pages. Find source code to do it in this article.
We woke up Friday morning with over 40,000 email notices from scripts on our server, indicating a hack attack.
When you click on a link, the web page where your browser goes to knows where you came from. The information is also in the server logs.
Much attention is given on how to get text into search engine indexes. Yet, there are good reasons why certain text should not be indexed by SE crawlers.
The image copy prevention technique presented here is pretty good.
The URL of an image embedded in a web page may be kept secret.
When you want a single web page to be password protected, insert this smallish block of PHP code on the page.
A way to give people access to restricted areas without a separate registration process.
One Page for Password and Content
When delivering content restricted to only one person, the page can itself require a password for access.
One Way robots.txt Can Be a Security Risk
The robots.txt file can be a security risk if this one thing is present: A disallow line to a directory containing sensitive information.
Password Protecting Several Directories With One Login
A site-wide log-in system that lets pretty much any software be password protected. Software that has its own log-in page gets double protection.
There are reasons to publish an a-tag web page link as method POST rather than the usual method GET.
This article describes how to make a private directory. Only browsers with a certain cookie can access it. You control the web page with the cookie-setting JavaScript.
Problem Solved; Access by many without compromising information
(This is a true story about a real problem that was solved with current and readily available technology.)
Redirect browsers without redirecting most robots and spiders.
Removing Personally Identifying Information From URLs
A website recently had a problem with Google. The site inadvertently passed personally identifying information when someone clicked on an AdSense ad.
Requiring Browsers to Run JavaScript
Some web pages require JavaScript. Without JavaScript, they don't work right.
Restoring Income Lost By Ad Blockers
If you make money from website ads, ad blockers cut into your income. (There is a way to restore some of it.)
Risks of Importing Remote Content with PHP
There are some risks when importing content into your web pages from remote websites. The article discusses how to reduce it a bit in some circumstances.
A secure cookie can be used to encrypt the cookie's value while in transit between browser and server and both the cookie setting page and the cookie reading page have HTTPS URLs.
Sending Passwords and Other Info Securely
The article describes a relatively secure "view once and self-delete" method to transfer passwords.
Set a Cookie and Protect an Entire Directory
This was to be an easy-to-remember username/password login to relay by phone to family and friends -- for sneak peeks and feedback.
When a browser arrives at a public page, certain specific content either is or is not published on the page. It depends on whether the link URL the browser arrived with contains a special access key.
The Why and How of Black Holed Email Addresses
Email addresses can be black holed. Any email sent to those addresses are ignored. They disappear, go poof. Save yourself a ton of spam by causing all mail sent to invalid email addresses for your domain to be black holed. Sometimes it is desirable to *send* an email with a "black hole address". We will look at that idea later in this article.
It's possible to give yourself or someone else access to files in a directory and sleep well. Access to the directory is uncrackable through HTTP or HTTPS.
Various Ways to Protect a Directory
Which of various ways a directory can be protected depends on why the directory needs protection in the first place.
Ways to Block Automatic Form Spam
Here, you will find practical information for blocking automated form spam by robots. There is no specific code. Instead, the article is designed to impart a general understanding of how the methods work.
Ways to Hide Files From Snoopers
There are data files on the server that are not intended to be accessed directly by browsers or robots. But sometimes they can be accessed anyway.
All information in WillMaster Library articles is presented AS-IS.
We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.
