SQL Injection Protection SE 2&3+
One of the most common forms of online misshap that plagues online applications would have to revolve around the act of sql injections. SQL injection is a code injection technique that exploits a security vulnerability within the database layer of an application. So in other words, skilled attackers might possibly exploit SE and gain access to your site. SE is pretty secure but I dont know if this has been done or if anyone running SE has had this happen. But you can prevent it. Just add this code your your .htaccess and you should be set.
Step 1
If this code isn’t already in your .htaccess then go ahead and add it. If it is, skip to the next part.
RewriteEngine On
Options +Followsymlinks
Step 2
Then place this within your .htaccess at the root of your site.
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ /home.php [F,L]
So basically this locks out any harmful queries that might be injected into your db. This is usually done through the URL so by using mod_rewrite and these restrictions, your making one SE safer at a time. Hope for the best and plan for the worst I guess. If anyone does know more about SE security bugs or stories please share.
After I copy and past this into my .htaccess file, what is the next step? I still cannot login.
Were you able to login before? Also what version of se are you using?
My non-profit charity work website was recently hacked by turkish hackers.
I think hackers may be able to brute force the backend of se. We may post a mod for lockouts on X amount of failed logins etc. Always remember to have a strong password!! Use capital letters, numbers, and a lot of letters. Did you have a backup in place?