- SQL Injection and URL Hacking:
– Insert following to the .htaccess file<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC] RewriteRule ^(.*)$ – [F,L] RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR] RewriteCond %{QUERY_STRING} boot\.ini [NC,OR] RewriteCond %{QUERY_STRING} tag\= [NC,OR] RewriteCond %{QUERY_STRING} ftp\: [NC,OR] RewriteCond %{QUERY_STRING} http\: [NC,OR] RewriteCond %{QUERY_STRING} https\: [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|”|;|\?|\*|=$).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*("|'|<|>|\|{||).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare).* [NC] RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$ RewriteRule ^(.*)$ – [F,L] </IfModule>
- Access to Sensitive Files
– Insert following to the .htaccess fileOptions All -Indexes<files .htaccess>Order allow,denyDeny from all</files><files readme.html>Order allow,denyDeny from all</files><files license.txt>Order allow,denyDeny from all</files><files install.php>Order allow,denyDeny from all</files><files wp-config.php>Order allow,denyDeny from all</files><files error_log>Order allow,denyDeny from all</files><files fantastico_fileslist.txt>Order allow,denyDeny from all</files><files fantversion.php>Order allow,denyDeny from all</files>
- Default Admin Account
– Create a new administrator account and delete the default “Admin” account - Default Prefix in the database
– Use prefix other than “wp_” - Brute-Force Attacks
– Brute-force attack will be almost impossible with login limit and penalty timeout
Difficulty level: Intermediate
Recurring Risk: No
Want us to do this for you? It takes about 1 hour depending on the size of site.
Skill level required – Intermediate level
Our rate is $40 per hour ( min. 2 hours)
Call us at: +65 6511 4585 (Office hours)
Message us at: +65 8263 1460 (24 hours)
Email us at: enquiry@dyontech.com
Visit our website at: www.dyontech.com