Posted by: Shofiur Rahman

Posted on: July 11, 2012 4:13 pm

-

Every day hackers are discovering new exploits and hacking techniques. We can defend some categories of attacks in our PHP script.

Abusing register_globals

It is a setting in php.ini that controls the auto population of variables with the same name as form elements or cookies. If register_globals set to on then it may bring a disaster for your website.

Since PHP 4.2.0, the default value for register_globals is off. But often web hosts will re-enable register_globals to provide compatibility with older scripts. We can get clear concept of register_globals on or off with the following example.

Suppose username is a form element. With register_globals ‘off’, the only way to get the value of this form element using $_POST or $_GET array, depending on form action method. On the other hand, when register_globals is ‘on’, the username field value is accessible using $_POST, $_GET and $username as well.

If you are not able to disable register_globals in php.ini, you can turn it off use an .htaccess file.

php_flag register_globals off

SQL Injection Attacks

SQL injection attacks are simply the inclusion of malicious SQL statements in the place of what should normally be inoffensive data. SQL injection preys on a lack of input scrubbing and data validation.

SQL injection is fairly avoidable with an insignificant preparation and thorough coding practices. If magic_quotes_gpc is enabled, PHP automatically escapes any escape characters (e.g. apostrophes). Unluckily, this activities is applied to all GET, POST and Cookie variables in spite of whether they are going to used in a SQL statement or not. Most of the time it can be annoying. To make sure the data is escaped only when we need it to be, we can turn off magic_quotes_gpc in php.ini, and use addslashes() on all data that is being passed to MySQL. The addslashes() function will automatically escape any unsafe characters so our input will not choke MySQL.

Cross-Site Scripting

Cross-Site Scripting abbreviated XSS, cross-site scripting is the abuse of unfiltered dynamic output, where the invader has the skill to add or change the page’s generated markup. Most commonly, this means the addition of a small bit of JavaScript to the output of a page, which then does something ominous, such as trick another user into revealing their login credentials or credit card information, or possibly divulging cookie or session information for immediate account compromise.

Posted by: SEO Positive

Posted on: August 26, 2011 2:13 pm

-

Google Analytics is an essential tool that all website owners should at least be aware of, analytics allows you to track a lot of information about your site, it informs you of all the activities that a user carries out, for example, where they directed from and how long they stayed on the site.

How to Create a Google Analytics Account

To create a Google Analytics account, you will need a Google account this doesn’t mean you need to create a Gmail account, simply go to http://www.google.co.uk and on the top right hand side of the screen you will see a sign in button.

Google

After you have clicked on the sign in button you will be taken to a page that looks like this:

create google acc

Once you have clicked the Create Account Button, you will be sent to a details page, fill out your details that you would like to use, remember creating a Google account and using analytics is completely free. I suggest that you use the same email address and other details that you use for the business or webpage that you are setting up your analytics for, however if you have multiple business’ then you could use any email address or create multiple Google accounts.

Google Details

After you have filled out the form, it will send you to a page that confirms your account creation. You then need to go back to Google’s home page and again go to the sign in button. Your account should already be in the username section so just add your password and you should then be sent to a page like this:

Google Confirm

Click on the verify button then go to your inbox and look for a message from “account-verification-noreply@google.com”. In the email you receive it will say “Welcome to Google Accounts. To activate your account and verify your email address, please click the following link:” if you click the link directly below it will take you to a page that looks similar to this:

Account Google

So now you have your Google account all set up, we must move to setting up the analytics account.

How to Create Your Analytics Account

Visit the Analytics site: http://www.google.com/analytics/ and click the sign up button which is located on the left hand side:

Google Analytics

You will then be taken to a login page, just enter your email address and password for the Google account you just created, then you will be directed to a sign up page, just click the sign up button on the bottom left hand side. Once you have been directed again, you are shown a form for your analytics account, it is essential that you enter all information correctly as any mistakes will affect your analytics results and may even cause it not to work.

Google Analytics Details

You will then have to enter your full name and agree to Google’s Terms and Conditions, after you have done that you will be directed to a page showing the tracking code for your analytics, but the way I will show you how to add analytics to you site, you will not need this code. You will need another code. So click onto the save and finish button.

Analytics Codes

Adding Analytics to Your Site

Log onto your Content Management System, yours could be a WordPress, Joomla or Create however there are many more. Once logged in look for a an edit site information tab, once on here look for Google analytics and add the UA code, If your CMS does not have this, then there will be a plug in available, make sure to check ratings and so on to see if the plug in is functional and users are satisfied with the plug in. Install your chosen plug in into your CMS, follow the instructions and add your UA number to the plug in.

Checking Your Analytics

Google Analytics should take no longer than 72 hours to register, but the majority of the time it is done quicker, to check your analytics, simply visit: the analytics home page, the account overview page will show very brief information, but clicking the report button will show you much more in-depth information.

Authors
Categories
Archives
Blogroll