Protecting your HTML and PHP Source CodeWritten by Vince Edwards
There are many reasons now as a web designer, software programmer or website owner that you may want to start considering safety of your HTML or PHP source code. Some related reasons are:
1. Email Address theft – Have you ever wondered how you get SPAM mail even though you’ve been super cautious NOT to subscribe to anything, yet it still comes your way? One of reasons could be that you have your EMAIL link on a website. With email harvesting software available (even for free trials) anyone can harvest your email address right off your website automatically. 2. Picture Theft – Most average users are aware that you can right-click pictures on a website and download them to their own computer. It is common knowledge for most internet users and webmasters. 3. Return URLs – For some credit card processing companies (such as PAYPAL and EGOLD) it is possible to view source of web pages and look at return (thanks for purchasing) page, where you can directly go to URL, click on link to download software without paying for it 4. Website Layout - If a Webmaster likes your site, they can save out page (and structure) and edit it in their own HTML editor software and claim design layout for themselves 5. PHP Scripts - If you have a clever script (i.e. written in PHP) and you need to send it to someone, they could easily have a look at your PHP script to see how you did it. They can then copy code or re-write it slightly and call it their own Or use it for their own PHP software and scripts.
These are just some of reasons why you need to consider encrypting your web pages or source code. Encryption of web pages and source code is becoming more and more popular and in future will become an absolute necessity. We can now see a huge market (on web) of HTML encryption software that enables you to protect your source code from prying eyes. Although HTML encryption is not 100% foolproof, it is effective enough to keep out MOST users and acts as a good deterrent, since not everyone has time to decipher encrypted HTML source just for fun of it.
Strong PasswordsWritten by Lew Newlin
Strong passwords are your first step in securing your systems. If a password can be easily guessed or compromised using a simple dictionary attack, your systems will be vulnerable to hackers, worms, Trojans, and viruses.
Trojan, virus, and worm authors have had great success attacking systems with weak and/or default passwords. Take IRC/Flood Trojan for example. McAfee’s virus profile states that IRC/Flood has over 120 variants and has infected over 60,000 machines in last 30 days. IRC/Flood succeeds by checking for 22 different different easy to guess admin passwords (variants vary). Unfortunately, there are a lot more where IRC/Flood came from, W32/Tzet.worm, W32/Random.worm, and W32.HLLW.Gaobot.gen are in wild just to name three.
Hackers also have no problem compromising systems with weak passwords. Programs like L0pthCrack for example make process simple and efficient. Creating a password-cracking dictionary is not even a challenge. Type words "Creating Password Cracking Dictionaries", without quotes, in to your favorite search engine. A comprehensive dictionary can be downloaded or created from scratch in short order.
Below is a list of commonly used weak passwords that should NEVER be used. If any of these passwords look hauntingly familiar and are being used, you need to change password immediately.
|Alpha< d> ||Weak Passwords< d> < r> |
|A< d> || a, A.M.I, A52896nG93096a, aaa, aammii, abc, abcd, academia, academic, accept, access, ACCESS, account, accounting, action, adam, ADAMS, adfexc, adm, admin, ADMIN, Admin, admin2, administrator, Administrator, adminttd, ADMN, admn, adrian, adrianna, adtran, adult, Advance, ADVMAIL, aerobics, alfarome, ALFAROME, ALLIN1, ALLIN1MAIL, ALLINONE, aLLy, ALLy, alpha, AM, AMI, AMI!SW, AMI.KEY, AMI.KEZ, AMI?SW, AMI_SW, AMI~, AMIAMI, AMIDECOD, amipswd, AMIPSWD, AMISETUP, anicust, anon, anonymous, any@, ANYCOM, AP2SVP, aPAf, APL2PP, APPLSYS, APPS, AQDEMO, AQUSER, ARCHIVIST, Asante, ascend, Ascend, asdf, asdfgh, at4400, attack, AURORA$ORB$UNAUTHENTICATED, AURORA@ORB@UNAUTHENTICATED, autocad, AUTOLOG1, Award, award, AWARD?SW, AWARD_SW, awkward < d> < r> |
|B< d> || BACKUP, BATCH, BATCH1, BATCH2, bbs, bciim, bciimpw, bcms, bcmspw, bcnas, bcnaspw, bell9, BIGO, bin, bintec, BIOS, BIOSPASS, biosstar, biostar, Biostar, BIOSTAR, BLAKE, blue, bluepw, boss, BRIDGE, browse, browsepw < d> < r> |
|C< d> || c, cablecom, cable-docsis, CAROLIAN, cascade, CATALOG, cc, CCC, ccrusr, CDEMO82, CDEMOCOR, CDEMORID, CDEMOUCB, central, CHANGE_ON_INSTALL, changeme, checkfs, checkfsys, checksys, CHEY_ARCHSVR, circ, cisco, Cisco router, CLARK, client, CLOTH, cmaker, CMSBATCH, CMSUSER, CNAS, COGNOS, Col2ogro2, comcomcom, COMPANY, Compaq, Compleri, computer, CONCAT, condo, CONDO, Congress, CONV, CPNUC, CPRM, cr0wmt 911, craft, craftpw, Crystal, CSPUSER, CTX_123, CTXDEMO, CTXSYS, cust, custpw, CVIEW < d> < r> |
|D< d> || d.e.b.u.g, d8on, daemon, Daewuu, Database, databse, DATAMOVE, Daytec, DBSNMP, DCL, DDIC, death, debug, DECMAIL, DECNET, default, DEFAULT, Dell, DEMO, demo, DEMO1, DEMO8, DEMO8, demos, deskalt, deskman, desknorm, deskres, DESQUETOP, dhs3mt, dhs3pms, diag, diamond, DIGITAL, DISC, disttech, D-Link, dn_04rjc, dni, DS, DSA < d> < r> |
|E< d> ||EARLYWATCH, echo, EMP, enable, eng, engineer, enquiry, enquirypw, enter, ESSEX, EVENT, Ezsetup< d> < r> |
|F< d> ||fal, FAX, fax, FAXUSER, FAXWORKS, FIELD, field, FIELD.SUPPORT, FINANCE, FND, foobar, friend, ftp< d> < r> |
|G< d> ||g6PJ, games, ganteng, GATEWAY, GEN1, gen1, GEN2, gen2, glftpd, gnumpf, god, godblessyou, gonzo, gopher, GPLD, gropher, guessme, guest, GUEST, Guest, guest1, GUESTGUE, guestgue, GUESTGUEST< d> < r> |
|H< d> || h6BB, hacker, halt, HARRIS, hax0r, HELGA-S, HELLO, hello, HELP, help, HELPDESK, HEWITT RAND, hewlpack, HLT, home, Home, HOST, HP, hp, HPDESK, HPLASER, HPOFFICE, HPOFFICE DATA, HPONLY, HPP187, HPP187 SYS, HPP189, HPP196, HPWORD PUB, hydrasna < d> < r> |
|I< d> || I5rDv2b2JjA8Mm, ibm, IBM, ibmcel, ihavenopass, ILMI, inads, indspw, INFO, informix, INGRES, init, initpw, install, Internet, IntraStack, IntraSwitch, INTX3, INVALID, IPC, IS_$hostname, ITF3000, iwill < d> < r> |
|J< d> ||j09F, j256, j262, j322, j64, JDE, Jetform, JONES< d> < r> |
|K< d> ||kermit, kiddie, komprie, ksdjfg934t< d> < r> |
|L< d> || l2, l3, laflaf, lantronix, LASER, LASERWRITER, last, lesarotl, letacla, letmein, LIBRARY, lineprin, LINK, lkw peter, lkwpeter, LKWPETER, |
|Cont'd on page 2 ==>|