Results 1 to 2 of 2
  1. #1
    casinojack's Avatar
    casinojack is offline Public Member
    Join Date
    February 2009
    Location
    Under Anthony's bed.
    Posts
    1,428
    Blog Entries
    2
    Thanks
    775
    Thanked 454 Times in 301 Posts

    Default Some tips to secure your forum / membership sites

    One of the many hats I wear, is network security. I still "tinker" a bit and I still see many gapping holes out there in the real world. I do not consider what I am about to publish here as hacks, but I think is a good thing to know about, as these are things some webmaster might want to know.

    Lets start with good old robots.txt

    1. Robots.txt

    Is a great file, all I do is add my directories I do not want indexed there. Look maybe something like this:
    User-agent: *
    Disallow: /administrator/
    Disallow: /cache/
    Disallow: /components/
    Disallow: /editor/
    Disallow: /help/
    Disallow: /images/
    Disallow: /includes/
    Disallow: /language/
    Disallow: /mambots/
    Disallow: /media/
    Disallow: /modules/
    Disallow: /templates/
    Disallow: /installation/

    Hmm, what do we see...An administrator page!! Yay!! now depending on what we want to accomplish we, now know where to start to look. Note this is a real file off of another forum popular in our vertical!!

    What else about robots.txt?
    Many product sellers / service sellers use robots.txt to protect downloadable material. Next time you see something for sale, for fun check it out, you might find it free, as the robots.txt file contains:
    User-agent: *
    Disallow: /securedownload/

    This is not how you protect things online, so simply changing directories and you have it.
    Lets talk more about bots
    2. SEO and BOTS
    Many forum owners think it a great idea to allow bots to search forums, and this way when a prospect comes by, they have to sign up. Sounds good yes? Sure, But of course, a simple Firefox plugin called "user agent switcher". Add something like this…
    Googlebot/2.1 (+http://www.google.com/bot.html)
    Or for those using Adsense, and HAVING to allow google in:
    Mediapartners-Google/2.1


    Either way, you now have free access to these forums, and you lost a customer. Ahhh but it gets better.
    3. Selling / Free ebook offers
    Haven’t seen it here a lot but the “How to win in roulette” or whatever ebook work great still. Usually people such as myself want this prospects email or whatever, so they have to sign up. Or maybe as a non casino type business we sell clickbank products? Whatever the case, we need to know if we do Not do the robots.txt, what can happen?
    Try this in google
    inurl:cbreceipt
    many people have fixed this but here are some more that still work:

    site:*.c om intitle:"Thank You For Your Order" intext:Click Here to Download
    site:*.com intitle:"Thank You For Your Purchase" intext:Click Here to Download
    intitle:Thank you for your Purchase! intext:PLR OR MRR OR Package OR Bonus
    intitle:Thank you for your order! intext:PLR OR MRR
    intitle:Thank you for your Purchase! intext:PLR OR MRR
    inurl:/thankyou*.html intitle:Thank you for your order! intext:Click Here to Download
    inurl:thanks intext:"Thank You For Your Order!" "Click Here" filetype:html
    intitle:Thank You For Your Order! intext:Private Label
    intitle:Thank You For Your Purchased! intext:Private Label
    intext:"Thank You For Your Order" intext:PLR
    "Thank You For Your Order!" intext:Master Resell filetype:html
    "Thank You For Your Order! Your Credit Card Will Show A Charge From"
    intitle:"Thank You For Your Order!" intext:download
    intitle:"Thank You For Your Order" intext:Click Here To Download Now
    intitle:Thank you for your purchase! intext:Click Here to Download

    and the list goes on. So in other words NOT putting the directories in is also a bad idea.

    So bottom line? Use some third party package is my suggestion. I use a software for about 150 bucks that I love, but I am not here to promote software, just give a heads up. Is good to know these things to protect yourselves. Good luck to you all !!
    "CasinoJack"


  2. The Following 4 Users Say Thank You to casinojack For This Useful Post:

    bbonline (27 October 2009), Chips (18 January 2010), Daera (18 January 2010), sipka (25 June 2009)

  3. #2
    franky123 is offline Public Member
    Join Date
    November 2009
    Posts
    50
    Thanks
    1
    Thanked 1 Time in 1 Post

    Thumbs up

    Hello friend,
    Really nice information is published by you regarding online security. Even I was familiar with Robot.txt but not had sufficient information. You can share your such informative information on here too xxx://www.facebook.com/group.php?gid=256902615037.

    Thanks

    Franky
    Last edited by Anthony; 18 January 2010 at 8:35 am. Reason: link removal

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •