Category Archives: Encryption & hiding

Search Engine Spider and User Agent Identification with “Ultimate User Agent Blacklist”

Search Engine Spider and User Agent Identification with “Ultimate User Agent Blacklist”

 

A user-agent is software (a software agent) that is acting on behalf of a user.
In many cases, a user-agent acts as a client in a network protocol used in communications within a client–server distributed computing system.

 

For more information view wiki
http://en.wikipedia.org/wiki/User_agent

 

Automated Agents is called as Bots.
http://user-agents.org has a complete list of all latest spiders/bots/user agents.
There are some more and those are anonymous (not known and have very different names).

 

If you develop a website and want to make the site accessible by some specific user agent or bots of a country, then you can update the information in your root .htaccess file.

 

As, Bot blocking blacklists are useless in some way as some rogue spiders just generate random user-agent strings so we will never have them in our list to start with, but We have tried list out as much as we can in the below zip file.

 

Ultimate User Agent Blacklist

 

What you have to done is, unzip the file and paste the code in your root .htaccess file, it will protect your website from unwanted crawling/indexing by anonymous bots.

 

If your website uses WordPress open-source, then can also use “Better WP Security” plug-in.
Just need to download and install the plug-in and go to “Better WP Security – Ban Users” Tab and enable “Enable Default Banned List”, you can also update the list according to your needs.

 

But please be careful before doing same, as it may affect your website’s core files and plug-in, So before doing this backup your website’s files and database.

 

Can not receive emails sent from my mail server to my test accounts on gmail, hotmail and yahoo, how to resolve this issue?

On a normal server, there is a limit of mails, that can be sent in a day, but due to error or some issue if a large number of mails sent automatically from your server, and then they (gmail, hotmail yahoo and other) block the incoming mails from that server.

 

This means that your IP address is blocked and reported as a spam IP, to remove it from the spam list,

 

1. Go to http://www.spamhaus.org/lookup.lasso
2. Check your IP/Domain if it is blocked
3. If it is blocked select to remove it from black list

 

Wait between half and one hour and then try again to send an email to hotmail, gmail or yahoo.

 

 

Set up multiple virtual hosts on XAMPP for windows

You just have to update the following files:

X:\xampp\apache\conf\extra\httpd-vhosts.conf

 

First of all,  uncomment the following line to enable name based virtual host on your server’s port 80:

NameVirtualHost *:80

 

Then you can start adding your virtual hosts. The following listing is just a sample, I usually do.I am assuming ,we create a project which should be accessible by entering http://demo-project in your browser’s address bar.

<VirtualHost *>
DocumentRoot “X:/xampp/htdocs”
ServerName localhost
</VirtualHost>

<VirtualHost *>
DocumentRoot “X:/xampp/htdocs/mywebsite/webroot”
ServerName test-project
</VirtualHost>

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot X:/xampp/htdocs/demo-project/public
ServerName demo-project

<Directory “X:/xampp/htdocs/demo-project/public”>
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

 

Make sure the DocumentRoot exists and matches the Directory and remember the value you set for ServerName.

 

2. Edit your windows hosts file

Now your apache is ready,but you have to tell your system what to do if you enter http://demo-project in your browser.The most simple way to deal this is to update your hosts file you can find it from here.

C:\WINDOWS\system32\drivers\etc

(Path wil be different if windows installed else where)

 

The file is just a simple text file which contains IP-to-hostname mappings. Edit the file with a text editor and append a new line which maps the hostname you specified in apache’s ServerName-directive to 127.0.0.1. You can place it just under the existing one which defines localhost. In the end, your file could look like this:

# some comments

127.0.0.1        localhost
127.0.0.1        test-project
127.0.0.1        demo-project

 

Restart your Apache Server in order to load the new configuration and enjoy 🙂

 

How to change or reset XAMPP MySQL root password?

If you want to reset or change xampp mysql password, or have forgot the password for accessing phpMyAdmin then just follow the below step to reset the password or change the password.

 

You can do this by two methods.

 

Method 1

The easiest way is to use the security console, which you can access at http://localhost/security/
This “console” creates a password for the MySQL user “root” and is adjusting the phpMyAdmin configuration.

http://localhost/security/xamppsecurity.php

 

Method 2

With the “XAMPP Shell” (command prompt) you can also reset the password. Open the shell and execute this command
mysqladmin.exe -u root password newpassword

 

Of course, your password should not be “newpassword”, too. In the next step you must adjust the phpMyAdmin configuration for this new password. In the file “D:\xampp\phpMyAdmin\config.inc.php” change the lines:

$cfg['Servers'][$i]['user']     = 'root';
$cfg['Servers'][$i]['password'] = '';

To:

$cfg['Servers'][$i]['user']     = 'root';
$cfg['Servers'][$i]['password'] = 'newpassword';

 

Instead in the XAMPP Shell, you can also change the password with phpMyAdmin, and then adjust the phpMyAdmin configuration.

I hope, it will help.

Automatically set permission to various file types using .htaccess

Set file permissions with .htaccess, this is a great method for ensuring the CHMOD settings for various file types.

 

Apply the following rules in the root .htaccess file to affect all specified file types, or place in a specific directory to affect only those files (add/update file types according to your needs)

# ensure CHMOD settings for specified file types
# never set CHMOD 777 unless you know what you are doing?
# files requiring write access should use CHMOD 766 rather than 777
# keep specific file types private by setting their CHMOD to 400

chmod .htpasswd files 640
chmod .htaccess files 644
chmod php files 600

 

Require SSL (Secure Sockets Layer)

Here is an easy way you can go using .htaccess file

# require SSL without mod_ssl
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

 

Guys, If you still face any issue regarding this, leave a comment in the comment box.

 

Advanced .htaccess security and block access using .htaccess file

Block access to files using htaccess

1. Block access to .htaccess file
Add the following code block to your htaccess file to add an extra layer of security.Any attempts to access the htaccess file will result in a 403 error message.Your first layer of security to protect htaccess files involves permissions via CHMOD to 644.

# secure your htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

2. Block access to a Specific File
To restrict access to a specific file, add the following code block and edit the file name, “secure_file.jpg”, with the name of the file that you wish to protect.

# prevent viewing of a specific file
<files secure_file.jpg>
order allow,deny
deny from all
</files>

3. Block access to multiple file types
To restrict access to a variety of file types, add the following code block and update the file types within parentheses to match the extensions of any files that you wish to protect.

<FilesMatch “\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$”>
Order Allow,Deny
Deny from all
</FilesMatch>

4. Block unauthorized Directory Browsing
Prevent unauthorized directory browsing by instructing the server to serve a “xxx Forbidden – Authorization Required” message for any request to view a directory. For example, if your site is missing it’s default index page, everything within the root of your site will be accessible to all visitors. To prevent this, include the following htaccess rule.

# disables directory browsing
Options All -Indexes

To enable directory browsing, use the following directive.

# enables directory browsing
Options All +Indexes

Likewise, this rule will prevent the server from listing directory contents.

# prevent folder listing
IndexIgnore *

And, finally, the IndexIgnore directive may be used to prevent the display of select file types.

# prevent display of select file types
IndexIgnore *.wmv *.avi *.mp4 *.etc