When creating and administering a site, one of the main problems is to ensure its security. To check the reliability of a resource, it must be examined for the presence of vulnerabilities, and testing is usually carried out using the same methods and utilities used by hackers.
Instructions
Step 1
In order to enter the site with administrator rights, a hacker may need an appropriate form of authorization. Having found it, he can try to guess the password using brute-forcers - programs that sort passwords using a dictionary. Perhaps the hacker has already fished out the data of interest (login and password) from the database, using the discovered sql vulnerability. To take over the site, he just needs to enter the stolen data into the authorization form. Accordingly, the more difficult it is to find the admin panel, the higher the security of the site.
Step 2
You can check the safety of your resource using special utilities. For example, use the Admin Finder, which you can easily find on the net. It is enough to enter the site address into it, and the program will display the paths of all pages related to administration. Please note that some antiviruses can detect the program as unwanted software and block its operation. To be sure to avoid the presence of a Trojan program in the utility, look for Admin Finder on hacker resources. Hackers will not post infected utilities on their websites and forums.
Step 3
Quite often, hackers check the robots.txt file, in which administrators list files that are prohibited from being indexed by search robots. This file may well contain data necessary for an attacker.
Step 4
To view the structure of the site, you can use special scanners. For example, the small console utility SiteScaner shows good results. Run it, enter your site address. Look in the displayed list to see if the pages you would like to hide are listed.
Step 5
There are network services that show the structure of the site in sufficient detail. For example, this one: https://defec.ru/scaner/ Enter your website address in the search field, insert the security code and click the SCAN button. In the list that opens, you will see the structure of your Internet resource.
Step 6
When looking for an admin area, a hacker can simply go through the most common options. For example, these are: / admin, / login, index / admin.php, admin.php, login.php, admin / index.php, admincp / index.php. When setting up your site, try to avoid well-known directory and file names. This also applies to databases - more than half a thousand of their common names are known to hacker utilities.
Step 7
Test your resource for hacking resistance using the XSpider program. This is quite legal software, you can download its demo version from the manufacturer's website. The program is intended for system administrators and allows you to get a report on possible ways of penetrating an Internet resource.
Step 8
Quite often, administrators do not set permissions to view directories, which allows a hacker to navigate the site directories almost freely. You can protect a folder from viewing in a very simple way: insert an index.html page into it with a text stating that this directory is closed for viewing. When you try to look into the catalog, this page will automatically open.
