Думаю многие из нас после установки движка долго и нудно повышали его безопасность приделывая разные костыли?!
А вот этот модуль ОЧЕНЬ сильно может упростить жизнь. Тестировал на 18.104.22.168
Why do you need to use CrawlProtect?
As a webmaster, one of your biggest fear is to discover one day that your website has been hacked. The risk to lose your data, your Google position and/or your customers is high if a hacker take the control of your website.
Sur you are carefull, you update regularly the scripts your are using and use sophisticated passwords. The PC you are using to upload your files is equipped with an uptodate antivirus, you never doing ftp transfer from a public PC. As a summary you are applying all the common sense rules to avoid hacking.
CrawlProtect do more, by blocking:
-some code injection attempts
-some SQL injection attempts
-some visits coming from crawler known as «Badbots» (crawlers used by hackers)
-some website copier
-some shell command execution attempts
As all protection system, CrawlProtect cannot garantee that your website will never be hacked, but it’s a new wall that hackers need to pass if they want to hack your website.
What are the risk link to a hacking?
Hacking of your site may have consequences more or less dramatic. The attacker can simply replace your homepage with a page that claimed his exploit.
The danger is that he has found a way to enter your site and nothing says that next time he will not do more damage.
Indeed it can also erase all your data, including in the most severe cases your databases.
But there are also hacks more pernicious, undetectable at first but infinitely more dangerous for your guests and yourself.
The attacker can add on your pages of malicious scripts that will either retrieve the data entered by your visitors either inject a virus on their PC . It can also add on your website pages that will serve as a trap by phishing. In the latter case, your criminal liability may be incurred.
How CrawlProtect will protect you?
CrawlProtect act at two levels, firstly with the htaccess file which will analyze incoming requests on your site and immediately blocked those that are recognized as hacking attempts (attempt to inject a script, attempts to inject a SQL query, query made by robots known as badbot, etc. …).
The second level of protection depends on you, CrawlProtect offers an easy way to change in a few clicks the chmod of your file or folders to the most appropriate level.
Note: CrawlProtect is a free script. This extension integrates CrawlProtect to your opencart administration and adds advanced protection level to your code.