https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29489#M13499 <P>Probably your best bet would be to add the following lines to an htaccess file in your root</P><P>&nbsp;</P><P>php_flag register_globals off</P><P>php_flag <FONT face="arial,helvetica,sans-serif">magic_quotes_gpc off</FONT></P><P>&nbsp;</P><P>If you don't already have one an htaccess file is simply a text document named .htaccess that is uploaded into you root. Simply create one with the lines of text mentioned above and upload it and you should be all set.</P><P>&nbsp;</P><P></P><P>&nbsp;</P> Mon, 22 Aug 2011 03:50:06 GMT duskjome 2011-08-22T03:50:06Z https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29487#M13498 <P><FONT face="arial,helvetica,sans-serif">Hi,</FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif">I'm trying to make my site more secure. Does anyone know how to adjust these two php values:</FONT></P><P></P><P><FONT face="arial,helvetica,sans-serif">register_globals = Off</FONT></P><P><FONT face="arial,helvetica,sans-serif">magic_quotes_gpc = Off</FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif">I've tried a php.ini file in the \public folder and the cgi-bin folder.</FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif">Thanks for your help.</FONT></P><P>&nbsp;</P><P><FONT face="arial,helvetica,sans-serif">Matthew</FONT></P> Sun, 21 Aug 2011 16:10:41 GMT https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29487#M13498 matthewseymour 2011-08-21T16:10:41Z https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29489#M13499 <P>Probably your best bet would be to add the following lines to an htaccess file in your root</P><P>&nbsp;</P><P>php_flag register_globals off</P><P>php_flag <FONT face="arial,helvetica,sans-serif">magic_quotes_gpc off</FONT></P><P>&nbsp;</P><P>If you don't already have one an htaccess file is simply a text document named .htaccess that is uploaded into you root. Simply create one with the lines of text mentioned above and upload it and you should be all set.</P><P>&nbsp;</P><P></P><P>&nbsp;</P> Mon, 22 Aug 2011 03:50:06 GMT https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29489#M13499 duskjome 2011-08-22T03:50:06Z https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29493#M13500 <P>Web hosting providers seldom permit clients to create 'ini' files on a shared server so htaccess is a good place start.</P><P>&nbsp;</P><P>Then make sure you validate all form fields and&nbsp; url inputs to prevent XSS (cross site scripting) and SQL injection if your site uses a database.</P><P>&nbsp;</P><P>Never use Javascript for Password protection unless you employ AES or DES encryption of the data (web hosts don't like people doing this because they cannot read the data and don't know what you're keeping on their server!)</P><P>&nbsp;</P><P>Some protection against 'site-scraping' can be achieved by dynamically altering the CSS file and corresponding class/id names. Javascript can also be used to great effect to either write or swap page contents around because bots can only read it but not execute it. A smaller version of this trick uses javascript to 'cloak' an email address from harvester bots.</P><P>&nbsp;</P><P>Contact form scripts are another area often overlooked. Again make sure the fields are validated and do try to include some anti-bot measures such as a 'Captcha' or checking of the referer and useragent variables for known bots. Adding an IP based flood control to prevent the same IP sending multiple messages in a small time frame can also save a lot of headaches as well.</P><P>&nbsp;</P><P><EM>Buried in the&nbsp; T&amp;C for many webhosts is a clause about accounts may be automatically suspended for Spamming. Normally spamming applies to you sending emails to multiple recipients in short space of time, however a contact form being clicked bombed by a neferious competitor creates the same result and your account gets a temporary ban as a result until a human&nbsp; with admin status&nbsp; looks at where all the email was sent.</EM></P><P>&nbsp;</P><P>&nbsp;</P> Mon, 22 Aug 2011 07:45:32 GMT https://business.forums.bt.com/t5/Archive/PHP-settings/m-p/29493#M13500 Sogo7 2011-08-22T07:45:32Z