Thursday, 24 May 2018

How To Make Personal Facebook Bot Site ( sticker text react) 2018

How To Turn On Facebook Profile Picture Guard In 2 Seconds

Monday, 7 May 2018

50 Tricks to increase website ranking


Increase Website Rank
1. Use .htaccess to transfer domains from non-www to www (use redirect 301) 
2. Extend your domain for several years (recommended over 5 years) 
3. Make sure when clicking on logo of your site, they returned home dc 
4. If the font is too small of your website, go for it on the standard (such nè), SE may ignore your site if the font is too small 
5 Remove unnecessary plugins

Always insert contact information, or your contact page at the bottom of the page. 
7. Try to arrange your site in a CSS style sheet. 
8. Edit or remove the wrong link, or "dead" frequently. If you do not use "nofollow" 
9. Use alt tag for all photos, especially on homepage 
10. Eliminate iframes in your site, most SEs do not index iframes, it can make Both pages contain an iframe that is affected. 
11. Should create a robots.txt file for your website 
12. Should use a basic navigation for your site 
13. Use the same color for the link 
14. Check spelling in website content 
15. Format your website in a specific template
16. Should use at least 1 image per page with alt tag, do not think that removing all pictures can improve your site rank 
17. Create a about page for your site 
18. Provide information Your personal profile is clear about that page. 
19. Should include some photos about the page (such as logo, map ...) 
20. Should remove the popup in your site 
21. Insert links to bookmarks, social networks After each article and about page 
22. Should insert a search engine for your site 
23. Create a privacy page for your site 
24. Link to personal terms below each page 
25. When rewriting the url should Use "-" instead of "_". 
26. Google maps should be inserted into the contact page (about page)
27. Should insert the link from one page to another for site 
28. Use the separate META description tag for each page. 
29. Check the source code and fix the error 
30. Do not have a link exchange page 
31. Insert a box. Search the site at 404 error page 
32. Should create a sitemap for site 
33. Insert link to site map at the end of each page 
34. Should insert the copyright abc ... line at the end of each page 
35. Underline the links at the website, this I find it a bit ugly so I usually delete it 
36. Turn off all music files, auto play 
37. Should replace the Flash animated = gif animated 
38. Put your site logo in per page
39. You should buy more .net domains. And redirect them to your site. 
40. Should create a support, help or FAQ page. 
41. When you answer a request, help should pay Do not use email, take them to the FAQ page if the question has been answered, update your FAQ regularly. 
42. Your full contact information should be provided at contact page 
43. It should insert code to statistics (analytics code) for your website in all pages, you can use histat.com, statcounter.com, or google Analytics, depending on your development orientation 
44 Remove all code that automatically adjusts the browser size of your visitors. 
45. Create a custom favicon for your site.
46. ​​Use only email @@miencuaban.com 
47. Set the attribute label = "" for all forms of your site 
48. Set a confirmation message when signing in or when posting, comment 
49. Update Your website regularly 
uses 50. Use W3C Compliant to check and fix errors that may affect the operation of SE bots.

Sunday, 6 May 2018

How to Hack WordPress Pages on a Shared Server? And How To Protect


How to Hack WordPress Pages on a Shared Server?

hacking-wordpress-on-shared-servers
A site is just as secure as the weakest link on its shared server. Once hackers gain access to a page on the server, they can easily access other pages on the same server with the same privileges. This is called cross-site contamination . When the same thing happens to sites that use WordPress , it becomes even more dangerous because hackers are already aware of the core structure in the palm of their hand.


WordPress users understand that the wp-config.php file contains database authentication information, so it's important to prevent strangers from reading this sensitive file. If hackers steal these database credentials, they will be able to do things such as creating new administrator accounts or inserting spammy data into posts. 

There are two things that most hosting companies and website owners usually do to stop these kind of hacking:
  1. Make wp-config.phpunreadable by anyone except the site owner (and the web server process). For example, configure powers 400(CHMOD).
  2. Make external IPs unable to connect to the database (only accept 127.0.0.1 or external subnetwork of the server).
These two steps will help you avoid many problems ... until your site has an Arbitrary File Download(download file arbitrary).

Arbitrary File Download

This vulnerability allows hackers to create a query to your site and return the contents of any file on your server (if the web server process has read permission to it). The most typical example of such a bug is a security vulnerability in older versions of the hugely popular plugin RevSlider led to hundreds of thousands of WordPress site information leaked in 2014. 

This is a go The most commonly seen in the log of hacked websites:
http://victim.com/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
The hacker used this query to download the contents of wp-config.php and then use the database login information to create the WordPress admin account.

Those steps did not help

Setting permissions 400 for wp-config.php can prevent this type of attack? 

Are not. The file has been accessed by the web server process - it has the right to read the file (if it does not then WordPress will not work). 

How about blocking connections to the database from outside the server network or even from any server except localhost? 

Of course. After stealing the login credentials, the hacker could not log in from their computer. So are we safe? Unfortunately, there is a way to solve this and we often see hackers use it.

Shared Server

Hackers can connect to the WordPress database from the same server (network) with the site they want to hack. How can they do this if they have never visited the site before? The answer is shared server. Hackers use a previously compromised site to discover and hack other WordPress sites on the same server.

Scan for security vulnerabilities

There are many popular scripts that use Bing's ip power : commands to automatically detect broken pages on the same IP address. 

Here is an example:

$sites = array_map("site", bing("ip:$ip"));
$un=array_unique($sites);
echo "[+] Scanning -> ", $ip, ""."\n";
echo "Found : ".count($sites)." sites\n\n";
foreach($un as $pok){
   $linkof='/wp-content/themes/vulnerable-theme/css/css.php?files= ../../../../wp-config.php';
   $dn=($bda).($linkof);
   $file=@file_get_contents($dn);
   if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
   echo "[+] Scanning => ".$bda."\n\n";
   echo "[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
   echo "[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
   echo "[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
   echo "[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
...

This script uses the function bing()to find the indexed WordPress pages on the server. For every page found, it attempts to load the URL that will return the contents of the wp-config.php fileIf the page is not corrupted, this step is ignored. The generated wp-config.php file will be parsed and the database logins for these WordPress pages now belong to hackers. 

In addition to the database information, similar scripts can steal FTP information from wp-config.php (when the web server process does not have permission to change the file, the page will have the option to configure the counter. Update WordPress via FTP).

elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
   echo "FTP user : ".findit($file,"FTP_USER','","');")."\n\n";
   echo "FTP pass : ".findit($file,"FTP_PASS','","');")."\n\n";
   echo "FTP host : ".findit($file,"FTP_HOST','","');")."\n\n";
}

Since a shared server can host more than a thousand pages, the chances of finding other sites with errors are high. As you can see, this script allows hackers to quickly crawl the database, occasionally FTP information from any other WordPress site that is corrupted on the same server as the site that the hacker already has access to. . 

With a list of database information, they can use the hacked site to run other scripts that connect to the DB. Because the script is running on the victim's server, this connection will not be blocked. From here, hackers can create new admin accounts on every failed page or simply change the page layout by changing their page title (when the hacker's only motive is to show off on Zone-H. ).

Subnetwork level attacks (subnets)

As you may know, some hosting providers have dedicated server servers. This allows pages from different web servers to connect to the same database server. In such an environment, database servers are configured to allow multiple connections from multiple IPs on the same subnet. This makes serial hacking using database stealing information even more successful. Hackers only need one compromised site on each subnet (instead of one per IP) to initiate such an attack. 

In this case, the script will start to look something like this:

$ip=trim(fgets(STDIN,1024));
$ip = explode('.',$ip);
$ip = $ip[0].'.'.$ip[1].'.'.$ip[2].'.';
for($i=0;$i <= 255;$i++)
{
 $sites = array_map("site", bing("ip:$ip.$i wordpress"));
 …

Assess the threats and protect your site

As you know, each string is just as strong as its weakest link. This is similar to web security. We always emphasize cross-contaminations ; When an abandoned device can become a prune, good and up-to-date web pages are attacked again on the same web server. 

This article shows you that the weakest link may be a page that does not belong to you and that you do not know anything about it - it only uses the same server as your site (and thousands of other third-party sites) . In these cases, your site may be hacked even if you have set permissions for wp-config.php and your database does not allow external connections.

Of course, hackers still need to steal database information - which can happen if the software that your site uses (theme, plugin, WordPress, etc.) is vulnerable to unknown vulnerabilities. coming or being detected (zero-day). No software can guarantee that it contains no security holes. 

To prevent leverage attacks from compromised neighbors, you should remove as many weak links as possible.

  1. Move your page to a separate server, or ...
  2. Patch your site so that the vulnerability scanner can not find security holes on your site.

Any patching strategy should consider the zero-dayvulnerabilities that software developers do not yet know, and therefore have no patches. A powerful monitoring solution can help you quickly control and recover from a WordPress infection. 

You can also benefit from a Website Firewall that provides patches and intelligent protection against attacks based on security bugs , including undisclosed zero-day security vulnerabilities

Top 7 hacker white hat world

Each year, the global economy damages about $ 445 billion due to cybercrime. In that context, the role of white hat hackersbecomes more important than ever. 

They are all excellent hackers despite having different starting points. Some are hackers "black hat" switch to. Some hackers are 'white hats' from the beginning.

top-whitehat-hacker

Although there are different past but now, they all have one thing in common: Business security and make money from their own talents.

Marc Maiffret


Like many other hackers, Marc Maiffret reveals the tactics of teenagers. At the age of 17, Marc Maiffret was noticed by the FBI after many hacking into the government computer system. FBI severely warned and confiscated the computer but the hacker still refused to give up his habit. 

However, instead of acting illegally as before, Marc Maiffret tried to find a job and become an independent security researcher. Years later, Marc Maiffret became a well-known security consultant. 

Earning a decent job from the right hand, Marc Maiffret enough to support his family and that has helped him change lives forever.

Hacker-Marc-Maiffret

Marc Maiffret is so well known that he has been invited three times before the US Congress in the hearings on cybersecurity. He is co-founder of the well-known eEye Digital Security software security firm, and has found many serious flaws in Microsoft products.

Kevin "Condor" Mitnick


The man named "Condor" is the most famous hacker in the world. Mitnick's black box made him suffer from eye injuries by the United States Federal Communications Commission (FCC). They called him "the most wanted criminal computer crime". Mitnick was arrested in 1995 after two years of hiding his wanted. This hacker was sentenced to 5 years in prison. 

Out of jail, Mitnick still uses his excellent computer skills but for the sake of honesty. He switched to "white hat hacker" as a senior security consultant.

Hacker-Kevin-Condor-Mitnick

Mitnick's clients are the largest companies in the world. It is your responsibility to find out if these systems have security flaws. 

Mitnick is also the author of the best-selling books in the world, as well as the famous speaker of security forums. Mitnick's position is " social engineering, " a technique that exploits the weaknesses of a human-based system.

Tsutomu Shimomura


In contrast to the two hackers, Shimomura was originally a "white hat" hacker. It was he who helped the FBI hit and arrested Mitnick when the hacker broke into his computer. 

Shimomura is the son of Osamu Shimomura, who won the Nobel Prize in Chemistry in 2008. Shimomura graduated from the California Institute of Technology, becoming a computer scientist and researcher.

hacker-Tsutomu-Shimomura


In addition to the CEO of Neofocal Systems, a startup company specializing in LED technology, Shimomura is also a white-hat hacker working for the National Security Agency (NSA). 

He also stood before the US Congress hearing on issues related to mobile phone security.

Dr. Charlie Miller


Miller is a government hacker who has worked for the National Security Agency for five years. With a bachelor's degree and a PhD in physics, Miller has an extremely solid technical background with many of the top hacking skills that have helped him win the Pwn20wn four-time security contest.

Hacker-Charlie-Miller

Well known for its ability to exploit vulnerabilities in Apple products, Miller was the first to successfully hack the iPhone and MacBook Air in just 2 minutes, and successfully penetrated the iPhone with just one SMS. 

After breaking into the Jeep, the manufacturer had to recover 1.4 million vehicles worldwide to protect the driver from the risk of hacker attacks, Miller was invited Uber senior engineer.

Dan "Effugas" Kaminsky


Famed in 2008, thanks to a DNS domain name system design flaw that allowed an attacker to navigate from one web page to another within seconds, Kaminsky convinced many experts to focus. Trying to fix this problem. 

However, the popularity of Kaminsky has led some hackers to "itchy eyes." One year after the DNS-related shakeout, Kaminsky became a hacker victim.

hacker-dan-effugas-kaminsky

Kaminsky's personal and server data was publicized in the "Zero for Owned" magazine just before the Black Hat security conference to smear his image. 

However, this incident did not affect Kaminsky. He founded Recursion Ventures and then White Ops as a scientist.

Robert "Rsnake" Hansen


Hansen is known for two unique techniques: "Fierce" - used to simplify attacks by DNS, and "Slowloris" - used by Iranian hackers to attack the government website in the general election. .

Hacker-Robert-Rsnake-Hansen

Along with Jeremiah Grossman, Hansen created the term "Clickjacking," a form of technique that conceals any button on a website. 

Recently, the hacker nicknamed "Rsnake" has been busy with security forums around the world. He is also CEO of SecTheory, vice president of WhiteHat Labs and is writing many books on security topics.

Greg Hoglund


This hacker specializes in rootkits, a type of malicious code running underneath which is very difficult to detect. Hoglund discovered many of the loophole in the game World of Warcraft and put it into his book, "Exploiting Online Games," published by Gary McGraw himself. 

In 2003, Hoglund founded HBGary, which has done a lot of secret work with the US government.

Hacker-Greg-Hoglund

In 2011, hackers related to the Anonymous organization attacked the HBGary website and revealed that the company had made a series of attacks on Wikileaks under the name of the Bank of America (BoA). Previously, Wikileaks threatened to publish BoA's internal documents. 

A year later, HBGary was sold to defense contractor ManTech. With money, Hoglund continues to set up Outlier Security.

Tutorial: Create Facebook Live Streaming Video

create-facebook-live-streaming-video
How to create Live Stream Video on Facebook directly using your computer. Creating a live video on Facebook with just a few simple steps. Facebook Live Streaming Video by myviralhax

Streaming Live Streaming Software (PC / Laptop)

If you want to Live Streaming on your computer then you will need to install one of the following encoder software:
  • Open Broadcaster(recommended) - this is freesoftware , open source and recommended by Youtube.
  • Wirecast - created by the company behind Telegram.
  • XSplit - There are two versions, Broadcaster and Gamercaster (for gamers).
The installation of the software is quite simple, I will not guide in the article. 

Note: In this tutorial I use Open Broadcaster !

Live Stream for your personal Facebook account

First, you visit the website Create Live Streaming Video on Facebook . 

Note: Turn off all ad blockers / add-ons (such as AdBlock, uBlock, or Ghostery). Since these gadgets block both Social plugins (including Facebook), the Facebook SDK can not load. This site does not insert any ads so you rest assured. 

Next, press the button Create Live Video:
create-live-streaming-video
A popup window for Facebook will appear, choose where you want to post the video: personal page, group or on fan-page. Then click Next.
go-live-on-facebook
Another popup will pop up, please copy the Stream Key:
go-live-on-facebook-2
Note: You can also click the button  Copy next to the Stream Key in our website:
live-stream-key
Next, open Open Broadcaster> click on the Settingsbottom right corner:
setting-open-broadcaster-live-streaming
Settings window opens, click on Stream> at server, select Facebook Live> paste Stream Key you copied> click OKto save settings:
settings-facebook-live-streaming-video
After we finish the setup, we create the scene to stream. Click the button +in the bottom left corner of Scene> a dialog box, enter the name of the scene you like (Desktop, Browser, CrossFire, ...)
facebook-live-streaming-scenes
Then, we need to select the source for the scene. Click the button +in the Sources box> a small menu pop up:
facebook-live-streaming-sources
facebook-live-streaming-sources-2
  • If you shot the entire computer screen: choose Display Capture
  • If you just shot a window (like a browser, for example): choose Window Capture
  • If you shoot the game: choose Game Capture
  • If you return to the webcam: select Video Capture Device
  • ... (There are also other options but less use than the above options, you explore yourself)
Click Start Streaming to start, when the Start button becomes a Stop button, it means that Facebook has started receiving data from the Encoder software:
start-live-streaming-video
You move through the Popup of Facebook, wait about 5-10 seconds will see the offline frame converted to Preview. The Go Live button will now appear. Please fill in the necessary information such as video title, status and click Go Live to start Streaming!

To end the Live Streaming, click Stop Streaming:
stop-live-streaming-video
NOTE: Stream Key is only available ONE time, you need to go to Settings to change the new Key in the next Live Streaming!

Live Streaming for Fan-page Facebook

You visit the Fan-page, then click the Publishing Tools> Videos menu> click button + Live
create-live-streaming-video-on-fan-page
A new panel will appear, you copy the Stream Key and follow the steps similar to what I guided in the previous section.
create-live-streaming-video-on-fan-page