I’m developing a game in PHP+Mysql that is hosted in a shared web hosting.
I’m very concerned of the security, because in games is very common that some people try to cheat or broke the game.
Until now, I have tested XSS, SQL injection, check permissions of folders, secure passwords, … but well, I know my limitations and I want to be prepared in case something unexpected happens (I don’t know, maybe some techique that I don’t know, or a check that I miss, a guessed password …)
If I realize of some of this, my first action I think that should be block the access to all users, isolate the site and then check and repair the bug. (It’s only a free game, I think I can afford this downtime). How can I do this?
……………………………………..
You can make .htaccess file in the root of webserver with contents:
Order Deny,Allow
Deny from all
Allow from 192.168.1.1 — here is your IPIt will block all requests except from mentioned IP
……………………………………..
Stop the web server. Configure it to listen on 127.0.0.1 only (it usually listens on 0.0.0.0 which means that is accepts connections from everybody) and start it. This way the game will be accessible only from the host of the web server.
……………………………………..
I would say have a .htaccess file ready, but not in place which, if you put into your web directory it redirects all requests to something like mydomain.com/downformaintenance.php
……………………………………..
The easiest way would be to tell your webserver to no longer deliver anything for this site. Using Apache you could achieve this by a .htaccess file:
Order Deny,Allow
Deny from allThe second way would be to implement it into your website. E.g. in your dispatching script you first check for the existance of a file and then simply exit:
if(file_exists(__DIR__ . ‘/close_it’)) {
exit;
}HTH