Dota intitle datalife engine control panel. DataLife Engine v.12.1 Press Release

Based on the DLE engine ( Data Life Engine). I will describe the setup in great detail, trying not to miss anything, I think that the dle setup will turn into a long series of posts. In this series of posts, we will not only take a detailed look at the setting, but also understand what each setting function is for.

For posts dedicated to setting up the DLE engine, I will use the DataLife Engine v.9.4., More precisely, a demo version of this engine. This is quite enough for me to tell you about the settings and capabilities of the DataLife Engine.

The first article will be devoted to the admin section: “ General script settings». You can find this section as follows: after going to the DLE (DataLife Engine) admin panel, which is located at site.ru/admin.php, you will see quick access to the main sections of the admin panel. Today we need an item " System Setup" , and in it the section " general script settings". There are, of course, other ways to get into this section, but in my opinion this is the easiest way.

So let's start setting up the dle engine, the first point is title (title dle). In the title, write the name of your project, for example: Everything for beginner webmasters. Your title can sound anything, by default on the DLE engine, the site is called DataLife Engine, if we enter any other name, it will be changed. And it will form the title dle, which will be displayed in the browser tab, as well as on the page search results. Therefore, take the title seriously. Here, I think it's clear.

Well, Homepage, I think it's understandable. We enter the name of your domain, for example: site.ru and that's it.

Used encoding, by default, is windows-1251, which means that your resource supports the Russian language. If you have a demo version of the DataLife Engine, you don't need to change anything here. If the CMS is purchased, then the encoding can be changed, for example, to UTF-8 and then your project will become multilingual, at this stage we will not consider the encoding in detail, I think it’s clear if you don’t change the demo, even if it’s purchased, but the domain is in the ru zone, to be honest, I see no reason to change the encoding.

Next item: Description, in which we briefly describe the content of our project, for example: Everything about creating, setting up and promoting blogs or sites, etc., but no more than 200 characters. In theory, this description should be displayed in search engines, so take this seriously, and do not forget to write in the description the keywords that your resource will be promoted in the future. It will look something like this in a Google search engine:

Further, keywords(we enter words separated by commas), also according to these words, search engines will pay attention to your page, keywords should correspond to the direction of your site or blog as much as possible, first you need to make a list of keywords and check the number of requests for these words. To check the number of requests, we use this page on the Internet http://wordstat.yandex.ru. We will not consider it in more detail at this stage, since this no longer applies to this topic of the post, but to optimization in search engines. Here, see for yourself what to write in this field, for each keyword will be different.

Short name, here I think everything is clear. This name will be displayed in the speedbar module. You can, again, repeat the name of the project. So we figured out the names, we continue. The speedbar module (aka breadcrumbs) looks like this:

Time zone correction, serves to correct the time on the site. For example, your server is set to Moscow time, and you live in a different time zone and want the time on the site to match your time zone, then this is corrected in this column. How to fix everything is clear there, we write the hours in minutes, the current time of the server is also written in this column, you can navigate by this time.

In the column, (human-understandable url), it is advisable to select "Yes". It is needed in order for your address to be visually perceived by users, which has a good effect on the usability of your resource. To make it clearer, I will give examples of news with and without CNC, news with CNC dle : http://site. ru/addnews.html, without CNC: http://site.ru/index.php?do=addnews, i.e. with CNC, the visual perception of the link is much better than without it.

Then choose CNC type, here everything is in your hands, but I do not advise choosing the third type as it increases the load on your server.

Handle invalid CNC URLs: Here I suggest to put "Yes" as this option is useful for SEO, but you can leave this option off if you want. More details for what it is needed, in the settings it is written, it is quite clear.

Then choose language used, since I have a demo version, my choice is not big, only one language is Russian, but for the ru domain zone, this will be enough.

Further, default site template is default, but you can choose another. This topic will be covered in a separate article on how to install a template on the DataLife Engine (DLE). Of course, we all want some special, not standard pattern, looking ahead, I will say that the template is very easy to install on dle. Download the template you like from the Internet or make your own, copy the template folder to the engine directory, to the templates folder, and if your resource is on local server, restart it. And now the template will appear in the default site template selection column.

After choosing a template, go to the two settings " Enable WYSIWYG editor...“, in both cases, I recommend choosing “Yes”, as it is much easier to edit news (articles) and comments using a visual editor than using BB codes. Although, it's up to you to choose, experiment, and make a choice in favor of convenience. DLE WYSIWYG editor is a visual editor.

This is how the editing panel looks like, using BB codes.

This is what the editing panel looks like using DLE WYSIWYG.

Next comes a rather useful option: turn off site«, this option takes the resource offline, if you think that your project is not yet ready to be seen by users, then enable this option. If everything is ready, then turn off the option and release the project to the network. You can also use this function when updating the structure or template of your resource. I note that this option is useful if your "experimental" is hosted, and not on a local server, like mine.

Last option ( reason for shutdown) will be useful to those who take advantage of the shutdown of the site. The reason for the shutdown is already written in the text field, which you can edit for yourself or write your own reason.

That's all. You have taken the first step towards setting up DLE (DataLife Engine). Now it remains to save the general dle settings and wait for the next post about setting up the DLE engine.

Note: posts about setting up DLE (DataLife Engine) will be submitted in this form, for a better perception of the information received, so as not to make a mess in the head. Of course, it was possible to describe the entire setup in one article, something like this: select it here, put it here, write like this there. But I want you to understand what each function is for. There are too many settings and features in DLE for one post. I hope for your understanding.

The following changes have been prepared and implemented:

1. Added support for headings in the advertising management module. You can create headings in this module and place your advertising materials in these headings. Headings are displayed at the very top, before the list of added advertising materials, in the form of folders. In the rubrics themselves, you can also create additional subheadings in an unlimited number. Thus, with a large number of advertising materials, you can place them for ease of navigation through them, in various headings and subheadings.

2. Added the ability to account for the number of views for advertising materials added in the script control panel. Views are only counted for real users who visited the site using a browser. Bots crawling the site do not count. View counting is enabled directly for each banner, so you can only count views for the ads you need. You also have the option to specify whether all banner views should be counted, or only views from unique users should be counted.

3. For promotional materials in the admin panel, the ability has been added limit the display of a banner based on the number of views it has, and you can disable the banner when it reaches the specified maximum number of views.

4. Added the ability to track the number of clicks for advertising materials added in the script control panel. DataLife Engine automatically intercepts HTML tags published using tags <а href="..."> , and automatically keeps track of clicks on them. No special design of these links is required, they can lead to any address you need. You also have the option to specify whether you want to count all clicks on a link, or only count clicks from unique users.

5. For promotional materials in the admin panel, the ability has been added limit the display of a banner based on the number of clicks on your banner, and you can disable the display of a banner when it reaches the specified maximum number of clicks on it.

6. For promotional materials in the admin panel added the ability to clear the number of views and clicks for each advertising banner.

html"> 7. Added the use of canonical links in the page code, for all pages of the site including navigation through sections, viewing the full news, etc. This opportunity allows you to increase SEO optimization sites, and also allows you to avoid duplicate pages if incorrect links to your site are published somewhere on the Internet, or if for some reason you need to disable the control of incorrect CNC.

8. In the category settings in the control panel, added the ability set by default for the category, whether it is allowed to publish news from this category on the main page of the site. These settings are in effect at the time of adding or editing a publication, and if publication on the main page is prohibited for a category, then the corresponding option is removed at the time of adding or editing a publication.

9. In the category settings in the control panel, added the ability set by default for a category whether comments are allowed for posts from this category. These settings are valid at the time of adding or editing a publication, and if comments are disabled for a category, then the corresponding option is removed at the time of adding or editing a publication.

10. In the category settings in the control panel, added the ability set by default for a category whether rating is allowed for posts from this category. These settings are valid at the time of adding or editing a publication, and if the use of a rating is disabled for a category, then the corresponding option is removed at the time of adding or editing a publication.

11. In the script settings in the control panel, in the security settings section, the ability to enable automatic protection of the site from embedding in frames on third-party sites. When this setting is enabled, your site will be automatically blocked if it is embedded in an iframe on someone else's site. By doing so, you can protect your site from attacks such as clickjacking.

12. Expanded capabilities of the "Metatags" module, this module has been renamed to "Headings, descriptions, meta tags". Now in this module you can set not only meta tags for pages, but also a separate title for the page and a description of the page, which you can later display anywhere in your template. To do this, new global tags for templates have been added: (page title)- displays the title you specify for the page, (page description)- Displays the description you specify for the page. It is also allowed to use BB and HTML tags in the page description. Thus, using this module, you can, for example, create and display titles and descriptions for a tag cloud for each tag individually, etc.

13. Added new global template tags text, which display the text enclosed in them if a title for the page being viewed was set in the "Headings, descriptions, meta tags" module. And also added opposite tags text which output the text contained within them if no title has been set for the page being viewed. Also added similar tags and for description: text, which display the text contained in them if a description was specified for the page being viewed in the "Headings, descriptions, meta tags" module, text which output the text contained within them if no description has been given for the page being viewed.

14. For category menu template (categorymenu.tpl) text, which display the text enclosed in them if the category viewed on the site, or the news, does not belong to the category from the menu. This tag can only be used inside tags and is used, for example, to display some information (such as links) only for inactive categories from the menu.

15. Expanded options for displaying publications based on the values ​​of additional fields in publications. When contacting the address http://yoursite/xfsearch/field name/field value/ publications will be output as before, containing the specified value in that particular field, if the field is set to "use as cross-references". When contacting the address http://yoursite/xfsearch/field value/ publications containing this value for all additional fields will be displayed. When contacting the address http://yoursite/xfsearch/field name/ all publications in which this specified field is filled will be displayed.

16. Added the ability to assign a separate page to the script settings named 404.html at the root of your site to display pages with no content. If this setting is enabled, instead of the standard system message "Unfortunately, this page is not available to you, perhaps its address has been changed or it has been deleted."

17. Added the ability to assign an HTTP header to the script settings, from where you need to get the IP addresses of users. This innovation will be useful for sites that use various external proxy servers and do not have the ability to correctly reconfigure the server for them in order to obtain the correct real IP addresses of visitors. For example, when using the cloudflare service and others to protect against DDOS attacks and using a regular hosting plan without access to server settings. Now, in the script settings in the admin panel, you can tell the script where to get the IP address of site visitors from.

18. When deleting a category in the script control panel, added the ability to choose what to do with publications that are in this category. You can: "Remove this category from publications", "Replace the category with another or other categories", as well as "Delete all publications in this category". In this case, if a category is deleted or replaced from a publication, then only the category being deleted will be removed or replaced. For example, your publication is in the categories "World", "News", "Popular", and you, for example, delete the category "World", then for publications in this category, only the category "World" will be deleted, or replaced, all other categories in the list of these publications will remain in place.

19. A new type of additional field has been added for publications: "Pure HTML and JS". Using given field, DataLife Engine will not interfere with the text written in it, and will not filter the HTML code of this text, and also allows writing pure javascript code in it. This field will be useful when you need to insert some code into the news that does not need to be checked for security, for example, any of your player, etc. Attention, given that the script will not filter the text from this field, when creating it, be sure to set restrictions on which groups are allowed to use it. Do not allow it to be used by ordinary users whom you do not trust, otherwise it may pose a security risk to your site.

20. For additional fields of publications with the option "Use as cross-references", the ability to specify a separator for these links has been added. You can specify both individual characters and HTML code as a separator. Previously, a comma was used as a list separator, now you can set your own personal separator for each field, which allows you to create your own unique output design in the template for each field.

21. Added support for "Yandex Turbo" technology for regular RSS feeds, without using the inclusion in the settings of the RSS feed type as "Yandex news", for this added support for displaying the full news tag (full-story) for any type of RSS feed. Also, the standard template /templates/rss.xml has been updated, which demonstrates how a template with full support for Yandex Turbo should look like. Similarly, the ability to customize the RSS template for Yandex Zen technology is fully supported.

22. Added the ability to reply to comments when viewing all the latest comments on the site, if support for tree-like comments is enabled in the script settings. Thus, for example, you can quickly respond to incoming comments on the site without going into each news item, due to the fact that some of the heavy scripts have been switched to a delayed and independent of page rendering loading. These scripts are loaded into the browser in parallel with the rendering of the page and run only after the page is rendered in the browser. Which visually provides a faster page display.

24. Added the ability for users who are not registered on the site, send complaints to the site administration about news and comments, just like this possibility existed previously only for registered users.

25. Added use of schema.org microdata to display a rating with the "Rating" type. The use of this markup allows for full news, when displayed in Google search results, to also display the rating of the publication.

26. Added automatic orientation detection photos when they are uploaded to the server, based on the meta-information contained in the graphic files. If original photo was turned upside down, then when it is uploaded to the server, the script will also automatically deploy it to the desired position. This eliminates the need to additionally edit pictures on a computer if the camera was rotated when photographing.

27. Added the ability to automatically notify administration of the site about the receipt of new news from users who are on moderation (if it is enabled in the script settings), if the news was added from the script control panel. Previously, a notification was only sent if a post was added directly from the site.

28. If the user edits the publication in the control panel, which was previously published on the site, but according to the settings of his group, he is forbidden to publish without moderation, or is not allowed to publish in all categories, then the site administration will also be sent a corresponding e-mail notification that this news is awaiting moderation.

29. Changes have been made to the operation of the module bread crumbs(Breadcrumbs) website. If news from a certain category is viewed, then for the category in which the user is directly located, this category will be displayed in plain text, not a link. Only categories that are higher in the hierarchy will be displayed as a link, or a link to this category will be displayed if, for example, the user has gone further in navigating through pages in this category. Thus, this innovation avoids cyclic links of pages to themselves.

30. For the "Cross-references" module in the control panel, two new replacement regions for links have been added. You can optionally specify a replacement for static pages only, as well as select a replacement for static pages, news, and comments.

31. For the "Find and Replace" module in the control panel, added the ability to bulk replace text in polls for publications and in voting on the site.

32. Added the ability to delete all publications, awaiting moderation from a specific user. To do this, in the user management section, click on the number of his publications and select the appropriate menu item.

33. Added the ability to delete all comments, awaiting moderation from a specific user. To do this, in the user management section, click on the number of his comments and select the appropriate menu item.

34. Added a formatted script to the admin panel of the script displaying the number of different counters (views, publications, comments). The output of these counters is carried out in a formatted form as a space-separated hundreds, thousands, millions, etc. What gives more visual representation and perception of these numbers.

35. For templates for displaying comments and adding comments (addcomments.tpl and comments.tpl) added support for new tags text- displays the text in the tag if the news belongs to the specified categories, as well as tags: text- displays the text in the tag if the news does not belong to the specified categories. Thus, you can set a different design for displaying comments and adding comments for publications from different categories.

36. Added support for word declensions for the tag for displaying the number of votes that were set for the rating of publications. For example, you can use (vote-num) feedback||a|s. Previously, this was not available for this tag. it contains HTML code, not just a number.

37. If the script settings enable the use of the site only via HTTPS protocol, then cookies by the browser will also be sent to the server only via the HTTPS protocol and will be automatically blocked if the regular HTTP protocol is used.

38. Added control of incorrect CNC for static pages, the text of the publication of which is divided into several pages. If an incorrect page number is specified, an automatic 301 redirect will be made to the starting address of this page.

39. For RSS import of publications, support for importing images from the enclosure tag has been added containing the image to be published. If short description in an RSS feed is just text and a picture is given in it separate tag, then the picture for this publication will also be added to the brief news when imported at the very beginning.

40. Added support for redirects to receive full news when using RSS import of publications. If the link from the RSS feed is a redirect for further transition to the full text of the news on the source site, the DataLife Engine will automatically follow this redirect and take the content from the final source. Thus, receiving full news will be of better quality than before.

41. Changes have been made to the work of tags and. If the use and addition of comments is prohibited for a particular publication, then these tags will also hide the content in them.

42. In case comments are allowed for publication, but at the same time, according to other settings, the user or group of users was prohibited from publishing comments, then a message about this will be displayed not at the end of all comments, but in the place where you define the output of the form for adding a comment with the tag (addcomments) in your template, thereby you can determine the location yourself this message on your website.

43. For authorization using the social network "Odnoklassniki", added the ability to automatically receive User email, provided that the application itself has received the appropriate rights from Odnoklassniki. Attention, by default, Odnoklassniki does not give rights to receive E-mail, and in order to obtain the appropriate access, you must additionally contact the social. network to allow receiving e-mail. If permission is granted, DLE will automatically import the e-mail address as well.

44. Improved aspect ratio calculation system when making small copies. This creates a more correct and high-quality reduced copy.

45. Improved publication search system when enabled in the script settings, a simple search type. The new algorithm allows you to more accurately and correctly find publications.

46. ​​Improved control system for the appearance of duplicate pages, when viewing all the latest comments on the site.

47. Optimized processing of additional fields of publications when displaying brief publications, as well as during the operation of the module for displaying popular publications.

48. Updated visual editors TinyMCE and Froala before current versions. Fixed a number of identified errors in these editors.

49. Added paste support for TinyMCE editor hidden text tags using the corresponding button in the editor.

50. When using the Floara editor for comments, added the ability fast loading and inserting images into a comment. You can either click on the insert picture icon and select a file to upload, or simply drag and drop the picture file from your computer into the editor field, after which the picture will automatically be loaded and inserted into the cursor position in the editor.

51. Minor changes have been made to the layout of the script control panel, aimed at eliminating some layout errors and improving interaction with the control panel.

52. Updated to current versions a library for sending mail from the site, as well as a library for detecting mobile devices.

53. Problem fixed at which in preview publications were not processed tags and .

54. Problem fixed in which meta tags for social networks were formed incorrectly. networks of video and audio, if the video was published in the add. fields and consisted of playlists and descriptions of video and audio files.

55. Problem fixed in which, under certain situations and server settings, the preview of publications could not work when adding publications from the site.

56. Problem fixed in which the dynamic loading of comments did not work if it was enabled in the script settings, and the tag (jsfiles) was placed at the very bottom of the site.

57. Problem fixed in which the display of the latest comments did not work, if for certain group certain categories were banned.

58. Minor bugs in the script that were discovered and announced earlier have been fixed.

Greetings to all who dedicate their precious time to these lines.

In this article, I want to talk about ways to optimally configure the DataLife Engine server and content management system. Over 4 years of working with Internet sites and servers, I learned that security is above convenience and that it needs to be paid attention. Reservation: I do not claim authorship of anyone intellectual property! All material is collected on the Internet.

The following steps will be described to help distribute the server load, protect it from DOS attacks, restrict access to the FTP protocol, and properly configure the DataLife Engine system.

Protecting and configuring your server.

1. Setting up the server configuration using the front-end Nginx to Apache bundle.

The advantages of such a scheme can be understood with a small example. Imagine that your Apache web server needs to service about 1000 requests at the same time, and many of them are connected to slow communication channels. In the case of using Apache, we will get 1000 httpd processes, each of which will be allocated RAM, and this memory will not be freed until the client has received the requested content.

In the case of a scheme using a front-end server, we will get significant resource savings due to the fact that after a request is received, nginx passes the request to Apache and quickly receives a response. As a result, Apache, after giving the answer to nginx, releases memory. Next, the nginx web server interacts with the client, which is just written to distribute static content to a large number of clients with little consumption of system resources.

For the correct operation of our bundle, we need a module for Apache. There is such a need for the following reason: requests to Apache come from the IP address on which nginx is running, respectively, only the IP address of the nginx server will appear in the Apache log files. Also, without using this module, problems will begin with scripts that use the visitor's IP address and the mechanism for restricting access by IP addresses using .htaccess will stop working correctly.

Installing NGINX on popular operating systems.

Red Hat Enterprise Linux 4 / CentOS 4
To install nginx on these operating systems, you need to enable an additional package repository.

Red Hat Enterprise Linux 5 / CentOS 5
To install nginx on these operating systems, you need to enable an additional EPEL package repository.

ASPLinux Server 5 / Fedora
nginx is included in the standard distribution package.

If the repositories are connected or simply not required, we execute: yum install nginx

Installing Apache.

to install Apache web server enough to do: yum install httpd

Install mod_rpaf.

1. Install the httpd-devel package:

yum -y install httpd-devel


2. Download and install mod_rpaf:
We enter the directory /usr/local/src

cd /usr/local/src


Load the mod_rpaf-0.6.tar.gz file into /usr/local/src

wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz


Unpack mod_rpaf-0.6.tar.gz

tar xzf mod_rpaf-0.6.tar.gz


Go to the directory in which you unpacked

We put the module in the system

apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c


3. Next, you need to create a mod_rpaf configuration file - /etc/httpd/conf.d/rpaf.conf and add the following lines to it:


RPAFenable On
RPAFproxy_ips 127.0.0.1 xx.xx.xx.xx yy.yy.yy.yy


where xx.xx.xx.xx and yy.yy.yy.yy are the IP addresses of your server. If there are more than two IPs on the server, add them in the same way.

service httpd restart


4. In nginx, the following lines must be specified inside the http () block:

proxy_set_header Host $host;


If these lines are specified, you do not need to append.

If nginx.conf is modified, restart nginx:

/etc/init.d/nginx stop
/etc/init.d/nginx start


5. How to check if the installed module is working?
On any of the domains that are located on your server, place the test.php file with the content:

" echo $_SERVER["REMOTE_ADDR"]; ?>"


Next follow the link where domain.tcom is your domain name. If an IP is displayed that is different from your server's IP, the module is working correctly.

nginx setup.

The following is the nginx configuration file for working as a front-end server. It is assumed that nginx will run on all interfaces on port 80, and Apache will run on interface 127.0.0.1 and port 8080. Save this configuration file in the /etc/nginx/ directory with the name nginx.conf.

user nginx;
worker_processes 10;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;

events (
worker_connections 20000;
}

http(
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main "$remote_addr - $remote_user [$time_local] $status "
""$request" $body_bytes_sent "$http_referer" "
""$http_user_agent" "http_x_forwarded_for"";
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
send_timeout 900;
server_tokens off;
server(
listen 80;
server_name_;
server_name_in_redirect off;
access_log /var/log/nginx/host.access.log main;
location / (
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 10m;
}
}


Apache setup.

In the Apache configuration file /etc/httpd/conf/httpd.conf find the line:

and replace it with the line:

Listen 127.0.0.1:8080


mod_rpaf setting.

Add the mod_rpaf module to your Apache configuration file. To do this, add the following line to the /etc/httpd/conf/httpd.conf file:

LoadModule rpaf_module modules/mod_rpaf-2.0.so


Then add the following lines to the same file:

RPAFenable On
RPAFsethostname Off
RPAFproxy_ips 127.0.0.1 192.168.0.1
RPAFheader X-Real-IP


Instead of 192.168.0.1, you need to put the server's IP address.

2. Server configuration to protect against dos attacks.

Enable caching in nginx home page for those who do not have cookies.

Add restrictions to nginx.conf:

limit_req_zone $binary_remote_addr zone=two:20m rate=2r/s;
server(
location / (
limit_req zone=two bursts=5;
}
}
}


We use tail and awk:

tail -f /var/log/nginx/access.log | grep GET / HTTP/1.1" 503


We connect the log:

tail -f /var/log/nginx/access.log | grep GET / HTTP/1.1" 503 | awk "( print $1 )"


We get the IP of machines:

iptables -A INPUT -p tcp -j DROP -s $IP


We enter the IP in the Firewall:

tail -f /var/log/nginx/access.log | grep GET / HTTP/1.1" 503 | awk "( print $1 )" | xargs -t -l iptables -A INPUT -p tcp -j DROP –s


Now let's set connlimit for iptables to limit bot connections. In the rules, we set permission for 5 connections from one IP, and 25 from the class C subnet.

DDOS attack from 16000 bots - Load average: 1.4 1.9 2.0

FTP Access Restriction

To do this, we need a .ftpaccess file. It will help to deny or allow FTP access from the specified IP addresses. Someone may ask the question: "I have a dynamic IP, how do I properly use .ftpaccess?" The answer I mean is only this: “If you need this security add-on, get a static IP from your provider. They won't ask you for a lot of money."

To create the .ftpacces file we need SSH access. You can use winscp. There can be a lot of settings in .ftpaccess, but we are only interested in one parameter. By writing these lines in the file, you will completely block access from everyone:

Deny from all


After the above, no one will be able to access the FTP. To add access permission to a specific IP, you need to specify the following parameters:

Allow from 127.0.0.1
Deny from all


Naturally, the address 127.0.0.1 is indicated as an example and must be replaced with your own.

Important! It is best to disable FTP access to absolutely everyone and connect only via SSH.

Protection of the content management system DataLife Engine.

1. Install and configure .

2. Rename the admin panel file and make a fake at the old address (www.sait.com/admin.php) when going to which the user will be blocked by prohibiting his ip in .htaccess.

Renamed? Now we create an ip.txt file in the root directory to store ip addresses. We give him and .htaccess chmod rights – 777.

Create an admin.php file with the following content:


$ip = getenv("REMOTE_ADDR");

$log = fopen("ip.txt", "a+");
fwrite($log, "// ".$ip."\n");
fclose($log);

$f = fopen($_SERVER["DOCUMENT_ROOT"] . "/.htaccess", "a");
fwrite($f, "\ndeny from " . $ip);
fclose($f);

Admin panel DataLife Engine

Text, for example: Your ip is in the logs, I will find you!

Fear, little one, ha ha!

"
3. Let's add additional authentication in the admin center.

You need to come up with another login and password (do not use your administrative account details). The second login and password must be fundamentally different from the first. Decided? Fine! Now let's encrypt our password in md5 (you can do this on the md5encryption.com website).
Next, open admin.php (remember, we renamed it earlier and, therefore, if you named it superadmin.php, you need to open this one) and after the line:

add:

$login="enter the login you made up";
$password="and generated password in md5";
if (!isset($_SERVER["PHP_AUTH_USER"]) || $_SERVER["PHP_AUTH_USER"]!==$login ||
md5($_SERVER["PHP_AUTH_PW"])!==$password) (
header("WWW-Authenticate: Basic realm="Admin Panel"");
header("HTTP/1.0 401 Unauthorized");
exit("Access Denied");)


4. Disable unused php functions by the system.

To search for the php.ini file, create a phpinfo.php file with the text:

After searching, be sure to delete phpinfo.php!

disable_functions = allow_url_fopen, eval, exec, system, passthru, scandir, popen, shell_exec, proc_open, proc_close, proc_nice, get_current_user, getmyuid, posix_getpwuid, apache_get_modules, virtual, posix_getgrgid, getmyinode, fileowner, filegroup, getmypid, apache_get_version, apache_getenv, apache_setenv, disk_free_space, diskfreespace, dl, ini_restore, openlog, syslog, highlight_file, show_source, symlink, disk_total_space, ini_get_all, get_current_user, posix_uname, allow_url_fopen


5. Create filtering of GET and POST requests, prevent injections into the database and getting data from it.

Create a .php file with an arbitrary name and the following content:

// set to one if you want to enable query debugging
$debug = 0;

$bag_req = array("select", "eval", "echo", "UPDATE", "LIMIT", "INSERT", "INTO", "union", "CONCAT", "INFORMATION_SCHEMA", "OUTFILE", " DUMPFILE", "LOAD_FILE", "BENCHMARK", "SUBSTRING", "ASCII", "CHAR", "database", "HEX", "\\.\\/", "%00", "\\.htaccess ", "config\\.php", "document\\.cookie");
$request = serialize($_GET);


if($_GET)
{
foreach ($bag_req as $key => $value) (
{
Query found in array $value
$request";
}
}
}
if($_POST)
{
$request = str_replace("selected_language", "sl", serialize($_POST));
$urequest = urldecode($request);
$brequest = base64_decode($request);
foreach ($bag_req as $key => $value) (
if(preg_match("/$value/i", $request) || preg_match("/$value/i", $urequest) || preg_match("/$value/i", $brequest))
{
if($debug == "1") $do_debug = "
Query found in array $value, which blocks the correct operation
$request";
die("BAD REQUEST $do_debug");
}
}
}
?>


We save it on the server in any directory of the DLE system. Open the file engine/classes/mysql.php and after:

if(!defined("DATALIFEENGINE"))
{
die("Hacking attempt!");
}


connect the created file:

include_once(ENGINE_DIR."/path_to_file/name.php");


6. When using free components for DLE, be sure to get the opinion of a specialist about their reliability.

If you have any questions, please contact search engines- all material is freely available!
Have something to add? Welcome to the discussion!

Good luck to you and your projects!

DLE or DataLife Engine is a paid CMS for managing the content of your website. CMS has a powerful system for managing news, publications, articles, users and is designed to create information portals and blogs. Thanks to the many built-in features and the use of advanced AJAX technology in the CMS, your site will consume less server resources even with a large number of visitors. In this guide, you will learn how to install DLE on Hostinger.

Before you start this guide, you will need the following:

  • Access to your hosting control panel

How to Install DLE on Hostinger

Before you start installing DLE, you need to perform these steps:

Step 1 - Downloading the DLE Setup Files

Open folder upload in your FTP client and upload all files from the folder to your hosting account to the directory public_html.

THE NOTE! In this tutorial, we use FileZilla to upload files, but you can use any FTP client you like.

Step 3 — Setting File Permissions

DLE installation takes place in automatic mode, all you have to do is set the appropriate permissions for a few separate folders and files that you have previously uploaded to your hosting account.

  1. First, set write permissions for the folder templates and all its subfolders. To do this, right-click on the folder templates in the FileZilla interface and select the option File Attributes...

  1. Next, in the window that appears, enter Numeric value 777 to change write permissions, check the box next to Redirect to nested directories and mark Apply to directories only.

  1. Next, you need to change permissions for all files in the folder templates, but with 666 permissions. To do this, open the folder attributes again templates and ask Numeric value 666, check the box next to Redirect to nested directories → Apply to files only.

  1. Do the same with folders backup, uploads, as well as for all folders inside them. Next for folders /engine/data/, /engine/cache/, /engine/cache/system/. For all specified directories, set write permissions to 777.
  2. Now you can start installing DLE.

Step 4 — Installing DLE on Hostinger

To start the installation, enter your domain name in the browser. If the installation window doesn't pop up automatically, add install.php to your domain name. For example, your-domain.ru/install.php.

  1. If everything is done correctly, you will see the DataLife Engine Installation Wizard window. Click the button Start installation.

  1. Next, accept the user agreement by checking the box next to I accept this agreement. Click the button to continue installation. Proceed.

  1. In the next window, check that your server matches necessary requirements and press the button Proceed.

  1. Next, check that the file permissions you set earlier are correct. If everything is correct, click again Proceed.

  1. In a new window, you need to fill in the details of your database and data for account administrator of your DLE site.

  • Site URL- your website address

Data for access to MySQL server.

  • MySQL Server– MySQL server of your database hosting. If you are a Hostinger user, you can find the information you need in the section Databases → MySQL Databases.
  • Database name is the name of your MySQL database.
  • Username is the name of the user assigned to your database.
  • Password– password from the user account of your database.
  • Prefix– MySQL database table prefix. You can leave it unchanged.
  • Database engine- it is recommended to leave the default value. InnoDB.
  • 4 bytes UTF– when this option is enabled, DLE will store additional information in the database. This option may affect the performance of your site.

Data for access to the control panel.

Enter the data to access your site's control panel. Enter your real address Email, it will be used to restore access to the administrator account.

Additional settings.

Enable CNC Support– enable human-readable URL. When this option is enabled, the title of the article will be displayed in the address of the article. This function useful for SEO optimization.

  1. To avoid restarting the installation or update, delete the file install.php and folder upgrade from your website directory. Click the button Proceed.

Congratulations, you have successfully installed DLE for your website on Hostinger.

Conclusion

Having finished this manual you have learned how to install DLE on hosting. Installing DLE is a fairly easy process if you have followed our step by step guide carefully. Despite the abundance of CMS today, DLE has its own characteristics and good performance.

You can always find the latest releases of the DataLife Engine on the site. Choose different - nulled and licensed versions of cms DLE, CP1251 or UTF-8, all the latest directly from dle-news. For example new You can download DataLife Engine 13.0 Final and nulled DLE 13.0 without registration for free, and via a direct link.
the site is always the first to offer the latest releases!

DataLife Engine 13.0 Final and nulled DLE 13.0 for free

Getting started with the new Datalife Engine: how simple it really is!

Many have heard of such a CMS as Datalife Engine. And certainly no less people have heard about its obvious advantages. About functionality. About support for MySQL and its extensions. And, of course, about how convenient Datalife Engine is for both users and those who administer websites.
Many people wanted to experience all the delights, and tried to download DLE. But, alas, you can only try the test version for free, while you can evaluate all the benefits of CMS 13.0 only with a license. By the way, it is undesirable to use illegal software. This can harm the site created on DLE and its owners. There is no point in risking at all - the cost is slightly more than one hundred dollars. Therefore, you should not download dle from a torrent. It is much easier to download from us, try it and then decide whether to hack cms or buy a license.

What to do if you decide to test this wonderful engine?

The procedure is very simple, but has its own nuances:
unpacking to the server in the site folder;
support PHP server 5.0;
server with adequate traffic;
20 MB disk space.
If the website is installed on a local terminal, then you need to install special software that plays the role of a server here. The best option for this is Apache or Denwer.
MySQL is assumed, where the database is created so that the latter has full access. Rights are also assigned to several folders, about which it is advisable to look in more detail in the instructions. There are other folders inside the folders and they will need CHMOD 777 write permissions. Internal files must have CHMOD 666.
The program runs through the use of absolutely any browser. The following address is written in its line install.php. Installation instructions follow. Enter login/password.
When the installation is complete, install.php is removed from the directory, as well as the contents of the upgrade. What is this action for? Without uninstallation, each launch of the Internet resource will begin with the DLE Nulled 13.0 installation that you are using. The CMS is accessed using the url shown in the instructions. This "url" leads directly to the admin panel.

What will site visitors get?

They will be able to register quickly, they will be able to immediately add comments. A big plus of the system is the introduction of news by the "users" themselves. After registration, the rating of the “user” profile begins to form.
News can be deleted or edited, photos in profiles can be changed, forgotten or lost credentials can be restored. The possibilities are very serious. "Admins" will receive no less functionality. They can do everything that "users" can do, including managing user profiles.
In a word, CMS DLE is enough simple system, which does not require anyone to be a web programming guru. A simple user will be able to easily create their own website with many great features. And fans of this control system are waiting for the imminent release of version 13.1. So far, nothing really is known about it, since the press release 13.0 has just been released, but many are waiting for the release.
As soon as the release takes place, we will definitely do a review. In the meantime, stay tuned and read what's new in Celsoft version 13.0:


Presented to your attention DLE 13.0, downloaded from off. site, which without activation will be a demo version. But specially for you was prepared which will do with a demo - license. But we offer this, for informational purposes only! And as always DLE 13.0 nulled - which differs from the original version in that we decoded and removed the code that asks for the key in the files - \engine\inc\include\init.php and \engine\inc\include\functions.inc.php, no other code changes were made! Site administrators remind that they offer a nulled version and keygen - for reference only with all the possibilities of the script, and ask after studying all the same to buy a license. We bought a license for the portal site and we strongly recommend that you do the same!

RELATED ARTICLES