Support:   [ DalNet IRC -> #HackerHunter ]  [ ICQ -> 273582217 ]   [ MSN messenger -> polar_lights_labs@hotmail.com ]    

Features
News
Download
FAQ
On-line demo

Support
Forum
E-mail
If you like our script, please rate it!
 

 
 

  Scripts.com

  
  • General questions about HackerHunter (HH)
     
    1. HH Pro distributed in plain text script format or it is encoded using Zend or some other encoder?
      No. Only licence key in config.inc.php file is encoded. Everything except it can be viewed and edited.
    2. "Site license" means that I must install something on my site or may be each HH version comes together with my site-specific key file?
      Yes. Installer store your key in hunter.unlock file and config.inc.php. If you will damage or lost your key it will be impossible to unlock trial version and your users will not be able to login.
    3. Are there any backdoors, universal passwords or spyware in HH?
      Absolutely not! And as all scripts come in not encoded source, you can see yourself that we never spy for our customers and never leave backdoors in protection systems.
    4. Is there any hope to find somewhere ASP version of HH?
      No. Sorry, but we all here not sure that it is possible to build worthily protection system based on ASP and windows servers. May be some day we will release Perl, JSP or ColdFusion port of HH, but not ASP.
    5. I am already using database on my site. Can HH work together with other tables in same database or it needs separate database? Is unsafe looking from security side?
      Sure. HH can work together with any number of other tables in same database. Just make sure that you have no tables with duplicated names. It is not unsafe until you have no vulnerabilities in other scripts that use same database.
       
  • Configuring HackerHunter
     
    1. What is "protection mode"?
      Since version 2.0 HH have 6 different protection modes (real support of second protection mode appeared in v.1.02):
      Fist protection mode is the closest one to common way used by all other systems for protecting folders on web sites. In that protection mode system add first 3 numbers of all authorized users IP to allow list in .htaccess (server access file). Access from all other IP numbers always denied. You will need mod_access module installed for it. After it system generate temp username and password for each authorized user and add constantly add and remove that temp users information from password file. You will need mod_auth module installed for it.
      Second protection mode based on our own method, so it used only by HackerHunter web sites protection system ® and still experimental. In that protection mode system add correspondence of first 3 numbers of all authorized users IP-s to session cookie (random 32 digits) in .htaccess (server access file). If user's IP irrelevant to session cookie stored in authorized users list, he will be redirected to login page. You will need mod_rewrite module installed for it. Sometimes second protection mode may take more processor time, but server load difference between first and second modes never was more then 5% (according to statistics that we already have at this moment).
      Third protection mode was made especially for protecting .cgi scripts on your site. In that mode system don't write something in servers access files. You will have to copy hhprotect.cgi in cgi-bin folder (because installer change this file) and add string
      require "hhprotect.cgi";
      n the beginning of all cgi scripts to start protecting them.
      Fourth protection mode is the alias of third, but for PHP scripts. You will find your site specific instructions in protected folders section of administrator CP.
      Fifth protection mode is the alias of fourth, but will work without adding something in the beginning of php scripts. You will find your site specific instructions in protected folders section of administrator CP.
      Sixth protection mode will redirect all server responses to pass through output.php. You may use that mode if you have problems with installing or configuring Apache modules, because it don't use modules at all. That mode leaves better logs, but can be a reason of high server load if you have a lot of visitors in protected part of your site. You will find your site specific instructions in protected folders section of administrator CP.
    2. What means "temp username and password"?
      HH wait real username and password from user only once. It must be entered in form on main login page. If password will be approved HH generate random username and password add that random user in online users list in database, in server access files. User will see his temp username and password on welcome page and will have to type them in standard standard authorization dialog. Temp users used only in first protection mode.
    3. What means "access files update"?
      With default settings after each successful login HH remove expired online sessions, recount active online users, completely clear everything from .htaccess (server access file) and .hthunter (password file) files in all protected folders where users number changed and write there new content according to current active online users list stored in database. You can set force_update_access_files in settings to Yes and HH will do that job after any script call.
    4. I set server_session_timeout to 30 minutes in settings and I am inside protected folder already 40 minutes! Is it bug?
      Any user in protected area will be logged of only after next server files update. When user will be removed from active users list and access files, his next request of any item in protected area will be rejected. If you use second protection mode user will be redirected to login page and in first protection mode if there will be still active users from same IP range (3 or 2 first numbers of IP address), he will see standard HHTP authorization pop-up window. Real usernames and passwords will not work in that standard pop-up and only after clicking "Cancel" user will be redirected to 401.html page. Link on that page must follow login page with fill web path starting from / symbol. If there will be no active users from same IP range in protected folder after updating server files, user will be redirected to login page in first protection mode too. If you have too few users on your site, try to include in all HTML pages in your protected folder refresh.php as it included in distribution protected page example and force_update_access_files in settings to Yes. After it all your users will be logged off in supposed time.
    5. Is it possible to completely remove standard HTTP authorization pop-up after session expire or if somebody will try to access protected folder directly?
      Just don't use first protection mode :)
    6. I have more then 5000 unique visitors on my site every day and seems that my server load become too high. Can HH handle so much hits?
      On most server configurations HH must not take too much processor time, but if you have problems with server load, you may disable some features:
      Most part of processor time takes access files updating process. To minimize processor time usage for that process don't use refresh.php on pages in protected folder and set force_update_access_files in settings to No
       
  • Using HackerHunter
    1. I already have some registered users on my site. Is it possible to import users directly from .htpasswd file?
      No. Unique e-mail address required for importing in HH
    2. I already have some registered users on my site. I am able to create list of usernames:emails for importing, but is it possible to import old passwords too?
      No. According to basic security rules all passwords in HH are random and generated on server. If you have valid e-mails list, importing system will mail new login info to all imported users in the end of process.
    3. Is it possible to let users to select passwords while registration?
      No. See previous question.
    4. I use remote billing server for paid protected area on my site. Is it possible to synchronize HH user passwords with passwords stored on billing server?
      It is possible to synchronize usernames and e-mails only.
    5. I use remote billing server for paid protected area on my site. Can that server add or remove HH users?
      Using remote rules you can integrate HH with any remote billing server that can send not encrypted data on your site using GET, POST or in query string. If your remote billing server can add or remove users on your site using its standard scripts, there is 99% of chance that this billing server can be described in remote rules.
    6. I use remote billing server for paid protected area on my site. Can you help me to create remote rule for my billing server?
      Sure we will help. Please point all remote server calls to remote.php on you server (on most billings it is possible to change url for calling standard scripts in your account control panel), try to create some user from control panel on billing server, remove some user from same control panel and try to do test sign-up. After it enter HH admin panel, click "remote logs" link and send details of that 3 requests (they all will be marked a "Unknown IP") to us using support e-mail, ICQ, MSN, AIM, Yahoo messengers or forums. We will reply you with rule file that may be imported from HH admin panel.
       
    • More questions will be added soon.