XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Q and A 
  4.  / URGENT Spam Post from unidentified user
Register
1
xtremepr
URGENT Spam Post from unidentified user

  • 2007/5/16 21:40

  • xtremepr

  • Just popping in

  • Posts: 32

  • Since: 2006/8/3 0


Today a reply post appeared in one of our forums. It had around 30 links to http://blogs.cc.gatech.edu/veronica/wp-content/themes/akismet/wp-comments1.html '>airline discount tickets with the subject Cheap Discounts.

How can I protect my system to prevent it from happening again? The user is not a registered user and the system does not allow post from guest users.

I'm using xoops. 2.0.16 and newbb 2.02
2
skenow
Re: URGENT Spam Post from unidentified user

  • 2007/5/17 0:23

  • skenow

  • Home away from home

  • Posts: 993

  • Since: 2004/11/17


Install the latest version of Protector (3.02) - it has URL spam settings for users and guests. It has reduced the spam on my sites dramatically!
3
xtremepr
Re: URGENT Spam Post from unidentified user

  • 2007/5/23 19:03

  • xtremepr

  • Just popping in

  • Posts: 32

  • Since: 2006/8/3 0


Protector 3.02 installed as instructed, but when I edit mainfile.php to add:

include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;

if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '') {

include XOOPS_ROOT_PATH."/include/common.php";

}
include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php'

I get the following error on my website


Warning: main(home/puertori/xoop_trust_path/modules/protector/include/precheck.inc.php): failed to open stream: No such file or directory in /home/puertori/public_html/mainfile.php on line 179

Warning: main(home/puertori/xoop_trust_path/modules/protector/include/precheck.inc.php): failed to open stream: No such file or directory in /home/puertori/public_html/mainfile.php on line 179

Warning: main(): Failed opening 'home/puertori/xoop_trust_path/modules/protector/include/precheck.inc.php' for inclusion (include_path='.:/usr/local/lib/php') in /home/puertori/public_html/mainfile.php on line 179


Any ideas? It seems that everything its define well.
4
wtravel
Re: URGENT Spam Post from unidentified user

It means that the file cannot be found in that path.

I suggest you look again carefully, because when php says the file is not there, usually it really isn't
5
nachenko
Re: URGENT Spam Post from unidentified user

  • 2007/5/23 20:55

  • nachenko

  • Quite a regular

  • Posts: 356

  • Since: 2005/1/18


possible typo:

Warning: main(home/puertori/xoop_trust_path/modules/protector/include/precheck.inc.php): failed to open stream: No such file or directory in /home/puertori/public_html/mainfile.php on line 179
6
Tobias
Re: URGENT Spam Post from unidentified user

  • 2007/5/24 6:06

  • Tobias

  • Not too shy to talk

  • Posts: 172

  • Since: 2005/9/13


If the system doesn't allow posts from users who are not registered, and a user who is not registered is nevertheless posting, then you might have a serious situation. Like somebody having access to your database. So that's not to be taken lightly. XOOPS Protector helps, of course.

But there're forums in your board where anonymous users can at least reply to posts (like in Preguntas, sugerencias y comentarios)

First step to enhance the security of your site: Don't reveal ANY path (to folders or files, like here to your "trusted" folder) that's specific to your userspace on your webserver here on this board. You may want to edit your post above. Also, perhaps you could delete or mask the spam URL that you quote above. No need to give him an additional link.
7
xtremepr
Re: URGENT Spam Post from unidentified user

  • 2007/5/26 19:06

  • xtremepr

  • Just popping in

  • Posts: 32

  • Since: 2006/8/3 0


Quote:

wtravel wrote:
It means that the file cannot be found in that path.

I suggest you look again carefully, because when php says the file is not there, usually it really isn't



I've change the names of the path for security reasons.

Could it be that it can't be found because it is outside the public and right on the root directory of the server?

I did it that way because thats what the protector install instructions says.
8
skenow
Re: URGENT Spam Post from unidentified user

  • 2007/5/26 21:15

  • skenow

  • Home away from home

  • Posts: 993

  • Since: 2004/11/17


You can add the folder outside the web root, which is how the Protector installation instructions read. However, the path to the folder must match XOOPS_TRUST_PATH in mainfile.php. Your folder may be there, but XOOPS is being told to look for a different folder (shown in the error message)

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

370 user(s) are online (291 user(s) are browsing Support Forums)

Members: 0

Guests: 370

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits