Hi I seem to be having a problem with my site. heres some background on what up and running. On
http://www.labradorsonline.com/
XOOPS Version XOOPS 2.4.4
PHP Version 5.2.15
mySQL Version 5.1.52
Server API cgi-fcgi
OS Linux
safe_mode Off
register_globals On
magic_quotes_gpc Off
allow_url_fopen On
fsockopen On
post_max_size 64M
max_input_time 60
output_buffering
max_execution_time 30
memory_limit 64M
file_uploads On
upload_max_filesize 64M
XOOPS License

This site has been hacked 3 time sin 3 months haven't lost use of modules just clears out all topic posts and forums.. I get 10 new memberships daily with fr.@yahoo.fr. I am now doing admin activation only. I have the protector module installed.

Am working with the person who hosts the site for me to check in the data base. Also one member has continually got multiple e-mails about changing his pw for data base. has happened for the last 2 days .

Its a small site I'm green going forward and would just like someone to guide me if you can so I don't lose everything if it happens again. Another site which is xoops based and hosted with mine has also crashed so that is a concern


Should I go forward with these directions on the protector module?


XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.
'register_globals' : on Not secure
This setting invites a variety of injecting attacks.
If you can put .htaccess, edit or create...

/home/labon/public_html/.htaccess

php_flag register_globals off
'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.
'session.use_trans_sid' : off ok
'XOOPS_DB_PREFIX' : xe82 ok
Go to prefix manager
'mainfile.php' : patched ok
'databasefactory.php' : Your databasefactory is ready for DBLayer Trapping anti-SQL-Injectionok


Being a beginner is mind boggling love this simpleness of the forum and dont want to lose it. Thanks for any direction at all.

There are some things you will want to do to help secure your site.


Turn off register_globals.

You can do this in your php.ini file and is generally the preferred location if you can access it. (If you do a google search on "php register globals" you can find out what this is and why you want it off and how to turn it off. )


Make sure you have the latest versions of any modules you are using. You should upgrade to 2.4.5 of xoops. I would wait to upgrade to anything newer at this point.


You do want to move your lib and data directories out of your "document root" which is the main directory of your web site.

This should be as simple as copying the folders outside of this directory and then modifying the mainfile.php file to reflect the new location.

Another thing you can do is move your database information out of the mainfile.php and move them into a file outside of document root.


Not sure that any of those things are the problem with your site but is is a great start to making sure your site is protected.

You may need to look at some of the changes to the module profile that have been listed elsewhere. I am sure someone can help you with links to the related threads on this.

Or you can search the forums .