XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk


(1) 2 3 4 ... 29434 »


1
erikperk
Re: xoops_redirect

  • 2024/12/10 8:22

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 12/22 10:2


Quote:

goffy wrote:
hi

because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:
57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"

It seems that someone is using xoops_redirect to burden my system on the site, maybe to make spam registration possible, I dont know.

but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?

what do you think
Are you sure this is the only IP causing the load? It might be worth checking other IP addresses or request patterns.
Topic | Forum


2
erikperk
Re: XOOPS MyMenus 1.54.0 Beta 10

  • 2024/12/10 7:53

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 12/22 10:2


I see. Thanks for the work you've done.
Topic | Forum


3
Mamba
Re: xoops_redirect

  • 2024/12/10 6:22

  • Mamba

  • Moderator

  • Posts: 11412

  • Since: 2004/4/23


You might limit registrations by forcing them for your approval. Once you see where they are coming from, you can ban the IP or email addresses
You could also add CAPTCHA to registration.

Other ways to consider

1) ModSecurity Rule (if you use ModSecurity):
# Detect multiple occurrences of xoops_redirect
SecRule ARGS_NAMES "@streq xoops_redirect" "chain,phase:2,deny,status:403,id:1000"
SecRule &ARGS_NAMES:xoops_redirect "@gt 1"


2) URL Rewriting Solution (Apache):
# Keep only the last xoops_redirect parameter
RewriteCond %{QUERY_STRINGxoops_redirect=([^&]+).*xoops_redirect=([^&]+)
RewriteRule ^(.*)$ $1?xoops_redirect=%[R=301,L]


3) Other possible options:

- Implement rate limiting for requests containing xoops_redirect
- Validate redirect URLs against a whitelist
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


4
Mage
Vulnerability in xmnews, xmsocial and xmarticle modules

  • 2024/12/9 20:59

  • Mage

  • Core Developer

  • Posts: 209

  • Since: 2009/8/2 1


It is important to update the following modules as soon as possible

xmnews, xmsocial and xmarticle

Ill-intentioned persons could exploit a security flaw. To avoid any risk, please use version 1.8.0 of xmnews, 2.1.1 of xmsocial and 1.5.2 of xmarticle.

Thanks to mcdruid for informing me of the security flaw.
Topic | Forum


5
goffy
xoops_redirect

  • 2024/12/8 9:18

  • goffy

  • Just can't stay away

  • Posts: 544

  • Since: 2010/12/27


hi

because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:
57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"

It seems that someone is using xoops_redirect to burden my system, maybe to make spam registration possible, I dont know.

but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?

what do you think
Topic | Forum


6
Mamba
Re: XOOPS MyMenus 1.54.0 Beta 10

  • 2024/12/6 2:52

  • Mamba

  • Moderator

  • Posts: 11412

  • Since: 2004/4/23


No plans on my side (because of lack of time), but if somebody submits code for it, then, of course, we could include it.

It would be definitely nice to be able to select an icon library in the preferences of MyMenus.
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


7
erikperk
Re: XOOPS MyMenus 1.54.0 Beta 10

  • 2024/12/5 13:12

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 12/22 10:2


The ability to use Font Awesome is a big plus. Do you plan to expand support for other icon libraries?
Topic | Forum


8
Mamba
XOOPS MyMenus 1.54.0 Beta 10

Please test MyMenus 1.54 Beta 10

Changelog:

- add option to use font awesome icons (liomj/mamba)
- fix cloning of links (liomj/mamba)
- fix return to the same menu after delete of links (mamba)
- escape column names with backticks (mamba)
- fix pagination of menus (liomj/mamba)
- add new skins: imageonly, xswatch4 (liomj)

HELP NEEDED

We'll need some help from designers to do some magic with the skins.
Some of the skins seem to be outdated, so we need a refresh:

a) fix those skins that are fixable
b) remove the skins that are totally outdated
c) add couple of new and attractive skins

Who could help us with it?
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


9
Mamba
Re: XOOPS MyMenus 1.54.0 Beta 7

Please test MyMenus 1.54 Beta 10

Changelog:

- add option to use font awesome icons (liomj/mamba)
- fix cloning of links (liomj/mamba)
- fix return to the same menu after delete of links (mamba)
- escape column names with backticks (mamba)
- fix pagination of menus (liomj/mamba)
- add new skins: imageonly, xswatch4 (liomj)
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


10
liomj
Re: XOOPS MyMenus 1.54.0 Beta 7

  • 11/16 12:32

  • liomj

  • Just popping in

  • Posts: 94

  • Since: 2012/4/10


Resized Image


xswatch4 mymenus skin for xswatch4 theme

Download
Topic | Forum



TopTop
(1) 2 3 4 ... 29434 »



[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

267 user(s) are online (243 user(s) are browsing Support Forums)

Members: 0

Guests: 267

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits