Support Forums - All Posts - XOOPS Web Application System

11

Re: heathernova.net problems on new Virtual Private Server (VPS)

2008/6/25 22:01
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

oh i got it. On the permission table of the news admin panel I needed to open the "view permissions" to everyone.

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

12

Re: heathernova.net problems on new Virtual Private Server (VPS)

2008/6/25 21:47
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

Quote:

trabis wrote:
Sorry, you don't have the permission to access this area.

If the page does not automatically reload, please click here

Can´t read, can´t score

you cannot even access the news module?

It is actually the main page when you go to heathernova.net. Well I can see it if I go from an internet cafe. So I wonder now.
What directories do I need to open. Files are open for read to the world!

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

13

Re: heathernova.net problems on new Virtual Private Server (VPS)

2008/6/24 21:42
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

trabis, would you mind to explain for somebody non expierienced with php, XOOPS and mysqpl? What do do I need to open, give access to that it works? As of the attacks lots of directories where closed. Well please PM or post here what I should change, or try out. The website is getting more and more stable: Still haven't yet get run the protector module to work so.
Please don't mind that security is my major concern

Your knowlegde and help is very much appreciated!

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

14

Re: heathernova.net problems on new Virtual Private Server (VPS)

2008/6/23 22:12
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

Looks like I had a lot of people attacking the website. I could fight against it and eliminated a virus/exploit.
Since two weeks now the website runs quite stable.
Still need to get this protector module running.

I have now a question to the news module. In the past the number of reads was always updated and we usually have quite a lot reads for each news message. Currently they all have zero reads! There must be a little prob as i am sure there are quite a lot of people reading the news. How does this reading count works for the news? Where is this number stored?

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

15

membership module - functionality requests

2008/6/15 21:20
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

On my website heathenova.net the members had memberlist as module, which is exactly the same as 'find users' from the system admin panel.
Membership pretty much has already what the members of my forums needs, but there are request to see and sort for "Last login". Is it possible to add this? Another request would be to see and sort the number posts.

I am sure 'trabis' this is easy to implement for you!

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

16

Re: Security

2008/6/15 21:01
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

good idea. thank you.

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

17

Re: Security

2008/6/14 22:56
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

As the upload are from apache, doesn't it make sense to change the group to apache for the upload directories, so the world permission could be avoided? Means those who where able to hack ssh or ftp or sftp cannot go to those directories and upload files there?

permissions could be then 770 or even 570. Does it makes sense?

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

18

Re: Security

2008/6/14 22:50
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

I got help from the person who actually build up HNN (heathernova.net) in the past and hosted it on his server. A very experienced guy.

So we analyzed lots of log files, looking what kind of attacks they are and finally build up IP tables to reject any of those requests and attacks to the server, starting from disabling unnessary tools and services to blocking IP addresses that tried to attack.

So since two days heathernova.net is quite stable!

Installing the Protector Module didn't yet work like explained in the manual unfortunatelly. We will try to install.

Looking at the description of the tool, it is so much necessary to protect Xoops! I am a bit concerned of the problems that could happen.

Quote:

Xoops Protector is a module to defend XOOPS2 from various and malicious attacks.

This module can protect a various kind of attacks like:

- DoS
- Bad Crawlers (like bots collecting e-mails...)
- SQL Injection
- XSS (not all though)
- System globals pollution
- Session hi-jacking
- Null-bytes
- Directory Traversal
- Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)
- Brute Force
- Camouflaged Image File Uploading (== IE Content-Type XSS)
- Executable File Uploading Attack
- XMLRPC's eval() and SQL Injection Attacks
- SPAMs for comment, trackback etc.

Xoops Protector defends you XOOPS from these attacks, and it records into its log.

Of course, all vulnerablities can't be prevented.
Be not overconfident, please.

However, I strongly recommend installing this module to all XOOPS sites with any versions.

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

19

Re: Database server lost PLEASE help

2008/6/14 22:39
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

Are you really sure you lost your database?

To not able to connect to it doesn't mean it got lost! It might depend on your server where MySQL is. I think something /var/mysql/'databasename'

I am a newbie as well but I learned so much in the past four weeks as I had to move a website to a new server and was attacked since then, but it looks like I managed the transfer and survived all attacks to the server and the server seems now be secure.

Import is to have always a backup of the httpdocs (xoops-root) directory and a working backup of your database, done at the same day/time. I do with mysqldump, an php tool for the database and well a simple tar/gzip for the files. I always have to hide mysqldumer so, as some directories need to have 777 as permission.

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

20

Security

2008/6/13 21:15
hnn_gerd
Just popping in
Posts: 48
Since: 2008/5/24

Not sure if the topic is right in this forum, but hope admins will move to the right place.

I have a serious question about security!

I had to move my website heathernova.net, based on old XOOPS software and upgraded it as the new server has a newer version of mysql, php and so on.

What I am currently facing is lots of attacks to the new server. I am quite shocked! I so far succeded in fighting against attacks!

What I really wonder is still that I have to set permissions for templates_c cache and some more directories as well to make uplads and stuff available.
Is there no other way to make XOOPS and modules work by having directories permission 777?
I'm sorry but I think most of the problems i am facing are still of having write access for everyone to lots of directories!

My question, is there a better solution?

www.heathernova.net - "it's the spirit in you, that i want to find." (heather nova)

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: heathernova.net problems on new Virtual Private Server (VPS)

Re: heathernova.net problems on new Virtual Private Server (VPS)

Re: heathernova.net problems on new Virtual Private Server (VPS)

Re: heathernova.net problems on new Virtual Private Server (VPS)

membership module - functionality requests

Re: Security

Re: Security

Re: Security

Re: Database server lost PLEASE help

Security

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}