With version 2.4.3 (And probably earlier ones) the Protector module is included.

I am thinking that when any module is included with the core package that the install of the packages should not require ANY patching when you are up and running. You should just have to place your files in the right directories and run the install script.

With Protector being such an important module I would think that support for it should already be in the core so all you need to do is turn the module on and go.

I would hope consideration for any such module in the future would be that you should not have to do any patching or modification of the core code to get included modules to work 100%.

Thanks for your consideration.

Rodney

I am on a new web host now and installing the latest version of XOOPS to migrate my sites to.

I have a base install running on the host and after a while of using the site (A few hours) I have gotten the following error if I use the security advisory tab with the default version of Protector.

Fatal error: Class 'XoopsDatabaseFactory' not found in /home/public_html/class/database/database.php on line 127


When I comment out the "precheck" patch in the mainfile.php the error goes away.


This happened on both of the sites I was working on.

I think there is a newer version of protector so I will try installing that but not sure what the heck is going on.

Rodney

I have been using Host Excellence and although they seem to do ok they have the same cpannel in use and all the same utilities in place etc that they have since day one.. Very basic and antiquated.

Some of the sites listed here have some pretty awesome tools available and I can see will save me a lot of time in the long run.

I will be looking more in depth this week at the different packages available from different hosts and try to make a decision.

The deal I am looking at with HE is I will get up to 15 domains with 3 of them being free and unlimited pretty much everything else other then the mail boxes and databases. 2 years for just under $200 US...

I will not see any reason for needing more then 5 or 6 sites at this point so I am hoping to find something decent for a comparable price..

Thanks for the responses I have had and as i said, I will be looking into them more this week and trying to decide.

Rodney

Well I tried the auto system install on one of my test sites and it worked... But they put it in another directory which I didn't care for..

Ie, instead of XOOPS being copied to "testsite.org/" it gets copied to "testsite.org/xoops/" and thus is run from "http://testsite.org/xoops/index.php" etc...

So...

Well on a hunch I copied 2.4.3 onto the server and installed it the SAME way I tried with 2.4.2 and had failed...

Don't know what happened but 2.4.3 loaded up just fine and currently online with NO glitches in the installation...

The ONLY difference was that I moved the xoops_data and xoops_lib directories out of root the first time and left them in place this time...

I have a couple 2.0.18 sites running with "trusted" paths outside of document root so I know it all works so I am writing it off to something simple that the system didn't like with 2.4.2...

So later today I will start migrating my sites to 2.4.3 and going from there... It was a session bug of some sort but now I don't need to worry about it.

Thanks again for the helpful suggestions and such.

May not have time to deal with this for a couple days but I may just install the 2.2.3b version they have as an easy install and upgrade that to 2.4.2 and see how it goes..

I am looking for a new web hosting site as my current agreement ends in about 2 months. Under my current hosting agreement I can have up to 6 sites. I am looking at my options and trying to figure out if someone out there has a better service for a reasonable price. I want the flexibility of adding more sites if I want but I don't want to pay for each site separately. After making a brief look at different hosting sites I see most of them look like they support a lot of stuff but for only one site.

All my sites currently are low traffic sites and I only plan to switch if I can find somewhere with better support and better tools. The site I have has the same tools I had when I started and there are much better things available now.

One of my sites might become a very large site based on XOOPS and I am hoping to find somewhere that will let me grow as I need it.

Thanks for any feedback. I work alot of hours so I really don't have the time to research alot of different sites so I am hoping to pull from the expertise here and find a good host.

Rodney

Yes I have XOOPS running on it. I have 4 different hosts on this server and 2 of them are 2.0.18 version of xoops.

I will post the specific line from the error log when I get home but it mentioned a PHP warning about it was unable to do something with sessions and the /tmp directory. Guessing it is a permissions issue at this point but will try messing with it more when I get home tonight.

Rodney

While trying to install 2.4.2 on my site I have been having an issue... Trying to install on my production server but this is a test site on it.. (To make sure things work the same as they do on my at home computer.)

The issue I am having is that when I enter the correct credentials for the database it goes right back to the same screen with the default entries. If I mess up on any of the credentials it tells me it can not connect. (Screen 5 of 14)

Anyhow... From the installation pages...


Checking your server configuration
Requirements
Server API cgi-fcgi
Apache
PHP version 5.2.3
MySQL extension 5.0.45
Session extension Success
PCRE extension Success
file_uploads ON



Character encoding extension MBString
Character set conversion extension Iconv
XML parsing extension XML
Zlib Compression extension Zlib
Image functions extension GD bundled (2.0.34 compatible)
Image meta data (exif) extension Exif



I am assuming this is a common error and I am not the only one ever had it. Also assuming I just have something wrong and its a simple fix.. Will be looking through the error logs to see if I can figure out what is going on by myself but hoping someone knows off the top of their head. I haven't messed with installing XOOPS in a couple years and I am in the process of installing new websites from scratch and thought 2.4.2 would be a good start.

Sounds to me as if the spammer has created his own program based on xoops.

There are some changes that can be made to prevent the spammer access to the systems but due to the nature of what it appears the spammer has taken to writing code compatible to the database etc.

Any core changes to the names of modules etc would only be a temporary fix. Even if you added a seed value or figured out a way to encrypt the names of the modules they can still be spoofed relatively easily if the names of the modules are kept static once installed.

I have had the idea before but never really panned out but it almost sounds like we would be best off having a security module that can be placed in the system that will allow a nightly connection to a server database somewhere that will list the spammer information and allow automatic updating of this information and from there the system can automate banning the ips, the urls or whatever else is there. Think of it as a sort of antivirus program for web sites with active updating. Like Kaspersky or AVG etc. Until we can build an interactive utility like that then spammers will be an issue. Kind of like car stereo thieves.. How do you stop them? Make someone else an easier target.

I am sure we could also do something with the modules so that the actual modules doing the authentication of the information are protected in the "trusted" directory and are not common module names so that a bot could not actually try to jump around those programs. IF those are considered to be at risk.

I am assuming this spammer has written software that will interact with the server in a manner similar to how XOOPS does. Obviously there is limited information available for him to poll but I am sure if we make wholesale changes they will figure them out and get around them.

Nope the fields have the correct information in them.
I will try both of these ideas when I get home and see if maybe there is something lingering in the DB that wasn't obvious?

I am able to log in with phpmyadmin if I log out and manually log back in using the same credentials.

Does appear to me to be an error it is not otherwise trapping.

I dropped all the tables in the database and figured that should clear it out. As I said, I figure it was something simple but didn't want to spend a lot of time on it if there was something obvious that I was missing. Would be nice if the installer did catch this error somehow though... Seems to catch a lot of other errors you can make...