Support Forums - All Posts - XOOPS Web Application System

Forum Index

Board index » All Posts (finalfiler)

« 1 2 (3) 4 5 6 ... 8 »

Xoops Security

2004/2/22 9:39
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

A little while ago I reported to this group what seemed like some sort of attack on sites I run using XOOPS - essentially there was a spate of many, many registrations that did not make sense. Canvassing users known to me suggests they have had a dramatic increase in SPAM since the 'attack', but it's difficult to be certain about a correlation between these events.

Anyway, I am currently trying to sift thru these and find if I try to delete them via XOOPS admin I get:

"Admin user cannot be deleted. (User: <some user name>)"

Looking thru the user database table I see that the suspicious registration all have admin rights.

Now, there is no way known that the users were given admin rights by me, the only legitimate administrator for these sites.

I'm worried.

The sites are generally updated with the latest XOOPS on release.

Topic | Forum

Re: File not found for download on 2.0.5.2

2004/1/6 9:39
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Thanks Herko, that worked now.

Topic | Forum

File not found for download on 2.0.5.2

2004/1/6 8:57
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

I tried a number of mirrors, but get

Quote:

Not Found

The requested URL /sourceforge/xoops/xoops-2.0.5.2.tar.gz was not found on this server.
Apache/2.0.46 (Red Hat Linux) Server at flow.dl.sourceforge.net Port 8080

Thanks

Topic | Forum

Re: Curious about user registration security

2004/1/5 10:10
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Quote:

Herko Coomans wrote:
...we're looking into this!

G'day Herko & fellow XOOPSers,
The attack, if it was an attack, has now stopped.

Nevertheless, a more secure registration system would be a could thing, I think.

regards

Topic | Forum

Re: Curious about user registration security

2003/12/13 1:17
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Quote:

mvandam wrote:

I'm not sure how many registrations you're getting

The site concerned is for a specialised interest group. There were ~150 members when it had settled down about 12 months ago.

Thereafter maybe two to three new registrations a months.

The spurious registrations started about a month ago with 20 to 30 new registrations a day.

When I pulled new registrations this week it had reached 80 plus a day and there are over 8000 members where I'd expect ~200!

I figure only a script would be practical to do what was happening.

Thankfully I have a backup of the data before the trouble started. I'll need to identify the legitimate members and somehow delete the idiots.

Regards

Topic | Forum

Re: Curious about user registration security

2003/12/12 21:38
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Just an update - the spurious and unusually high registrations on the site continue. The common denominator is that the user names are weird, like
YUhgGS123 or tws6bzx

The email address submitted do not respond to request for feedback.

The spamrate to to the webmaster's address, which I use for site notifications, is now at such a rate that I have no choice but to cancel the account.

AND to make matters worse, the same thing is now starting on another site. I have stopped registrations on that site.

Guys, I think the user registration system needs to be beefed up, urgently.

Topic | Forum

Form Handler in Block

2003/12/8 9:08
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

I'd like to put a form in a block. Results to be emailed to a recipient.

I have no difficulty getting the form to work in a standalone browser window. However, I cannot get it to work in a block. I sense I am missing something.

I prefer to use a PHP script which will include() an external module.

Any tips on how this can be done?

BTW, it just occurred to me that a form generator for XOOPS blocks would be a real nifty

Thanks

Topic | Forum

Re: my custom block

2003/12/7 7:18
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Have you tried setting content type to PHP?

regards

Topic | Forum

Re: Curious about user registration security

2003/12/2 1:59
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Quote:

Stewdio wrote:
Using one user/pass for all DB's can cause some headaches, like the one I experienced when I changed my hosting account password.

Apparently the problem we had was due to an upgrade of cpanel, (we're on a virtual host), which broke the mySQL passwords.

All fixed now.

Topic | Forum

Re: Curious about user registration security

2003/12/1 20:41
finalfiler
Documentation Writer
Posts: 111
Since: 2002/1/19

Quote:

Who is your web host?

It was a server problem, now fixed. I've been using spidersaid.com for near on 12 months now. Generally very happy with the service.

Thanks

Topic | Forum

Top

« 1 2 (3) 4 5 6 ... 8 »

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Xoops Security

Re: File not found for download on 2.0.5.2

File not found for download on 2.0.5.2

Re: Curious about user registration security

Re: Curious about user registration security

Re: Curious about user registration security

Form Handler in Block

Re: my custom block

Re: Curious about user registration security

Re: Curious about user registration security

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}