21
finalfiler
Xoops Security
  • 2004/2/22 9:39

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


A little while ago I reported to this group what seemed like some sort of attack on sites I run using XOOPS - essentially there was a spate of many, many registrations that did not make sense. Canvassing users known to me suggests they have had a dramatic increase in SPAM since the 'attack', but it's difficult to be certain about a correlation between these events.

Anyway, I am currently trying to sift thru these and find if I try to delete them via XOOPS admin I get:

"Admin user cannot be deleted. (User: <some user name>)"

Looking thru the user database table I see that the suspicious registration all have admin rights.

Now, there is no way known that the users were given admin rights by me, the only legitimate administrator for these sites.

I'm worried.

The sites are generally updated with the latest XOOPS on release.






22
finalfiler
Re: File not found for download on 2.0.5.2
  • 2004/1/6 9:39

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Thanks Herko, that worked now.



23
finalfiler
File not found for download on 2.0.5.2
  • 2004/1/6 8:57

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


I tried a number of mirrors, but get

Quote:
Not Found

The requested URL /sourceforge/xoops/xoops-2.0.5.2.tar.gz was not found on this server.
Apache/2.0.46 (Red Hat Linux) Server at flow.dl.sourceforge.net Port 8080



Thanks






24
finalfiler
Re: Curious about user registration security
  • 2004/1/5 10:10

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

Herko Coomans wrote:
...we're looking into this!


G'day Herko & fellow XOOPSers,
The attack, if it was an attack, has now stopped.

Nevertheless, a more secure registration system would be a could thing, I think.

regards



25
finalfiler
Re: Curious about user registration security
  • 2003/12/13 1:17

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

mvandam wrote:

I'm not sure how many registrations you're getting


The site concerned is for a specialised interest group. There were ~150 members when it had settled down about 12 months ago.

Thereafter maybe two to three new registrations a months.

The spurious registrations started about a month ago with 20 to 30 new registrations a day.

When I pulled new registrations this week it had reached 80 plus a day and there are over 8000 members where I'd expect ~200!

I figure only a script would be practical to do what was happening.

Thankfully I have a backup of the data before the trouble started. I'll need to identify the legitimate members and somehow delete the idiots.

Regards



26
finalfiler
Re: Curious about user registration security
  • 2003/12/12 21:38

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Just an update - the spurious and unusually high registrations on the site continue. The common denominator is that the user names are weird, like
YUhgGS123 or tws6bzx

The email address submitted do not respond to request for feedback.

The spamrate to to the webmaster's address, which I use for site notifications, is now at such a rate that I have no choice but to cancel the account.

AND to make matters worse, the same thing is now starting on another site. I have stopped registrations on that site.

Guys, I think the user registration system needs to be beefed up, urgently.



27
finalfiler
Form Handler in Block
  • 2003/12/8 9:08

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


I'd like to put a form in a block. Results to be emailed to a recipient.

I have no difficulty getting the form to work in a standalone browser window. However, I cannot get it to work in a block. I sense I am missing something.

I prefer to use a PHP script which will include() an external module.

Any tips on how this can be done?

BTW, it just occurred to me that a form generator for XOOPS blocks would be a real nifty


Thanks



28
finalfiler
Re: my custom block
  • 2003/12/7 7:18

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Have you tried setting content type to PHP?

regards




29
finalfiler
Re: Curious about user registration security
  • 2003/12/2 1:59

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

Stewdio wrote:
Using one user/pass for all DB's can cause some headaches, like the one I experienced when I changed my hosting account password.


Apparently the problem we had was due to an upgrade of cpanel, (we're on a virtual host), which broke the mySQL passwords.

All fixed now.



30
finalfiler
Re: Curious about user registration security
  • 2003/12/1 20:41

  • finalfiler

  • Documentation Writer

  • Posts: 111

  • Since: 2002/1/19


Quote:

Who is your web host?


It was a server problem, now fixed. I've been using spidersaid.com for near on 12 months now. Generally very happy with the service.

Thanks




TopTop
« 1 2 (3) 4 5 6 ... 8 »



Login

Who's Online

58 user(s) are online (37 user(s) are browsing Support Forums)


Members: 0


Guests: 58


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits