xoops forums

Forum Index


Board index » All Posts (Jan304)




Jan304

Official Support Member
Posted on: 2005/7/12 16:22
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#31

Re: Aston Themes Hacked ?

Quote:

Mithrandir wrote:
Except for the fact that sending 20000 emails is a bit beyond what the XOOPS core mailing can handle?

It is purely a practical problem, not because we don't want to.


It is true that the XOOPS mailingsystem is unable to handle such a great a amount of e-mails (something that _should_ be fixed, invisionboard is able to do something like that, using the bcc field) but other e-mail management software is able to manage such amount of e-mails (qmail?).

As I remember last e-mail to all members, it was done through a seperated e-mail system, were the members were added to, can't this be done again?
Oracle: I'd ask you to sit down, but, you're not going to anyway. And don't worry about the vase.
Neo: What vase?
[Neo turns to look for a vase, and as he does, he knocks over a vase of flowers, which shatters on the floor.]
Oracle: That vase.
Neo:...


Jan304

Official Support Member
Posted on: 2005/7/11 17:54
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#32

Re: Aston Themes Hacked ?

Quote:

m0nty wrote:
now u know why i claimed autologins to be not 100% secure, and that an exception oughta be included in it to stop admins being able to use autologin at all.


Sorry, I think that what you are saying is (partly) incorrect. Mith is _not_ saying that autologin is insecure (it might, but he is not telling it) but that the combination of the hole in the XML-RPC interface, wich will result in being able to obtain the md5 hash of your password, and the autologin hack will make your XOOPS installation insecure...

And since autologin hacks mostly (if not all) safe the hash of your password and username in a cookie, the hackers will be able to login by simply modifying a cookie.

Correct me if I'm wrong.
Oracle: I'd ask you to sit down, but, you're not going to anyway. And don't worry about the vase.
Neo: What vase?
[Neo turns to look for a vase, and as he does, he knocks over a vase of flowers, which shatters on the floor.]
Oracle: That vase.
Neo:...


Jan304

Official Support Member
Posted on: 2005/7/11 16:19
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#33

Re: Aston Themes Hacked ?

A lot of people use XOOPS without actually checking the XOOPS.org site daily. Those people still don't know about the update (if you check mainsite, you see nothing that actually says you might have to upgrade)...

Why not a mass mailing to all members (as done before), but this time without the mass of returns to all members .

Grtz, Jan
Oracle: I'd ask you to sit down, but, you're not going to anyway. And don't worry about the vase.
Neo: What vase?
[Neo turns to look for a vase, and as he does, he knocks over a vase of flowers, which shatters on the floor.]
Oracle: That vase.
Neo:...


Jan304

Official Support Member
Posted on: 2005/7/9 13:27
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#34

Re: Sign Herko's wedding guestbook :-)

Congrats Herko and Sandra (sorry I'm late with this message ).

And I must say, nice way of doing a proposal
Oracle: I'd ask you to sit down, but, you're not going to anyway. And don't worry about the vase.
Neo: What vase?
[Neo turns to look for a vase, and as he does, he knocks over a vase of flowers, which shatters on the floor.]
Oracle: That vase.
Neo:...


Jan304

Official Support Member
Posted on: 2005/6/28 14:17
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#35

Re: Shoutbox Problems on Plusnet

Make sure the folder shoutbox in the folder uploads exists. When I checked your folder structure I saw that the uploads map did not exist.

If you created those two maps, create the file shout.cvs and chmod 777.
Oracle: I'd ask you to sit down, but, you're not going to anyway. And don't worry about the vase.
Neo: What vase?
[Neo turns to look for a vase, and as he does, he knocks over a vase of flowers, which shatters on the floor.]
Oracle: That vase.
Neo:...


Jan304

Official Support Member
Posted on: 2005/6/14 10:28
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#36

Re: Upgrading my server. What specs to look for?

If you really got that much visitors, I think in long term thinking it is a _lot_ cheaper to buy an own server and try to find a nearby datacenter to place your server. It is cheaper and you have full control over your server.

You might want to consider that option.


Jan304

Official Support Member
Posted on: 2005/6/4 18:52
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#37

Re: PM Module?

There are some hacks available, but not a real module. This is only exists as from XOOPS 2.1.

You will need be happy with the build in system for now, or try the hacks (own risc).


Jan304

Official Support Member
Posted on: 2005/5/14 12:15
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#38

Re: About Shoutbox 3.0 Final adjusting the width of the smiliey

You can set how many smilies should be showed in the form itself instead of 'More...':
Administration Menu - System Admin - Smilies - "Display in form?"

This will also effect other modules like newbb and the comment system.


Jan304

Official Support Member
Posted on: 2005/5/6 12:57
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#39

Re: What actually is DoS attack ?

True Brash.

More information about DoS attacks:
http://en.wikipedia.org/wiki/Denial-of-service_attack


Jan304

Official Support Member
Posted on: 2005/5/4 22:17
Jan304
Jan304 (Show more)
Official Support Member
Posts: 520
Since: 2002/3/31
#40

Re: What actually is DoS attack ?

I do not think (I have to be carefull with what I say, or GIJOE...) that the protector module actually helps against really large (read normal) DoS attacks.

Most DoS attacks just rely on the fact that servers will get overloaded with data and the server won't got any time left to respond on legal requests.

As far as I remember the protector module it uses the built in XOOPS IP ban system so that XOOPS no longer provides data to those IP's. However, still each requests of that attack is being parsed (Apache reads request; php loaded; XOOPS loaded; XOOPS loads MySQL database; XOOPS reads settings in database -> notice IP is blocked, blocks output, exit() command executed; Apache responds with empty page)

So, despite of the fact it might slow down a large attack a moment, it won't really help. Apache still responds to those requests and that should not happen. In my eye's, unless you are running a hosting company you don't have to worry about DoS-attacks. Your hosting provider should block them on server level.

Ofcourse this is just one feature of the protector module, I prefer not to discuss other functions .



TopTop
« 1 2 3 (4) 5 6 7 ... 25 »