3070
Quote:
I moved data and lib to home directory as apposed to temp folder, and manfile is 444,
I think you missed the point for the trust path. It is meant to be
outside the web root.
The XOOPS_TRUST_PATH is defined in your mainfile.php (as alias to xoops_lib) and should also result to outside the web root.
Quote:
'mainfile.php' : missing precheck Not secure
This has to be set for allowing Protector to operate. Last part of mainfile.php should look like this:
// Temporary solution for extra protector module. To be refactored
// Set the following value as true if you want to enable protector module
$ENABLE_PROTECTOR = true;
if ( !empty($ENABLE_PROTECTOR) ) {
@include XOOPS_TRUST_PATH . '/modules/protector/include/precheck.inc.php';
}
if (!isset($xoopsOption["nocommon"]) && XOOPS_ROOT_PATH != "") {
include XOOPS_ROOT_PATH."/include/common.php";
}
if ( !empty($ENABLE_PROTECTOR) ) {
@include XOOPS_TRUST_PATH . '/modules/protector/include/postcheck.inc.php';
}
Check if Protector runs ok by the 2 links in the Protect center (admin protector). It should make entries in the log of Protector.
Protector offers a function to rename all tables in the database with a prefix. (Always backup before doing such major database operations!)
The risk of
XSS is not a question of the XOOPS core alone, also modules may be vulnerable. There is no 100% fail safe. Checking regulary for security alerts or module updates on XOOPS.org, together with Protector and the correct install of your site will prevent a lot of problems.
Also regular analysis of access logs from Apache is a must.
