Support Forums - All Posts - XOOPS Web Application System

71

Re: Search problem

2008/9/28 16:18
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

There might be a wiki article at the XOOPS development site.

Basically you add a few lines in the module's xoops_version.php module that look like this:


// Search

$modversion['hasSearch'] = 1;

$modversion['search']['file'] = "include/search.inc.php";

$modversion['search']['func'] = "video_search";

and then you must create the include file that defines what to search.

If you go to the module repository and download Video Tube v1.7 you can make a copy of the search.inc.php file found in the include directory and then use that to make your edits for your own module.

72

Re: 2.0.18.2RC to 2.3.0 rc2 Error !!! help !!!

2008/9/28 15:48
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

Check my reply athttps://xoops.org/modules/newbb/viewtopic.php?topic_id=65893&forum=1&post_id=296842#forumpost296842 for possible solution.

73

Re: 2.0.18.1 to 2.3.0 Final Error: Smarty error

2008/9/28 15:25
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

I recently upgraded several sites to 2.3.0 and had the same error where the system told me it could not find XOOPS_VAR_PATH/caches/smarty_compile. I am not sure if this is a proper solution but the following worked for me.

In the 2.3.0 install package locate the following file:
xoops-2.3.0\htdocs\class\template.php

Open the file and locate the following code near the beginning of the file


$this->template_dir = XOOPS_THEME_PATH;

        $this->cache_dir = XOOPS_VAR_PATH . "/caches/smarty_cache";

        $this->compile_dir = XOOPS_VAR_PATH . "/caches/smarty_compile";

Change the compile_dir definition line so it appears like this:


$this->template_dir = XOOPS_THEME_PATH;

        $this->cache_dir = XOOPS_VAR_PATH . "/caches/smarty_cache";

        $this->compile_dir = XOOPS_ROOT_PATH . "/xoops_data/caches/smarty_compile";

As I said I am not sure if this is a proper or sanctioned fix but after I made this change performing the upgrade worked like a charm.

74

Re: Please help .... all of my sites have come under attack

2008/9/26 22:41
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

Ghia_,
When the attacker first went after one of my sites that was using XOOPS 2.0.16, he managed to get a dump of the username and associated passwords. One of the passwords he found allowed him to gain access to one of my ftp accounts.

Kind of stupid on my part not being more careful with password management. But none the less this whole ordeal has taught me a great deal.

The protector log shows one of this person's attempts at acquiring the username listing.

Everything on my server side is now completely secure and I am working through the upgrade of each site to XOOPS 2.3.0

I once worked with an engineer who said the only thing worse than doing something dumb is telling someone about the dumb thing you did. But you all did your best in trying to help me out so I felt I owed you all an explanation once I figured everything out.

And BTW I have no clue what the post about an ftp associated virus is all about.

75

Re: Please help .... all of my sites have come under attack

2008/9/26 2:56
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

I have located the offender, according to whois the IP is out of russia

91.151.195.102

The avenue of attack began with my sites that were still on XOOPS 2.0.16 and as the attacks progressed somehow the perpetrator gained access to ftp.

I do believe the issue of vulnerability has now been solved with upgrading to XOOPS 2.3 and I should add that I found Protector and the logging it provides to be an immense help in sorting this all out.

I also want to thank everyone for their advice and putting up with my frustration.

A little more work cleaning things up and I can get back to module development which is what I really enjoy.

76

Re: Please help .... all of my sites have come under attack

2008/9/25 11:03
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

Thanks guys for the advice. I was tired and frustrated last night. Venting is over now I am ready to knuckle down and figure out what's going on.

The one thing I found interesting is I have one site running XOOPS 2.2.6 that was not affected.

I am inclined to believe the problem is in one of the modules I am using so I am going to systematically repair and upgrade each site to XOOPS 2.3.0.

I do have one more question. I have a couple of protector log entries that indicate the user was using DOS and nothing appears in the description column. Could this be the offender?

77

Re: Please help .... all of my sites have come under attack

2008/9/25 2:46
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

I didn't mean to sound like I was placing blame or pointing fingers. I apologize if it sounded that way.

I searched the directories you mentioned and could find nothing that looked suspicious reviewing the dates of all files for anything that recently changed.

The only thing I could find is all of my index.html files have been changed.

78

Please help .... all of my sites have come under attack

2008/9/25 1:29
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

Recently someone began targeting my XOOPS sites and I am lost as to how they are getting in. I am running XOOPS 2.0.18.2, have installed Protector on all sites, have register_globals and allow_url_fopen both turned OFF.

The attacker injected an iframe with a malicious site link at the end of the file in every index.html file in every subdirectory of the site. This happened on a total of 9 of my sites. If I can't find a solution soon I will have no option but to abandon XOOPS. I hate the thought of leaving but the recovery is consuming all of my time.

79

Re: A little Hack in Video Tube - Seo Page Title

2008/9/5 22:03
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

Thanks for the suggestion. I have added the SEO Title line where appropriate and it will be available in Video Tube v1.64

80

Re: Requests to add more services to Video Tube

2008/8/23 1:16
tank1955
Module Developer
Posts: 276
Since: 2007/9/7 1

I have verified to my satisfaction that I can not duplicate the required simpleXML functionality in PHP4. Therefore the new video services (such as DailyMotion) being added to Video Tube will require PHP5 to function properly. When the module is installed or updated to version 1.63 or higher, a check is performed on your PHP version. If the PHP version is earlier than 5.0.0 then some features will be disabled.

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Search problem

Re: 2.0.18.2RC to 2.3.0 rc2 Error !!! help !!!

Re: 2.0.18.1 to 2.3.0 Final Error: Smarty error

Re: Please help .... all of my sites have come under attack

Re: Please help .... all of my sites have come under attack

Re: Please help .... all of my sites have come under attack

Re: Please help .... all of my sites have come under attack

Please help .... all of my sites have come under attack

Re: A little Hack in Video Tube - Seo Page Title

Re: Requests to add more services to Video Tube

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}