Support Forums - All Posts - XOOPS Web Application System

91

Re: Module Dev

2007/11/11 12:47
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

+1

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

92

Re: Need pictureurl, dev.xoops.org still down

2007/11/11 12:06
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Can't believe it's still down...................

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

93

Re: protect admins profile from other user ?

2007/11/10 5:36
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Quote:

im afraid Tom,
but this great feature is not supported from anybody except me to add to 2.3 version.
http://xoops.wiki.sourceforge.net/2.2.x-2.0.x_differences
Not only security reason but also some facilities for non-english websites.

Would this possibly improve security?

And if so, why are there do many opposed to it?

Quote:

If a webmaster never posts as the admin account, it makes it more difficult for the admin account to be sniffed out by casual queries. Given the DB structure of XOOPS, though, a knowledgeable hacker could circumvent this in seconds, provided they could perform DB queries that are unchecked.

Lets assume they don't have access to query the database, if they knew the UID admin account, whats the method they would use, would this be a brute force?

Or some kind of script that tries random passwords (I suppose brute too in a way).

If so should we not adopt what other forum software's do and allow only 5 failed attempts, then make the person wait 15 minutes, then 30 minutes, then 60 minutes and so on to try again until they either use the new password to E-mail feature or give up?

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

94

Re: protect admins profile from other user ?

2007/11/10 3:49
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Out of pure interest, how does this help security wise, lets just imagine a hacker sees your site and wants to cause damage they could still find your UID from site info, or forums and news articles posted.

Unless of course the site in question is run in total secrecy and no admin account ever posted.

Was it Catz or Mith that introduced an account feature so you could have a username and a logon name to mask the important security details, would this not be of any serious help.

Sorry for the rather dull questions here, just intrigued to know what the real benefits are?

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

95

Re: Subscriptions Module - Anyone using it?

2007/11/10 3:40
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

As I mentioned above it's been a while since I used it, but wasn't it this module that required a 'Cron' setting up to check expiries?

Forgive me if I'm sounding patronising, not my intention.

A crontab on linux servers (not sure what equivalent is on windows, perhaps the same) can be set so it can automatically do a certain task at a certain time.

An example of a totally different module but XHelp is a ticket system which can track tickets via E-mail and inputs tickets received, however a certain file must run to check the pop account and thus a crontab is set to run this every X amount of time, checking the server for new mail.

Now I could be wrong but something springs to mind that a subscription module I came across last year also required a file to be used to check for expiries, it may not be the subscriptions module you speak of though but worth checking out to see, sorry my memory isn't much better, lol.

If that fails then perhaps contact Marcan at Inbox Solutions (Smart Factory) and ask for a quote. You could also get a quote from Hervé at InstantZero or tryhttp://www.xoopslance.com/ where you can post your project and people can bid on it.

I'm not sure how complex it would be to fix this issue, but certainly using one of those methods will get you the best price.

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

96

Re: Subscriptions Module - Anyone using it?

2007/11/10 1:36
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

The subscription module, kind of like the grail people have been in search of such module for years but have only come close.

Thirdeyes support lacks, however there module worked the last time I tried it, I think it was on XOOPS version 2.0.14 although I could be mistaken, my memory does lack sometimes.

There was then a module from another developer, panther software, however the suitcases have been packed on this one, some people still have the module and also though complex it was certainly one of the better ones about.

If your going to make money then speculate to accumulate and your wallet out, there is a solution which does work but costs some $200 bucks to buy.

This can be purchased fromhttp://www.amember.com/ you will also need their XOOPS plugin:

Amember: Approx. $160
XOOPS Plugin: Approx. $40

Very nice piece of software, worth the money but it's not an XOOPS module, the plugin integrates it nicely although unless you design Amember then it will look like a different website to your members.

Now if you wish to hold your breath a little longer I know Hervé from InstantZero.com was making a subscription module for XOOPS, I got the priviliage of testing it some months ago, and the progress made in so little time was fantastic.

I'm not sure what Instant Zero will be charging for this module, I should imagine it would be in-line with Amember to compete, but hey if your making money, then it don't hurt to spend a little to make it.

Sorry I couldn't assist further.

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

97

Re: Are Xoops sites under attack???

2007/11/9 12:28
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Quote:

IMO ( and it is just my opinion) if a CMS can be beat by random recognize attacking programs, it is a waste of time to continue with it.
xoops can not be beat that easy if you do some basic security advices:
1. always use the latest stable version of cores and modules.
2. dont use alpha and beta and unknown modules from unknown developers.
3. use "protector" as an alternative for bad coding in modules and ???Core??? and even misconfiguration in your server.
4. pay attention to security warnings.

I don't disagree.

Allow me to make an analogy.

You have some jewellery valued at $100,000 locked up in a yale safe, bolted down within a room in your house, if someone knows how to hack that safe, they will get in however if they didn't know you had that jewellery or where that safe is, then it certainly make their job harder.

Hence removing references that your site is XOOPS and what version it is can help to evade being hacked, as your not advertising you jewels in public.

Quote:

I agree with what Damaster, irmtfan and Catz are saying - the Protector module wouldn't be quite so critical if the core/modules' code were more secure.

+1

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

98

Re: Are Xoops sites under attack???

2007/11/9 2:25
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Quote:

I hate to say it, but I am taking all searchable references to XOOPS off of my sites for awhile. I really don't want my work destroyed because I am running xoops.

I'd do that anyway, I'd especially make sure versions of the core and modules are not shown.

I tend to always change module directories and don't use the default table prefix, although not full proof it helps to make it a little harder to get into.

I stay away from designers themes that try to force their links to stay as this simply promotes your website to hackers through search engines.

Personal T Opinion of course.

Quote:

If you're not using Protector 3.04 (or 3.15beta) then do so ASAP.

Hi John,

In the case of the protector module is it really advisable to use a beta version as normally people would say now to beta modules on production sites, I only ask as If it is I shall upgrade my versions.

Quote:

@ preachur:
a hacker can found it easily whether you delete all XOOPS related materials or not.

If someone wants to hack something then yes they will find a way, however if someone wants to hack XOOPS sites, then removing all visible signs that would show in search engines would help prevent them as they may not even know you exist.

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

99

Re: Flooding on England's east coast... To all our friends...

2007/11/9 2:13
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Thanks dude, I've got my swimming trunks on ready.

In all seriousness I actually don't live too close to the effected parts, however a few months ago I was in the heart of floods in Yorkshire UK, lucky enough though my house is not on flood planes it's at the top of a hill, however many were made homeless and a a few of our family members were also effected.

I saw on the news tonight that a lot of people were being evacuated, so hopefully there will be no loss of life this time round.

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

100

Re: Core Team: Marcan resigns from core team

2007/11/5 19:35
tom
Friend of XOOPS
Posts: 1359
Since: 2002/9/21

Marcan my friend, this is a great loss to XOOPS, however not one which I blame you for, after all you can also take so much crap.

Thank you for continuing your development of the Smart modules, these are some of the most important to XOOPS.

Kind Regards.
Tom

http://bassmanthemes.com
http://www.xoopslance.com

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Module Dev

Re: Need pictureurl, dev.xoops.org still down

Re: protect admins profile from other user ?

Re: protect admins profile from other user ?

Re: Subscriptions Module - Anyone using it?

Re: Subscriptions Module - Anyone using it?

Re: Are Xoops sites under attack???

Re: Are Xoops sites under attack???

Re: Flooding on England's east coast... To all our friends...

Re: Core Team: Marcan resigns from core team

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}