XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk


« 1 ... 7 8 9 (10) 11 12 13 ... 29443 »


91
Dante7237
Re: xoops_redirect

It's a crawler (+https://developers.facebook.com/docs/sharing/webmasters/crawler).
Use htaccess rules to block.
Topic | Forum


92
Mamba
Re: Help to import database

Happy Holidays to you too!!!



Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


93
terrion
Re: Help to import database

  • 12/24 5:02

  • terrion

  • Friend of XOOPS

  • Posts: 300

  • Since: 2004/9/19


Happy holidays,

Just dropping a note that if anyone comes looking for me I can be found over that https://ultranet.domains. Still the same great hosting company, just ditched the .com.

Been a minute since I dropped in on the Xoops crowd. Looks nice over here.

Cheers!
--Terrion
Topic | Forum


94
erikperk
Re: xoops_redirect

  • 12/10 8:22

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 2023/12/22


Quote:

goffy wrote:
hi

because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:
57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"

It seems that someone is using xoops_redirect to burden my system on the site, maybe to make spam registration possible, I dont know.

but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?

what do you think
Are you sure this is the only IP causing the load? It might be worth checking other IP addresses or request patterns.
Topic | Forum


95
erikperk
Re: XOOPS MyMenus 1.54.0 Beta 10

  • 12/10 7:53

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 2023/12/22


I see. Thanks for the work you've done.
Topic | Forum


96
Mamba
Re: xoops_redirect

You might limit registrations by forcing them for your approval. Once you see where they are coming from, you can ban the IP or email addresses
You could also add CAPTCHA to registration.

Other ways to consider

1) ModSecurity Rule (if you use ModSecurity):
# Detect multiple occurrences of xoops_redirect
SecRule ARGS_NAMES "@streq xoops_redirect" "chain,phase:2,deny,status:403,id:1000"
SecRule &ARGS_NAMES:xoops_redirect "@gt 1"


2) URL Rewriting Solution (Apache):
# Keep only the last xoops_redirect parameter
RewriteCond %{QUERY_STRINGxoops_redirect=([^&]+).*xoops_redirect=([^&]+)
RewriteRule ^(.*)$ $1?xoops_redirect=%[R=301,L]


3) Other possible options:

- Implement rate limiting for requests containing xoops_redirect
- Validate redirect URLs against a whitelist
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


97
Mage
Vulnerability in xmnews, xmsocial and xmarticle modules

  • 12/9 20:59

  • Mage

  • Core Developer

  • Posts: 209

  • Since: 2009/8/2 1


It is important to update the following modules as soon as possible

xmnews, xmsocial and xmarticle

Ill-intentioned persons could exploit a security flaw. To avoid any risk, please use version 1.8.0 of xmnews, 2.1.1 of xmsocial and 1.5.2 of xmarticle.

Thanks to mcdruid for informing me of the security flaw.
Topic | Forum


98
goffy
xoops_redirect

  • 12/8 9:18

  • goffy

  • Just can't stay away

  • Posts: 547

  • Since: 2010/12/27


hi

because I have currently a lot of spam registrations I checked my server access log and found one log very often:
Quote:
57.141.0.19 - - 06/Dec/2024:21:33:35 +0100 "GET /modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/profile/user.php?xoops_redirect=/modules/newbb/report.php?forum=18&topic_id=12229&post_id=66633 HTTP/1.0" 200 15200 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"

It seems that someone is using xoops_redirect to burden my system, maybe to make spam registration possible, I dont know.

but my question: how to treat this problem? would it make sense to implement a filter to remove the additional xoops_redirect in order to avoid looping?

what do you think
Topic | Forum


99
Mamba
Re: XOOPS MyMenus 1.54.0 Beta 10

No plans on my side (because of lack of time), but if somebody submits code for it, then, of course, we could include it.

It would be definitely nice to be able to select an icon library in the preferences of MyMenus.
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs
Topic | Forum


100
erikperk
Re: XOOPS MyMenus 1.54.0 Beta 10

  • 12/5 13:12

  • erikperk

  • Just popping in

  • Posts: 3

  • Since: 2023/12/22


The ability to use Font Awesome is a big plus. Do you plan to expand support for other icon libraries?
Topic | Forum



TopTop
« 1 ... 7 8 9 (10) 11 12 13 ... 29443 »



[Advanced Search]

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

190 user(s) are online (105 user(s) are browsing Support Forums)

Members: 0

Guests: 190

more...

Donat-O-Meter

Stats
Goal: AU$15.00
Due Date: Jul 31
Gross Amount: AU$0.00
Net Balance: AU$0.00
Left to go: AU$15.00
Make donations with PayPal!

Latest GitHub Commits