I receive the following error message when I try to enter the myAlbum module:

Fatal error: Call to a member function on a non-object in /<site location>/class/logger.php on line 229

The admin section of the module seems to work as normal.

This module has worked for ages, but I recently updated my XOOPS version from 2.0.15 to 2.0.16. I also replaced the class.phpmailer.php script as recommended on the front page. Could this cause this module stop working?

I have recently struggled with some intruders that has left som malware scripts in some of our folders, but the scripts in the myalbum-folders and class-folder seems unaltered.

I am currently using myAlbum version 2.84.

Tom E.

Thank you very much for your advice. I have notified the webhost with reference to this thread. Hopefully we will be able to stop these attacks.

Tom E.

Quote:

Users may upload image files from the "myalbum" module. In this module's admin section I have set that only image files may be uploaded.

The hackers still have access to our website. This afternoon I removed some malware scripts from the cache-folder. Like the uploads folder, its access attributes is set to 777. So it seems like the hackers "only" can use folders set this way.

In this case the hackers only have access to two folders now; cache and templates_c. How will it affect the website if I CHMOD these folders to 644?

Tom E.

On three occations the last week, I have removed malware php-scripts from the "upload" folder. From what I can tell, one did perform a server system scanning, and another was simply sending spam emails.

Over the past few weeks I have seen some strange newly registered users (foreign users in an all-Norwegian site, designated for a small chess club where the content is mainly intended for our members, looks strange in my eyes). So I have made a few countermeasures - first I replaced all admin passwords to the Xoops-site as well as to the ftp-account. Besides all new registered users will have to be manually approved by admin, and I deleted these recent suspicious user accounts.

This evening another script had been uploaded, and now I CHMOD the upload folder to 444 (it was 777, I just want to see if this is an effective way to stop this - I know it reduces functionality). This time I also deleted those accounts that had been recently logged on, which I did not know who had registered. Unregistered users are only permitted to view the content of our site.

I don't think any of the original Xoops-scripts have been modified in any way.

But I wonder about one thing: How is it possible that php-scripts can be uploaded to this folder in the first place? According to my settings, only image files should be allowed to be uploaded. Is it possible to access the upload folder without being a registered user?

Thanks in advance.

Regards, Tom E.

Last May I came across a hack which allowed users to insert graphic chess diagrams into text in news and forums, a very neat feature for a chessclub's site.

Of course, it got lost during an upgrade. The hack was made to work with version 2.0.6, and now I am using 2.0.13.1. As far as I can see, it modifies a file called "modul.textsanitizer.php" and since this has been updated I am not sure if it's safe to replace it again with the old hack.

My knowledge to php is not much to brag about, and the hack is poorly documentated as well. So I wonder if anyone use a hack that works well with 2.0.13.1, and would be willing to share it with me.

Regards
Tom Eriksen
www.sotrasjakk.net

I have seen some references to the Koivi editor, and after I upgraded my news module to version 1.3, I would like to give it a try. If I've got it right, this is supposed to be the most advanced editor available for XOOPS.

But it's not easy to find. Neither an internal search here nor a Google-search for 'koivi' brings me close to it, so I hope anyone would care to give me a push in the right direction.

Thanks in advance.

Thank you for the info. It sure made the trick.

I use the version that was shipped with Xoops, I think it's version 1.1.

I would like to display the real name of the poster of articles in the News-module, instead of their user name.

Does anyone know how to make this change?

Thanks in advance.