xoops forums

Forum Index


Board index » All Posts (Tobias)




Tobias

Not too shy to talk
Posted on: 2008/5/17 20:29
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#1

Re: TinyEditor, problem with the Insert/Edit picture

Quote:
Anyway, we should be brothers in mind! I was thinking about an additional layer of security adding this to the XOOPS uploader.php. To make this more bullet proof I was thinking about to mimic mime_content_type and FILEINFO, because I DO KNOW a hoster where both is not working and there could be others.

My host (a very popular one) doesn't have fileinfo, and mime_content_type doesn't recognize flash correctly. I have found a method using UNIX file which works on my server. This one might also be good for people without mime_content_type.


Tobias

Not too shy to talk
Posted on: 2008/4/24 7:01
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#2

Re: Protector... what on earth does it all mean?

Can't really tell you anything else than what's in the instructions, but there are essentially three things to be done now to install it. You need the define the Trustpath and upload the corresponding files there, you need to upload some files to the regular modules directory (where all the modules reside), and you need to patch the mainfile.php. So let's start with the uploads:

1. Trust path: If you have the regular linux server, your website is most likely hosted in a directory called public_html or htdocs. Those are per system settings accessible by the wide world. So the idea with the trust path is to put most of the files that are important for the operation of your site, but which the world doesn't have to see ("see" means that there's a potential for tampering), in a location where the server can work with them, but the world cannot find them. Hence the trust path, which is a modification of the normal XOOPS infrastructure the author of the XOOPS protector module has introduced. It is quite astute. So the idea is that you create a directory which is NOT INSIDE your public_html or htdocs, but parallel to it. Create that directory and call it at your liking. Inside the directory, create another directory called "modules". Upload the entire directory called "protector" from xoops_trust_path/modules from the zip archive into it.

2. Upload the entire directory called "protector" from html/modules from the zip into the "modules" directory where you have all your regular XOOPS modules. It's probably a good idea at this juncture to go to your modules administration inside XOOPS and install the Protector module as you would install any other module. If it throws a lot of errors, try this again after the next step.

3. Now the patching of main.php: Ideally, it is write protected, so you have to change permissions to be able to edit/overwrite it. Locate the line in main.php that starts with: define('XOOPS_ROOT_PATH',... and insert another line next to it that reads:
define('XOOPS_TRUST_PATH','/path/to/your/trust-path');
Of course, you have to edit /path/to/your/... to your needs. It will start the same as the path declared as XOOPS_ROOT_PATH, but where XOOPS_ROOT_PATH will most likely end in htdocs or public_html, XOOPS_TRUST_PATH ends in whatever name you have given to that directory in the first step.
That was the first thing to take care of in mainfile.php. Now the pre-/post-check: Towards the end of mainfile.php, there should be a couple of lines that look something like this here (depending on the XOOPS version, it may vary a little):
if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '' ) {
        include 
XOOPS_ROOT_PATH."/include/common.php";
    }

You have to add a line before and one after this, so that, in the end, it looks like:
include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;
    if (!isset(
$xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '' ) {
        include 
XOOPS_ROOT_PATH."/include/common.php";
    }
    include 
XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;

Then save mainfile.php in its original location, and write protect it.

That should be all. The author's instructions are the ones that count. Just recapping it because I see that the instructions can be a little confusing. Hope this helps.


Tobias

Not too shy to talk
Posted on: 2008/4/24 6:01
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#3

Re: Increase in attempyed exploits

Quote:
Just saying because that tugzip site is hacked and may serve up malware. At the time of writing this, perhaps they clean it up soon.

It's cleaned up, just for the record.


Tobias

Not too shy to talk
Posted on: 2008/4/17 16:54
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#4

Re: Increase in attempyed exploits

Quote:

Quite a lot of these entries have 'database.php' in them, that's why I was wondering if there is a new expoit, but as yet unknown to a lot of people. Found one at http://www.milw0rm.com/exploits/2623 , but it is dated Oct 2006, a long time ago.

My XOOPS installation has exactly one database.php which sits at class/database. If your attackers try to find a database.php all over the place, then that's probably just a crapshot. Perhaps some modules also have a database.php.

In any case, if there's a pattern and you want to make sure, you can probably just block all requests containing the string database.php in your htaccess file. I can't imagine any reason why a script by that name should be legitimately called from the outside.


Quote:

Yes, I don't use IE, Firefox for me.


Just saying because that tugzip site is hacked and may serve up malware. At the time of writing this, perhaps they clean it up soon.


Tobias

Not too shy to talk
Posted on: 2008/4/17 5:55
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#5

Re: Increase in attempyed exploits

Somebody is clearly trying to break in. I hope you have your XOOPS Protector module up and running. Many of these hits may be random, but they clearly try to deliver a payload, and you can actually see it if you call up the txt files the hacker wants to execute on your server. Those are scripts that sniff out vulnerabilities in the servers setup and try to get shell access.

Where are these log entries from, anyway? They look funky.

If you have a lot of time to spare, you can contact the webhosts from which these scripts are served and tell them that some of their users are making nonsense. But then, that's a fight against windmills. You can also send a sample to your own webhost and ask them for guidance, and to make sure that the servers are configured correctly.

*edit* But probably, you don't want to have to do with those tugzip folks. So forget the suggestion with contacting them. In any case, make sure you don't use the Internet Explorer if you want to look around what's going on there.


Tobias

Not too shy to talk
Posted on: 2008/4/15 23:56
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#6

Re: Protector... what on earth does it all mean?

URI Spam means that someone (most likely a robot) is trying to make crap posts with tons of URLs in them to one of your modules. DoS means "denial of service," and that's when somebody hits your site with a frequency (or more likely deploys his botnet to hit your site with a frequency) that your webserver cannot respond. Thus, your webserver will deny the service, and your site won't be visible. A crawler is a robot that crawlers your site looking for email-addresses that can be spammed, and other information that's useful for the bad guys.

There're scores of places on the internet with better information on these things. The bottom line: Protector helps you get keep a check on some of these web creatures and misbehaviors, but the three things you mention don't really damage your site, or hack it open to use it for, say, distribution of malware or something. Those are just nuisances. Protector is important mainly for the real attacks that could compromise your site.

If you get a lot of, say, DoS notices from Protector, it may be that the settings are too restrictive for your particular site. I think there is a threshold of so many hits per second that triggers the DoS defense. Perhaps you need a higher threshold because you have, for instance, a chat module somewhere on the site. If there are many notices, try to find out whether there are many false positives (and users complaining). If there are no false positives, then be happy that Protector is doing a good job fending of some of these things.

The Protector modules does much more important work, such as sanitizing the addresses people request from your website so that there is no malicious code passed to the site through such an http request.

And never forget: Good as it is, even the Protector module can't really prevent that hackers get in should there be some serious security hole. So never feel too safe.


Tobias

Not too shy to talk
Posted on: 2007/10/6 22:53
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#7

Re: Newbb HTML problems

You could identify the container of the post (by looking at the source of a post that's causing the issue; the container would be the div or the td that's immediately surrounding the text of the post), and assign "overflow: hidden" to it in the style.css of your theme. Or try what you get with "overflow: auto" or "overflow: scroll". Not sure this helps, just a guess. If you post a link, helpful people can look into the actual scenario, rather than taking a guess.


Tobias

Not too shy to talk
Posted on: 2007/8/26 20:36
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#8

Re: Joomla Vs. Xoops

Just had a stint with Drupal and, of course, it's an entirely different beast. I love XOOPS because you can spend a lot of time hacking, and also because this seems to be as much of an intercultural place as you could possibly imagine. With everybody taking issue with everything. Darn cool! And I think that much of what's going on here is actually in Chinese an Portuguese, and out of sight for most of us who only look at the English site and, from time to time, at the French ones. That's not a critique, that's absolutely exciting!

Of course, Drupal has some of those features everybody's waiting for here since two years ago, at least. Like an easy and centralized way to do URL aliases.

But what I found funny: Drupal has that load balancing function, and at times of high loads, it just switches off certain capabilities. Search function first it seems. Try to find something on drupal.org at a peak time. Hehehe!

Long live Xoops! But I want URL aliases!


Tobias

Not too shy to talk
Posted on: 2007/7/22 5:45
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#9

Re: Is there a way to add notification options to a module?

<pre>

The _MI_ stuff are just language constants, for translation. That won't do a thig to notify anyone.

So this is way off, I'm afraid.


Tobias

Not too shy to talk
Posted on: 2007/7/21 21:41
Tobias
Tobias (Show more)
Not too shy to talk
Posts: 172
Since: 2005/9/13
#10

Re: Another article 1.0 question

The design, I see on your site, you have firmly under control. That's quite nifty how you've assigned a different background color to the different values.



TopTop
(1) 2 3 4 ... 14 »