I have searched the site and found some answers. But i still need some help configuring this module. Due to a recent event with my web host, in which they were hacked because of a insecure server, about 40 people or so lost their sites, including myself. Now i'm not sure if this module will help, but it's getting installed on all XOOPS sites from the start from now on.

1- I don't see anything about a Protector Block. I looked in the System Admin>>Blocks section and didn't see anything and i also looked in the Protector module and didn't see anything. Where is this located.

2- My password and main.php file are marked as Okay. However, the following are marked "Not Secure".

'register_globals' : on Not secure

'allow_url_fopen' : on Not secure

'session.use_trans_sid' : on Not secure

'XOOPS_DB_PREFIX' : XOOPS Not secure

I have gone through all the help files i could find. Either i didn't find the answer to help change this or i didn't understand it.

I did however use the Pre-Fix manager to copy the XOOPS DB Pre-fix and change it to or added a different Pre-Fix. Yet it still says it's not secure. In my Pre-Fix manager, i have two Pre-Fixes listed,how do i change the db to use the new one and not the XOOPS one?

I opened the /home/cs193276/public_html/.htaccess with note pad. But i have no clue what to add/change or even do. There were some sqaure boxes listed in there, so i am taking it, notepad isn't the program to open it with?

It says to add php_flag session.use_trans_sid off in the root .htaccess. can i add it anywhere by copying and pasting or does it need to go somehwere special?

Sorry for the qquestions. I just don't understand this module or it's workings. And after what happened, i'm trying to secure the site as best as possible.

I will say though, since i started using Xoops, i have learnt a lot more then what i knew. And i feel pretty good about sicne i did a lot of it on my own. And what i didn't know, everyone here helped enormously.

Thanx!!!

'register_globals' : on Not secure

'allow_url_fopen' : on Not secure

'session.use_trans_sid' : on Not secure

you need to speak to your ISP/hosting provider to change these, as these are set on the server end.

I have the following in my htaccess file:


and this works.

You can put them anywhere in your htaccess file, I just put them at the top of the file, and this file is in my root folder.

Quote:

i tried this and i got internal server errors when the page reloaded. i contacted the host admins to see if they would change the settings. so now ihave to wait.

thank you for the replies.

After creating a new table prefix (which essentially duplicates all the tables in your database by the way), you need to make the switch to the new one.

Do this by editing the file /mainfile.php. Change the line:

define('XOOPS_DB_PREFIX', 'WHATEVER_YOUR_NEW_PREFIX_IS');

If everything is working ok after the change you might consider deleting the duplicate/old database tables with the original 'xoops' prefix as you don't need them anymore.

You better back up your database before you even *think* about doing something like that though.

Since its a simple module, I got all inspired and started banging together a guide to protector - it's half finished, so hopefully it will be available tomorrow night some time. If work doesn't drop any more bombs on me.

(The CBB guide is coming phppp :)

Thanks Madfish - this is very much appreciated!

Quote:

I really appreciate that as i know may others will.

I have everything set except the first two issues,

php_flag register_globals off
php_flag session.use_trans_sid off

I have conacted my host support to see if they can fix it.

I want to thank everyone who responded.

Quote:
I don't think that block is used in later versions of the protector module.

Just a reminder that if you ever want to replace this module with a later version (as I have just done) you will - as documented - need to:

1) Disable then un-install the old version.

2) Temporarily rem out the lines in mainfile.php that include the post and pre check files.

3) Install the new version

4) Un-comment mainfile.php.

I had lots of problems when I tested the 2.40RC version of this module, but the latest version (2.57 from the dev's website) seems ok.

Still not sure what I am expected to find in the reports or what I am expected to do about it, so I look forward to seeing that user guide MadFish.