12
I have made a new test :
• my site is ok, I have exported database
• I modify mainfile.php, ... so I get alert "Protector detects site manipulation"
• I export my database again and compare it with first
So, I see two changes :
• table : _session
• table : _protector_access
I'm trying to empty these two tables ... but there is someone who is browsing on my site : I can't right now
So could you try to empty these two tables (not delete, just empty) ?
Complements :
• this new protection is presend in readme.txt
Quote:
3.50 beta (2009/11/17)
- modified filters can be turned on/off by preferences of Protector
- moved filters under filters_disabled/ into filters_byconfig/
- added manipulation checker against ftp worms or silent raiders
• some code in xoops_lib/modules/protector/class/protector.php
function check_manipulation()
{
if( $_SERVER['SCRIPT_FILENAME'] == XOOPS_ROOT_PATH.'/index.php' ) {
$root_stat = stat( XOOPS_ROOT_PATH ) ;
$index_stat = stat( XOOPS_ROOT_PATH.'/index.php' ) ;
$finger_print = $root_stat['mtime'] .':'. $index_stat['mtime'] .':'. $index_stat['ino'] ;
if( empty( $this->_conf['manip_value'] ) ) {
$this->updateConfIntoDb( 'manip_value' , $finger_print ) ;
} else if( $finger_print != $this->_conf['manip_value'] ) {
// Notify if finger_print is ident from old one
$ret = $this->call_filter( 'postcommon_manipu' ) ;
if( $ret == false ) die( 'Protector detects site manipulation.' ) ;
$this->updateConfIntoDb( 'manip_value' , $finger_print ) ;
}
}
}