11
bitcero
Re: My site xoops attacked
  • 2012/10/26 21:08

  • bitcero

  • Quite a regular

  • Posts: 318

  • Since: 2005/11/26


Well, is very important to check apache access logs in order to know what happened.

If you use a hosting with cpanel, generally, you can change your php.ini settings because every virtual host manage their own... but with some restrictions. Also with CPanel you can view all apache logs.

Is very important to clarify this problem for two reasons:

1. To determine if XOOPS security can be improved
2. To determine the cases where this things can happend and how to prevent, even if XOOPS is not related to it.


12
Peekay
Re: My site xoops attacked
  • 2012/10/26 22:19

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Quote:
Is very important to clarify this problem for two reasons:

1. To determine if XOOPS security can be improved
2. To determine the cases where this things can happend and how to prevent, even if XOOPS is not related to it.

Thankfully this was not a security issue at all. Timgno has now discovered that the host upgraded the PHP version and it temporarily broke Xoops.

If anyone is reviewing their server security, my recommendations are (still) 1) create an htaccess file entry that keeps perl off your server and 2) set up a cron job to run PhpMysqlAutoBackup every day. This enables you to have an off-site backup of any MySQL database, not just Xoops.

If you allow your Xoops users to upload files and want those backing up too, SiteVault backs up DB files and site files in one timed operation.

Login

Who's Online

334 user(s) are online (221 user(s) are browsing Support Forums)


Members: 0


Guests: 334


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits