1
Shiva
Xoops Security
  • 2008/4/23 8:19

  • Shiva

  • Quite a regular

  • Posts: 280

  • Since: 2006/7/9 1


Are the security precautions that all Xoopsters should be aware of. The only relevant information I can find is written in 2004. So to start off... do people find the following useful and relevant:

1. Using the protector module :

https://xoops.org/modules/repository/singlefile.php?cid=59&lid=1453

2. Hiding the MySQL login & password details by moving them into a diffent file :
http://xoops-tips.com/news-article.storyid-1.htm


Any other security precautions that we should be aware of?

2
Anonymous
Re: Xoops Security
  • 2008/4/23 8:49

  • Anonymous

  • Posts: 0

  • Since:


That is a very old version of Protector. Use version 3.16beta from GIJOE's website here:
http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=105&cid=1

You will Madfish's excellent installation guide on that page. Follow it to the letter and you'll be fine

3
avtx30
Re: Xoops Security
  • 2008/4/23 8:57

  • avtx30

  • Not too shy to talk

  • Posts: 181

  • Since: 2006/10/12


-2. Delete 'install' directory
-1. Chmod '404' mainfile.php
-0. Chmod others properly
3. Try to move '777' stuffs out of your public_html
4. Remove unused files (e.g. xmlrpc.php, pda.php)
5. Use good modules
6. Use .htaccess properly

/.htaccess
Options -Indexes
<FilesMatch "(mainfile|header|footer).php">
Order allow,deny
Deny from all
FilesMatch>


/cache/.htaccess, /class/.htaccess, /kernel/.htaccess, /language/.htaccess, /templates_c/.htaccess
Order allow,deny
Deny from all


/images/.htaccess, /modules/.htaccess
Options -Indexes


/include/.htaccess
Order Deny,Allow
Deny from all
<FilesMatch ".(js|css)$">
Allow from all
FilesMatch>


/themes/.htaccess
Order Deny,Allow
Deny from all
<FilesMatch ".(gif|jpe?g|png|js|css|swf)$">
Allow from all
FilesMatch>


/uploads/.htaccess
Order Deny,Allow
Deny from all
<FilesMatch ".(gif|jpe?g|png)$">
Allow from all
FilesMatch>

4
Shiva
Re: Xoops Security
  • 2008/4/23 10:35

  • Shiva

  • Quite a regular

  • Posts: 280

  • Since: 2006/7/9 1


Cheers for that guys!

I did not know there was such a recent version of the protector modules. It's a shame that the XOOPS download area is so out of date.

The .htaccess tips seem very handy. But can you just explain whats happening there. I presume it blocks access to unautorised users. I am a little concerned about the uploads directory - I don't want to restrict to much access. (?)

5
Mamba
Re: Xoops Security
  • 2008/4/23 10:45

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


We're working on an update of modules - it's coming soon!

But the best way is always to check the authors Website, because sometimes we are not aware of a new version being out.
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

6
Shiva
Re: Xoops Security
  • 2008/4/23 10:51

  • Shiva

  • Quite a regular

  • Posts: 280

  • Since: 2006/7/9 1


cool. :)

Login

Who's Online

414 user(s) are online (332 user(s) are browsing Support Forums)


Members: 0


Guests: 414


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits