1
Cuidiu
Protector and SPAM URI
  • 2008/8/12 18:23

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


I hope someone can help me understand how this works. I am using Protector and show many of these in the Protector Center log:
URI SPAM /modules/contact/index.php SPAM POINT: 58
Many logged have even higher points. I assume this means Protector has prevented the spam from being sent through the contact page, correct?

Also, what triggers the log entry? I just sent a test through the contact module with an URL in the comment field and it went through. Are spammers doing something else such as adding something to the module's URL in the browser?

Thanks in advance.
C
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

2
ghia
Re: Protector and SPAM URI
  • 2008/8/12 23:53

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Spam point 58 means that there are 58 links in the message being posted by the spammer. So every post, comment, data field, text block, ... containing more links then you have specified in the protector preferences is refused.

3
Cuidiu
Re: Protector and SPAM URI
  • 2008/8/13 0:03

  • Cuidiu

  • Quite a regular

  • Posts: 358

  • Since: 2006/4/23


Thanks for clarifying that for me, ghia_!
[size=x-small]Working sites:
XOOPS 2.0.16 PHP 5.2.2, MySQL 5.0.24a-standard-log, Apache/2.0.54 (Unix)
XOOPS 2.2.4, PHP 4.3.10, MySQL 3.23.58, Apache/1.3.33 (Unix)[/size]

4
cabdi_uk
Re: Protector and SPAM URI
  • 2008/8/13 12:07

  • cabdi_uk

  • Just popping in

  • Posts: 28

  • Since: 2007/6/12


Hi guys

A site that I designed using XOOPS has been hacked and few things changed like the banner. Everytime one accesse the site they get pops ups from http://uokill.zh.od.ua/su/in.cgi?....

My antivirus software has picked up some viruses from the site. Though I have changed the settings for the banner, I am not sure if I have managed to remove the damages.

Could someone please help me with:

1. how to clean my site properly?
2. How to install protector as I can not install it. I followed the instructions but dont seem to see the module when i log onto the site. All of my files are in the /htdocs/ and I dont have a XOOPS trust path. I though if using an empty folder i ve called private? is this possible.

Please reply asap.

Kind regards

Cabdi

5
Mamba
Re: Protector and SPAM URI
  • 2008/8/13 12:28

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Quote:
1. how to clean my site properly?

Never had to deal with it, so I don't know. Normally, I would backup the database, delete everything, and reinstall from scratch, and then restore the database.

Quote:
2. How to install protector as I can not install it. I followed the instructions but dont seem to see the module when i log onto the site. All of my files are in the /htdocs/ and I dont have a XOOPS trust path. I though if using an empty folder i ve called private? is this possible.


Turn on the "Debug" and see the error messages.

You probably don't have anything in the trustpath, which should be defined in the mainfile.php, or you didn't define the trustpath in the first place. So start there...
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

6
cabdi_uk
Re: Protector and SPAM URI
  • 2008/8/13 12:46

  • cabdi_uk

  • Just popping in

  • Posts: 28

  • Since: 2007/6/12


Thanks Mamba for your reply.

On your 1st answer, does deleting everything mean logging to ftp and reinstalling XOOPS again all over? as the hacker may have had access to my database password (from teh mainfile.php), do I need to reset teh database password?

Will installing the backup module be enough to backup the database now and restoring after reinstallation of making sure its the same version of php and mysql?

Thanks

7
Mamba
Re: Protector and SPAM URI
  • 2008/8/13 12:50

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Quote:
On your 1st answer, does deleting everything mean logging to ftp and reinstalling XOOPS again all over?

Yes

Quote:
as the hacker may have had access to my database password (from teh mainfile.php), do I need to reset teh database password?

Absolutely!

Quote:
Will installing the backup module be enough to backup the database now and restoring after reinstallation of making sure its the same version of php and mysql?

I didn't work with the "backup" module, so I don't know. Normally most ISPs provide phpMyAdmin, which can be used for backups too.
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

8
ghia
Re: Protector and SPAM URI
  • 2008/8/13 13:17

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


If you have multiple copies of backups, you can look up differences. You have to be sure to not use infected backups. Quote:
Normally most ISPs provide phpMyAdmin, which can be used for backups too.
Also the hosting website software such as cPanel have some convienant funtions too.

9
cabdi_uk
Re: Protector and SPAM URI
  • 2008/8/14 22:39

  • cabdi_uk

  • Just popping in

  • Posts: 28

  • Since: 2007/6/12


Thanks everyone for your help. The hacker did cause considerable harm to the web site. I managed to delete the hacker's codes from the banner field and few other files. I have also installed protector and that feel much better and secure now.

Thank you all

Login

Who's Online

362 user(s) are online (244 user(s) are browsing Support Forums)


Members: 0


Guests: 362


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits