1
Anonymous
Howto build a demo site?
  • 2012/1/11 16:11

  • Anonymous

  • Posts: 0

  • Since:


I want to build a demo xoops site for users to fiddle around as an admin. I already managed to make a script for restoring the original database, every 2 hours using crontab.

Are there any other security issues I have to fix or is restoring the database once in a while sufficient?

2
Anonymous
Re: Howto build a demo site?
  • 2012/1/17 14:07

  • Anonymous

  • Posts: 0

  • Since:


No reactions yet so I guess only restoring database is safe?

I myself have some doubts about phpmailer, I don't like the idea of spammers abusing phpmailer... Any ideas on how to block phpmailer for the subdomain the demo site resides on?

Would for instance placing an empty php.ini with "disable_functions = phpMail" in class/mail/phpmailer do the trick ?

Suggestions please!

3
redheadedrod
Re: Howto build a demo site?

Restoring the databases would be one step.

You would also want to make sure you clear any caches as well.

As part of that, if you have ANY files that can be modified by the user you will want to restore those during this time as well. SOME modules MAY store local files related to the module as they do work but I haven't seen this. Outside of the theme and templates with 2.5 I don't know of any other files that get updated. You may want to delete any potential templates that get created if you are using 2.5 assuming they can still clone and modify templates. I have not tried this but know that with 2.5 templates are no longer stored in the database but in the theme folder.

I don't believe with Xoops you can really do much with the email. The only email that xoops sends out would be registration emails and email to other users if the user has admin level access.

You would have to make sure that the mail systems are disabled with your host as a user with admin access should be able to modify the email settings until they find the right host settings.

Giving Admin access to guest users can be a security risk so you might want to consider giving limited admin access or something else.

Also make sure your crontab and any restoration files reside OUTSIDE of the webroot directory. Otherwise a hacker could potentially access them and/or change them.

Lastly I think you can modify the cookie lifespan. You want to reduce that to a minimum.
Attending College working towards Bachelors in Software Engineering and Network Security.

Login

Who's Online

325 user(s) are online (215 user(s) are browsing Support Forums)


Members: 0


Guests: 325


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits