1
DCrussader
XOOPS Security (without Xoritfy and Protector) [BETA]

1. Always use latest stable XOOPS core.
2. Keep your modules updated to the latest stable release.
3. The .htaccess file

Remote File Inclusion Protection
RewriteEngine On
RewriteBase 
/
RewriteCond %{QUERY_STRING} ^.*=(ht)|(f)+(tp)+(://|s://)+.*(??)+ 
RewriteRule .* http://your-trap.com/php-trap-script.php [R,L]


Various protections
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRINGbase64_encode.*(.*) [OR]
# Block out any script that includes a 
2
Anonymous
Re: XOOPS Security (without Xoritfy and Protector) [BETA]
  • 2012/4/4 17:40

  • Anonymous

  • Posts: 0

  • Since:


Nice and docile tutorial DCrussader.

3
Dante7237
Re: XOOPS Security (without Xoritfy and Protector) [BETA]

Excellent tutorial.
Every webmaster should implement these techniques.

Of course, allow who you want, block who you want....

The more I know, the more I know that I really didn't wanna know.

4
Mamba
Re: XOOPS Security (without Xoritfy and Protector) [BETA]
  • 2012/4/5 6:48

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


I had to put my moderator hat today and make some edits.

We don't need to pinpoint particular countries for banning - it's up to the individual Webmaster to decide based on his records of who is spamming his Website.

So let's focus on the technical aspects of the issue, i.e. once you see that most of the spam is coming form country ABC, how can you ban them and protect your Website.

With that - Happy Xoopsing!


Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

5
DCrussader
Re: XOOPS Security (without Xoritfy and Protector) [BETA]

Heh... ok
--------------------
Next step is activating reCaptcha in comments and registration.

You have to edit /class/captcha/config.php
on Line 29 to add 'recaptcha'

next file for edit is /class/config.recaptcha.php
Lines 24-27
Private and Public keys (obtain yours from http://www.google.com/recaptcha
Theme of reCaptcha (clean, mostly used)
Line 27 'lang' -> change _LANGCODE to 'en'

demo (till next deletion)
Registration (http://xoops.cmsbg.info/modules/profile/register.php)
Comment (http://xoops.cmsbg.info/modules/TDMDownloads/comment_new.php?com_itemid=1&com_order=0&com_mode=flat&cid=2)
May The Source Be With You!

6
Peekay
Re: XOOPS Security (without Xoritfy and Protector) [BETA]
  • 2012/4/5 13:28

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


Some good advice.

I found the single biggest prevention against script attacks is to keep PERL off your server. I posted how to do this in htaccess here.

The Perishable Press 4G blacklist mentioned in that thread also covers a lot of exploits, although you may need to disable some prohibited characters or expressions to use Xoops.
A thread is for life. Not just for Christmas.

7
wishcraft
Re: XOOPS Security (without Xoritfy and Protector) [BETA]

These are two very good articles, however Xortify is for more Captcha Sweat Shops, Captcha beating bots, signup fraud, harvesting and other things as well, I would recommend running it, most people i have spoken to who are getting attacked with signup captcha sweat shops seem to have them beat with xortify.
Resized Image
http://www.ohloh.net/accounts/226400

Follow, Like & Read:-

twitter.com/RegaltyFamily
github.com/Chronolabs-Cooperative
facebook.com/DrAntonyRoberts

Login

Who's Online

191 user(s) are online (135 user(s) are browsing Support Forums)


Members: 0


Guests: 191


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits