xoops forums

bitcero

Quite a regular
Posted on: 2012/10/26 21:08
bitcero
bitcero (Show more)
Quite a regular
Posts: 318
Since: 2005/11/26
#11

Re: My site xoops attacked

Well, is very important to check apache access logs in order to know what happened.

If you use a hosting with cpanel, generally, you can change your php.ini settings because every virtual host manage their own... but with some restrictions. Also with CPanel you can view all apache logs.

Is very important to clarify this problem for two reasons:

1. To determine if XOOPS security can be improved
2. To determine the cases where this things can happend and how to prevent, even if XOOPS is not related to it.

Peekay

XOOPS is my life!
Posted on: 2012/10/26 22:19
Peekay
Peekay (Show more)
XOOPS is my life!
Posts: 2335
Since: 2004/11/20
#12

Re: My site xoops attacked

Quote:
Is very important to clarify this problem for two reasons:

1. To determine if XOOPS security can be improved
2. To determine the cases where this things can happend and how to prevent, even if XOOPS is not related to it.

Thankfully this was not a security issue at all. Timgno has now discovered that the host upgraded the PHP version and it temporarily broke Xoops.

If anyone is reviewing their server security, my recommendations are (still) 1) create an htaccess file entry that keeps perl off your server and 2) set up a cron job to run PhpMysqlAutoBackup every day. This enables you to have an off-site backup of any MySQL database, not just Xoops.

If you allow your Xoops users to upload files and want those backing up too, SiteVault backs up DB files and site files in one timed operation.