I use Nortons Internet Security and firewall, and since this site has started using Xoops2, I no longer have to disable my firewall to login. I always have to disable it on my pre-Xoops2 sites though.

(edited)

Ok, i can login to site, but I cant post ;(

I had to turn it off to post this...

In XOOPS2, you can turn this security check off very easily by modifying the following code in include/common.php on line 51:

define('XOOPS_DB_CHKREF', 1);

to

define('XOOPS_DB_CHKREF', 0);

However, we do not recommend turning this off unless you are able to definitely trust the visitors coming to your site.

Muchas gracias Sergio.

And don't worry about bad English, I was actually becoming a passive observer of this thread and it was extremely worrisome to see both Chapis and Boobtoob's reaction to the thread. I really appreciate to see that one of the developers at least is taking the matter seriously.

When attitude's the game, better look for a new game console, I would like to know how many of those who have posted a thread in here as considering this a problem have considered moving to other CMS systems not because we do not like the way XOOPS works, but because the developers and web-masters were using phrases that have an offensive (and rather defensive) tone like "learn how to use your firewalls" and "xoops is run in hundreds of places yatta yatta" when the internet is about MILLIONS of users! It sounded so boisterous!

If someone considers this is an issue, you should be grateful, as developers, to see that all XOOPS loyal users, who are trying to recommend XOOPS are much as possible, are posting the problem for it to be taken into account instead of turning to any other CMS system! It's not only the developers who are working and contributing to Xoops, but we as users should be acknowledged as well, especially when we are posting any issues that might arise, I believe that's an important guide in the development of ANY system.

I will not be surprised to see there's no reply by Chapis or Boobtoob, or that the next reply is also in a defensive-offensive "taken-personal-agression-boo-hoo-hoo" tone. I would instead be GLADLY surprised to see if they post any kind of "Our Oops, we're looking into it."

Developers are doing a great job, don't let attitude get in the way!

Again, thanks w4z004, that's the kind of attitude that moves any stone forward.

I am glad to hear the devs are working on the problem but the problem really is a big problem. I wasnt aware of this issue until about a week ago when loads of emails started flowing in with complaints about unable to register, unable to login and so on. I cannot reply to everybody explaining and supporting them with firewall configuration and so we are loosing users every day...

Users are users, they really dont give a @#(* about firewalls unlike developers.

So here is may question: would you suggest installing trollix hack until the issues are solved? Can you tell me exactly what risks do I take when installing it? I understand that by knowing the hole i would be able to hack other sites using the hack but then again - how would i be sure?

thanks,

Krisj

I am glad to hear the devs are working on the problem but the problem really is a big problem. I wasnt aware of this issue until about a week ago when loads of emails started flowing in with complaints about unable to register, unable to login and so on. I cannot reply to everybody explaining and supporting them with firewall configuration and so we are loosing users every day...

Users are users, they really dont give a @#(* about firewalls unlike developers.

So here is may question: would you suggest installing trollix hack until the issues are solved? Can you tell me exactly what risks do I take when installing it? I understand that by knowing the hole i would be able to hack other sites using the hack but then again - how would i be sure?

thanks,

Krisj

Quote:

Hello, i'm are read the trolix message.

Are you read the reply of Kazu in the same thread?? Look HERE

We are working for fix this, is a really complex technical problem.

Quote:

Actinic is a commercial software, this is not a excuse, but remember, we have limited time for work in all.

Yup, may be Eric speed up the reply and he don't take the real dimension of this Problem.

I can say. we are working in this, this problem is related to the extreme security of Xoops. we realize many checks for have really secure the Xoops.
You can see only 2 HOLES reported for the RC1.0 and never more.

Sorry for me bad english :)
Sergio (w4z004)

You must have missed the post earlier in the thread by trollix and your search must have missed the thread he referred to:

(HACK) Prevent Firewall login

If the stated goal of XOOPS is to "...create a Content Management System (CMS) for users and developers that installs out of the box offering unparalleled ease of use, support and management." then wouldn't it be great if it worked for users as well... even the odd balls (irony) who choose to run with a firewall?

Actinic (ecommerce software) hit the same problem. They didn't say "most people don't have a problem... sorry you don't like the answer". They fixed it:

ZAP + Norton firewall problem.

If XOOPS is going to be anything other than a CMS for hobby sites it'd better react a little differently to this type of problem.

I use XOOPS in production since exactely 6 days...

May be XOOPS users with about 100-120 simultaneus users are not many ...

I also reported a bug about Who's on Line ...

Sorry you didn't like my answer. I used our search to look for "Firewall Problem" and nothing came up except this thread. I am glad to see that someone has come up with a hack that works.

No Boobtoob,

We CANNOT satisfy with your answer. There is at least an other known firewall problem with Norton, not only ZAP.

I run an important portal (1.200.000 pages seen per month & 7.000 members). I moved it last week from PHP Nuke to XOOPS and I had dozens of complaints about the login problem

The problem is ALSO when people acces to our website through company firewall or similar. You cannot tell them "ask your administrator to turn off firewall".

So I patched my XOOPS with Trollix's hack and everything is running well now.

But it is not acceptable to see you writing "XOOPS is used by hundreds of people around the globe and this is the only firewall report that we have" that seems something similar to "we do not consider that it is a problem".