I sent this post to
fourums Gijoe site (author of Protector), but there is not an answer. Like Protector is a important module, overalls now, can someone help me?
---------------------------------------------
I am working with the translation to Spanish of Protector that Marcelo Yuji Himoro has requested to me to make it better.
In the forums in Spanish, many users asks about the protector options: what is this? is it dangerous? am I unprotected?
Then, I am trying to include an expanded help for them.
I have several doubts and I would like to know if it is correct:
1-
register_globals On. If in the server you only have installed XOOPS version 2.10 or higher, their folders (with index.html or .htaccess) and files (permits 444 in the necessary ones) are protected, and don't exist other folders or loose files, are safe?.
Because XOOPS includes the global variables that it needs and it doesn_t allow to use other, for what they are not accessible via a form.
2-
allow_url_fopen On: I asked to the technical service of my server, and they told me that have installed other tools that don_t permit the run scripts from other people in the server, and this variable can be in On.
3-
session.use_trans_sid On: If the session is transferred through identity, it is insecure, but like XOOPS use cookies, it doesn_t mind. Or exist this id of session and is not visible if is it installed the module "mod_rewrite" in Apache?
4-
you contaminate yourself global variable system: have the variables been modifys or are they corrupt?
5-
I Forced intval to variable like you go, Though I recommend to turn this option on, it dog causes problems with some you modulate. in what type of modules?
6-
(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) here. Can i change it? for:
(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) or 192.168.0.0-192.168.255.255, set 12(bits) here
7- I have read that the best way to avoid the robots malicios, is add in the root a file .htaccess with:
SetEnvIfNoCase User-Agent "EmailCollector/1.0" spam_bot
SetEnvIfNoCase User-Agent "EmailSiphon" spam_bot
SetEnvIfNoCase User-Agent "EmailWolf 1.00" spam_bot
SetEnvIfNoCase User-Agent "ExtractorPro" spam_bot
SetEnvIfNoCase User-Agent "Crescent Internet ToolPak HTTP OLE Control v.1.0" spam_bot
..... etc etc
SetEnvIfNoCase User-Agent "WebZip" spam_bot
SetEnvIfNoCase User-Agent "autoemailspider" spam_bot
SetEnvIfNoCase User-Agent "Mozilla/3.0 (compatible)" spam_bot
Order Allow,Deny
Allow from all
Deny from env=spam_bot
thanks in advance