1
koralex90
How to enable everything on Protector(Security Advisory)
  • 2006/8/24 10:54

  • koralex90

  • Just popping in

  • Posts: 97

  • Since: 2005/3/15


I downloaded protector and I enabled
'session.use_trans_sid' : off ok

'XOOPS_DB_PREFIX' : removed - Davidl2 ok

'Password for rescue' : ok

BUT i didnt understand how to enable the rest. please tell me specific directions.. its so confusing. Thanks!


'register_globals' : on Not secure
This setting invites a variety of injecting attacks.
If you can put .htaccess, edit or create...

/home/boaboa/public_html/.htaccess

php_flag register_globals off

'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators.



'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.

2
davidl2
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/24 10:58

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


These need to be set by your Hosting Provider.

Please contact them to update this.

3
Lance_
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/24 12:34

  • Lance_

  • Home away from home

  • Posts: 983

  • Since: 2004/1/12


Create a file, call it ".htaccess", put in the folowing code and upload the file to the root of your XOOPS install.
php_flag   register_globals   off
php_flag   session
.use_trans_sid off


And in addition in your mainfile.php do the foolowing changes. THis is from the README in the protector package.
define('XOOPS_GROUP_ADMIN''1');
    
define('XOOPS_GROUP_USERS''2');
    
define('XOOPS_GROUP_ANONYMOUS''3');

    [
color=ff0000]include( XOOPS_ROOT_PATH '/modules/protector/include/precheck.inc.php' ) ;[/color]
    if (!isset(
$xoopsOption['nocommon']) [color=0000ff]&& XOOPS_ROOT_PATH != ''[/color] ) {
        include 
XOOPS_ROOT_PATH."/include/common.php";
    }
    [
color=ff0000]include( XOOPS_ROOT_PATH '/modules/protector/include/postcheck.inc.php' ) ;[/color]

If the blue colored part is different from your mainfile.php, don't mind it.

Note: is using 2.0.14 then there is an extra couple of lines in the mainfile just put the previous code aound the common.php line.

Cheers
GDL-Web.com :: Website development.
Xoopslance.com::Freelancing and Projects
thelionsden-arena.net:: Clan/League/Ladder Hosting

4
koralex90
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:06

  • koralex90

  • Just popping in

  • Posts: 97

  • Since: 2005/3/15


what kinda file?

5
davidl2
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:10

  • davidl2

  • XOOPS is my life!

  • Posts: 4843

  • Since: 2003/5/26


If you use "Google" - with "creating a .htaccess file" - you'll find many tips on this - including here.

6
Lance_
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:11

  • Lance_

  • Home away from home

  • Posts: 983

  • Since: 2004/1/12


Create a file with whatever Editor you like, then save it in TXT or PHP or HTML format.

Then if using Windows, browse Windows Explorer to the file and Rename it to ".htaccess".

Cheers.
GDL-Web.com :: Website development.
Xoopslance.com::Freelancing and Projects
thelionsden-arena.net:: Clan/League/Ladder Hosting

7
koralex90
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:12

  • koralex90

  • Just popping in

  • Posts: 97

  • Since: 2005/3/15


there is already a .htaccess file in my public_html. Do i replace that or add onto it below the code already there?

8
koralex90
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:12

  • koralex90

  • Just popping in

  • Posts: 97

  • Since: 2005/3/15


the following is in my htaccess

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*


order deny,allow
deny from all
allow from all


order deny,allow
deny from all

AuthName http://www.boa.retroxpect.com
AuthUserFile /home/boaboa/public_html/_vti_pvt/service.pwd
AuthGroupFile /home/boaboa/public_html/_vti_pvt/service.grp

9
Lance_
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:22

  • Lance_

  • Home away from home

  • Posts: 983

  • Since: 2004/1/12


Add the code to that file.
GDL-Web.com :: Website development.
Xoopslance.com::Freelancing and Projects
thelionsden-arena.net:: Clan/League/Ladder Hosting

10
koralex90
Re: How to enable everything on Protector(Security Advisory)
  • 2006/8/25 13:27

  • koralex90

  • Just popping in

  • Posts: 97

  • Since: 2005/3/15


thanks so much! Those two were enabled but this wasnt.

"'allow_url_fopen' : on Not secure
This setting allows attackers to execute arbitrary scripts on remote servers.
Only administrator can change this option.
If you are an admin, edit php.ini or httpd.conf.
Sample of httpd.conf:
php_admin_flag allow_url_fopen off
Else, claim it to your administrators."

how do I enable that? it says edit php.ini. or httpd.conf but i duno wat to edit.. and where are these files?

Login

Who's Online

251 user(s) are online (126 user(s) are browsing Support Forums)


Members: 0


Guests: 251


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits