3
Restoring the databases would be one step.
You would also want to make sure you clear any caches as well.
As part of that, if you have ANY files that can be modified by the user you will want to restore those during this time as well. SOME modules MAY store local files related to the module as they do work but I haven't seen this. Outside of the theme and templates with 2.5 I don't know of any other files that get updated. You may want to delete any potential templates that get created if you are using 2.5 assuming they can still clone and modify templates. I have not tried this but know that with 2.5 templates are no longer stored in the database but in the theme folder.
I don't believe with Xoops you can really do much with the email. The only email that xoops sends out would be registration emails and email to other users if the user has admin level access.
You would have to make sure that the mail systems are disabled with your host as a user with admin access should be able to modify the email settings until they find the right host settings.
Giving Admin access to guest users can be a security risk so you might want to consider giving limited admin access or something else.
Also make sure your crontab and any restoration files reside OUTSIDE of the webroot directory. Otherwise a hacker could potentially access them and/or change them.
Lastly I think you can modify the cookie lifespan. You want to reduce that to a minimum.
Attending College working towards Bachelors in Software Engineering and Network Security.
