= SUMMARY =
Xoops Protector is a module to defend XOOPS2 from various and malicious attacks.
This module can protect a various kind of attacks like:
- DoS
- Bad Crawlers (like bots collecting e-mails...)
- SQL Injection
- XSS (not all though)
- System globals pollution
- Session hi-jacking
- Null-bytes
- Directory Traversal
- Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)
- Brute Force
- Camouflaged Image File Uploading (== IE Content-Type XSS)
- Executable File Uploading Attack
- XMLRPC's eval() and SQL Injection Attacks
- SPAMs for comment, trackback etc.
Xoops Protector defends you XOOPS from these attacks, and it records into its log.
Of course, all vulnerablities can't be prevented.
Be not overconfident, please.
However, I strongly recommend installing this module to all XOOPS sites with any versions.
= 安装 =
首先, 在mainfile.php中定义 XOOPS_TRUST_PATH.
复制 html/modules/protector 到您的 XOOPS_ROOT_PATH/modules/
复制 xoops_trust_path/modules/protector 到您的XOOPS_TRUST_PATH/modules/
设置属性 XOOPS_TRUST_PATH/modules/protector/configs 777
安装后,编辑 mainfile.php 如下:
include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;
if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '' ) {
include XOOPS_ROOT_PATH."/include/common.php";
}
include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;
Just add two lines.
Both pre-check and post-check are needed.
An option "DENY by .htaccess" is added on version 2.34.
If you try this option, set writable XOOPS_ROOT_PATH/.htaccess
Before installing this, you should compare it to the security risks which .htaccess is writable.
=======================================
关于XOOPS_TRUST_PATH and Module Duplication
http://www.seed100.com/htdocs/modules ... c_id=12&forum=7&move=next=======================================
= How to rescue =
如果您自己被误认为是入侵而被阻止,可以删除 XOOPS_TRUST_PATH/modules/protector/configs/
下的文件。
The setting and controller of "rescue password" has been eliminated.
= UPGRADE from Protector 2.x =
- remove two lines for Protector from your mainfile.php
- remove all files under XOOPS_ROOT_PATH/modules/protector/ via FTP etc.
- upload files in the archive (refer INSTALL)
- do "upgrade" Protector in modulesadmin
- add two lines for Protector into your mainfile.php
Note: "XOOPS_TRUST_PATH" for 3.0 instead of "XOOPS_ROOT_PATH" for 2.x
= Using filter-plugin =
You can put a filter-plugin in XOOPS_TRUST_PATH/modules/protector/filters_enabled/
There are two plugins in this archive.
- postcommon_post_deny_by_rbl.php
an anti-SPAM plugin.
All of Post from IP registered in RBL will be rejected.
This plugin can slow the performance of Post, especially chat modules.
-postcommon_post_need_multibyte.php
an anti-SPAM plugin.
Post without multi-byte characters will be rejected.
This plugin is only for sites of japanese, tchinese, schinese, and korean.
If you want to turn the plugin on, copy the file in filters_disabled into filters_enabled.
= CHANGES =
3.01 (2007/02/10)
- modified the rule for sorting IPs
- added language files
-- portuguesebr (thx beduino)
-- spanish (thx PepeMty)
-- polish (thx kurak_bu) 3.01a
3.00 (2007/02/06)
- marked as a stable version
- fixed typo in log level
- fixed multibyte plugin never denies registered users (thx mizukami)
- modified compatibility with 2.2.x from xoops.org 3.00a
3.00beta2 (2007/01/31)
- added plugin system (just postcommon_post_*)
- added filtering-plugins
-- postcommon_post_deny_by_rbl.php (deny SPAM by RBL)
-- postcommon_post_need_multibyte.php (deny SPAM by character type)
3.00beta (2007/01/30)
- moved almost files under XOOPS_TRUST_PATH
- modified denying IP from DB to a file under configs
- removed rescue feature (just remove a file via FTP)
- added allowed IPs for user of group=1
- modified table structures (compatible MySQL5)
- added BigUmbrella anti-XSS system
- added anti-SPAM feature
= THANKS =
- Kikuchi (Traditional Chinese language files)
- Marcelo Yuji Himoro (Brazilian Portuguese and Spanish language files)
- HMN (French language files)
- Defkon1 (Italian language files)
- Dirk Louwers (Dutch language files)
- Rene (German language files)
- kokko (Finnish language files)
- Tomasz (Polski language files)
- Sergey (Russian language files)
- Bezoops (Spanish language files)
These contributions was made for v2.x
I'm appreciated new language files for v3.0
Moreover, I thank to JM2 and minahito -zx team- about having taught me kindly.
You are very great programmers!
------------------------------------------------------------
GIJ=CHECKMATE <
[email protected]>2004-2007
PEAK XOOPS
http://xoops.peak.ne.jp/