Hi GIJOE,
You're right. Protector does report "turn allow_url_fopen off". I'm dealing with this with the hosters.
Do you have a list of modules that allow this 'crack'
![](http://xoops.peak.ne.jp/uploads/smil3dbd4e398ff7b.gif)
Could Protector do a sanity check on installed modules? That would be a neat idea to implement if it were possible.
Quote from my hoster
"Many scripts rely on allow_url_fopen the first one that springs to mind is RSS feeds. These will no longer work if allow_url_fopen(); is disabled without some interesting use of the curl function (which again has its own security risks for shared customers and insecure scripts)."
Regards
Ashley