Hi GIJOE!
No worries about the misunderstanding, communication isn't as simple as it seems at first glance
Great to hear about your motivation to implement the idea!
Thanks a lot for that
Your work is highly regarded and appreciated!
Regards
JasonMR
hi Jason.
At first, I'm sorry my misunderstanding.
Quote:
I did mean the checking, if install works....I thought of something like an option in the admin area "Click here to test your Protector installation", which then starts a script doing the test you described.
Good idea!
I'll implement it.
I did mean the checking, if install works....I thought of something like an option in the admin area "Click here to test your Protector installation", which then starts a script doing the test you described.
I am sorry, that currently I can only offer my smart comments.....
hi Jason.
Patching into mainfile.php is almost indispensability.
If someone use the method (xoopsOption[nocommon]=1) and the server is register_globals on, crackers can easily access XOOPS which is not protected by Protector.
Quote:
I do believe there should be some checker included into Protector, though I'm not sure, how to go about that one. At least the described method should be mentioned in the ReadMe, I believe....just my 5c....
Do you mean the tip of checking ?
It is hard to judge.
To describe it means that I teach how to attack XOOPS without Protector.
Anyway, I thank you for the suggestion.
hi beetle bug.
It sounds a good question.
Certainly, some checking stages are needed.
After turning "IP ban" off ...
access
http://(your site)/?xoopsOption[nocommon]=1
If you've set up XoopsProtector correctly, the report is recorded on your security center in XoopsProtector's admin
Don't forget turn "IP ban" off, before such cracking test.