PEAK XOOPS - Some doubts about Protector 
Some doubts about Protector
Some doubts about Protector
msg# 1
- depth:
- 0
Previous post
-
Next post
|
Parent
-
Children.1
|
Posted on 2005/10/16 6:53
bezoops
From: Canary Islands-Spain
Posts: 10
From: Canary Islands-Spain
Posts: 10
I am working with the translation to Spanish of Protector that Marcelo Yuji Himoro has requested to me to make it better.
In the forums in Spanish, many users asks about the protector options: what is this? is it dangerous? am I unprotected?
Then, I am trying to include an expanded help for them.
I have several doubts and I would like to know if it is correct:
1- register_globals On. If in the server you only have installed xoops version 2.10 or higher, their folders (with index.html or .htaccess) and files (permits 444 in the necessary ones) are protected, and don't exist other folders or loose files, are safe?.
Because xoops includes the global variables that it needs and it doesn_t allow to use other, for what they are not accessible via a form.
2- allow_url_fopen On: I asked to the technical service of my server, and they told me that have installed other tools that don_t permit the run scripts from other people in the server, and this variable can be in On.
3- session.use_trans_sid On: If the session is transferred through identity, it is insecure, but like xoops use cookies, it doesn_t mind.
4- you contaminate yourself global variable system: have the variables been modifys or are they corrupt?
5- I Forced intval to variable like you go, Though I recommend to turn this option on, it dog causes problems with some you modulate. in what type of modules?
6-(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) here. Can i change it? for:
(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) or 192.168.0.0-192.168.255.255, set 12(bits) here
7- I have read that the best way to avoid the robots malicios, is add in the root a file .htaccess with:
thanks in advance
In the forums in Spanish, many users asks about the protector options: what is this? is it dangerous? am I unprotected?
Then, I am trying to include an expanded help for them.
I have several doubts and I would like to know if it is correct:
1- register_globals On. If in the server you only have installed xoops version 2.10 or higher, their folders (with index.html or .htaccess) and files (permits 444 in the necessary ones) are protected, and don't exist other folders or loose files, are safe?.
Because xoops includes the global variables that it needs and it doesn_t allow to use other, for what they are not accessible via a form.
2- allow_url_fopen On: I asked to the technical service of my server, and they told me that have installed other tools that don_t permit the run scripts from other people in the server, and this variable can be in On.
3- session.use_trans_sid On: If the session is transferred through identity, it is insecure, but like xoops use cookies, it doesn_t mind.
4- you contaminate yourself global variable system: have the variables been modifys or are they corrupt?
5- I Forced intval to variable like you go, Though I recommend to turn this option on, it dog causes problems with some you modulate. in what type of modules?
6-(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) here. Can i change it? for:
(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) or 192.168.0.0-192.168.255.255, set 12(bits) here
7- I have read that the best way to avoid the robots malicios, is add in the root a file .htaccess with:
SetEnvIfNoCase User-Agent "EmailCollector/1.0" spam_bot
SetEnvIfNoCase User-Agent "EmailSiphon" spam_bot
SetEnvIfNoCase User-Agent "EmailWolf 1.00" spam_bot
SetEnvIfNoCase User-Agent "ExtractorPro" spam_bot
SetEnvIfNoCase User-Agent "Crescent Internet ToolPak HTTP OLE Control v.1.0" spam_bot
SetEnvIfNoCase User-Agent "Mozilla/2.0 (compatible; NEWT ActiveX; Win32)" spam_bot
SetEnvIfNoCase User-Agent "CherryPicker/1.0" spam_bot
SetEnvIfNoCase User-Agent "CherryPickerSE/1.0" spam_bot
SetEnvIfNoCase User-Agent "CherryPickerElite/1.0" spam_bot
SetEnvIfNoCase User-Agent "NICErsPRO" spam_bot
SetEnvIfNoCase User-Agent "WebBandit" spam_bot
SetEnvIfNoCase User-Agent "WebBandit/2.1" spam_bot
SetEnvIfNoCase User-Agent "WebBandit/3.50" spam_bot
SetEnvIfNoCase User-Agent "webbandit/4.00.0" spam_bot
SetEnvIfNoCase User-Agent "WebEMailExtractor/1.0B" spam_bot
SetEnvIfNoCase User-Agent "EmailWolf" spam_bot
SetEnvIfNoCase User-Agent "Wget/1.8.2" spam_bot
SetEnvIfNoCase User-Agent "Wget/1.6" spam_bot
SetEnvIfNoCase User-Agent "Wget/1.5.3" spam_bot
SetEnvIfNoCase User-Agent "Wget" spam_bot
SetEnvIfNoCase User-Agent "WebCopier" spam_bot
SetEnvIfNoCase User-Agent "WebZip/4.0" spam_bot
SetEnvIfNoCase User-Agent "WebZip" spam_bot
SetEnvIfNoCase User-Agent "autoemailspider" spam_bot
SetEnvIfNoCase User-Agent "Mozilla/3.0 (compatible)" spam_bot
Order Allow,Deny
Allow from all
Deny from env=spam_bot
thanks in advance
Votes:5
Average:0.00
Posts tree
-
Some doubts about Protector
(bezoops, 2005/10/16 6:53)
-
Re: Some doubts about Protector
(GIJOE, 2005/11/30 17:34)
-
Re: Some doubts about Protector
(bezoops, 2005/12/3 0:04)
-
-
Login