Hi GIJOE,
You're right. Protector does report "turn allow_url_fopen off". I'm dealing with this with the hosters.
Do you have a list of modules that allow this 'crack'
Could Protector do a sanity check on installed modules? That would be a neat idea to implement if it were possible.
Quote from my hoster
"Many scripts rely on allow_url_fopen the first one that springs to mind is RSS feeds. These will no longer work if allow_url_fopen(); is disabled without some interesting use of the curl function (which again has its own security risks for shared customers and insecure scripts)."
Regards
Ashley