hi beetle bug.
It sounds a good question.
Certainly, some checking stages are needed.
After turning "IP ban" off ...
access
http://(your site)/?xoopsOption[nocommon]=1
If you've set up XoopsProtector correctly, the report is recorded on your security center in XoopsProtector's admin
Don't forget turn "IP ban" off, before such cracking test.
hi Jason.
Patching into mainfile.php is almost indispensability.
If someone use the method (xoopsOption[nocommon]=1) and the server is register_globals on, crackers can easily access XOOPS which is not protected by Protector.
Quote:
I do believe there should be some checker included into Protector, though I'm not sure, how to go about that one. At least the described method should be mentioned in the ReadMe, I believe....just my 5c....
Do you mean the tip of checking ?
It is hard to judge.
To describe it means that I teach how to attack XOOPS without Protector.
Anyway, I thank you for the suggestion.
I did mean the checking, if install works....I thought of something like an option in the admin area "Click here to test your Protector installation", which then starts a script doing the test you described.
I am sorry, that currently I can only offer my smart comments.....
hi Jason.
At first, I'm sorry my misunderstanding.
Quote:
I did mean the checking, if install works....I thought of something like an option in the admin area "Click here to test your Protector installation", which then starts a script doing the test you described.
Good idea!
I'll implement it.
Hi GIJOE!
No worries about the misunderstanding, communication isn't as simple as it seems at first glance
Great to hear about your motivation to implement the idea!
Thanks a lot for that
Your work is highly regarded and appreciated!
Regards
JasonMR