PEAK XOOPS - Xoops Protector 2.57 in englishin japanese






Main : XOOPS Modules : 

Category: XOOPS Modules           php5
Download Now! Download Now! Xoops Protector 2.57 Popular Version: 2.57
Submitted Date:  2006/7/17
Description:
This is older version.
Download the latest version

in englishin japanese
= SUMMARY =

Xoops Protector is a module to defend XOOPS2 from various and malicious attacks.

This module can protect a various kind of attacks like:

- DoS
- Bad Crawlers (like bots collecting e-mails...)
- SQL Injection
- XSS (Just only a little kind of ...)
- System globals pollution
- Session hi-jacking
- Null-bytes
- Directory Traversal
- Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)
- Brute Force
- Camouflaged Image File Uploading (== IE Content-Type XSS)
- Executable File Uploading Attack
- XMLRPC's eval() and SQL Injection Attacks

Xoops Protector defends you XOOPS from these attacks, and it records into its log.

Of course, all vulnerablities can't be prevented.
Be not overconfident, please.

However, I strongly recommend installing this module to all XOOPS sites with any versions.



= RELATION to AntiDoS-P =

The antecedent of Xoops Protector was AntiDoS-P.

Since all functions of AntiDoS-P has been succeeded in Xoops Protector, you'd better to uninstall AntiDoS-P.



= USAGE =

Please install it as well as a usual module.

After Xoops Protector is installed, edit your mainfile.php like this:

	include( XOOPS_ROOT_PATH . '/modules/protector/include/precheck.inc.php' ) ;
	if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '' ) {
		include XOOPS_ROOT_PATH."/include/common.php";
	}
	include( XOOPS_ROOT_PATH . '/modules/protector/include/postcheck.inc.php' ) ;

Just add two red-colored lines.
If the blue-colored part is different from your mainfile.php, don't mind it.

Both pre-check and post-check are needed.

When you turn this on, you have to check if your IP is included in
"Enter IP addresses that should be banned from the site".

If unfortunately you as an administrator are banned by some unexpected erros, you can directly access

http://(your xoops)/modules/protector/admin/rescue.php

but be sure to set the password in preferences of XoopsProtector in advance.


An option "DENY by .htaccess" is added on version 2.34.
If you try this option, set writable XOOPS_ROOT_PATH/.htaccess
Before installing this, you should compare it to the security risks which .htaccess is writable.


= UPGRADE =

- overwrite them
- "upgrade" Protector in module's admin

If you can't go to admin's area, edit mainfile.php to temporarily remove the precheck/postcheck. (After "update", add the precheck/postcheck again)



= THANKS =
- Kikuchi (Traditional Chinese language files)
- Marcelo Yuji Himoro (Brazilian Portuguese and Spanish language files)
- HMN (French language files)
- Defkon1 (Italian language files)
- Dirk Louwers (Dutch language files)
- Rene (German language files)
- kokko (Finnish language files)
- Tomasz (Polski language files)
- Sergey (Russian language files)
- Bezoops (Spanish language files)

Moreover, I thank to JM2 and minahito -zx team- about having taught me kindly.
You are very great programmers!



p.s.

If you've created or modified language files for this module, contact to me.
I will register it in Protector archive.


= CHANGES =

2.57 (2006/07/17)
- fixed treating blob on backing up in prefix_manager (thx fbs777)
- fixed some notices
- updated gticket into version2

2.56 (2006/03/30)
- modified error handling when config can't be received
- modified DOS/CRAWLER skipping for nocommon=1 module (thx sleo577)
- updated german (thx rene) 2.56a

2.55 (2006/02/11)
- fixed anti-multiple-content-type allows .tar.gz (thx gusagi)
- updated mymenu for compatibility with XC2.1
- updated Spanish language files (thx bezoops)

2.54 (2005/12/08)
- added backup feature into prefix_manager (experimental)
- added a check multiple dot file uploading (=multiple content-type for apache)
- updated portuguesebr language files (thx Izzy)
- modified anti camouflaged image file uploading system with some open_basedir restrictions (thx stefan88) - 2.54a
- modified some initial settings and documents - 2.54a

2.53 (2005/11/30)
- added anti camouflaged image file upload (==IE Content-Type XSS)
- modified the action when DB is busy
- fixed some bugs cause Notices
- modified imcompatibities with XOOPS 2.2.3
- moved document files under docs/ (for hiding protector's version)
- updated mymenu into 0.15a
- modified the action against PHP_SELF/PATH_INFO XSS
- modified the module icon (thx Argon)
- updated and renamed Polish language files from polski (thx Tomasz)
- updated French language files (thx marco)
- updated Italian language files (thx Defkon1)
- fixed packaging errors in zip files (thx Dave_L) 2.53a

2.52 (2005/8/27)
- changed the feature of disabling xmlrpc.php in any path (wordpress etc.)
- modified the logging rule about xmlrpc.php
- added Russian language files (thx Sergey)

2.51 (2005/8/24)
- added an option of IP mask bits against session hi-jacking
- added an advisory about session.use_trans_sid
- modified codes against PHP_SELF XSS
- updated French language files (thx HEMON)

2.50 release (2005/8/22)
- added a protection against PHP_SELF XSS
- updated Brazilian Portuguese & Spanish language files (thx Yuji)

2.50 beta2 (2005/7/31)
- changed "2.0.9.2 holes" into "disable features"
- added "num" select box
- updated Traditional Chinese language files (thx Kikuchi)
- updated Brazilian Portuguese & Spanish language files (thx Yuji)

2.50 beta1 (2005/7/22)
- added an option "DOS/CRAWLER skip modules"
- modified adding some indexes of tables which protector accesses
- added an option "reliable IPs"
- added a feature of anti-BruteForceAttacks

2.40 release (2005/7/21)
- added a protection from 'criteria attack' for xoops <= 2.0.10*
- modified Italian language files (thx Defkon1)
- added Finnish language files (thx kokko)
- added Polish language files (thx Tomasz)

2.40RC2 (2005/4/4)
- modified the updating routine to delete old protector block (thx Dava_L)
- updated Brazilian Portuguese & Spanish language files (thx Yuji)

2.40RC (2005/3/31)
- modified URI of attacking simulation in advisory (thx satanas)
- modified checking *check.inc.php included in advisory (thx peter & Dave_L)
- modified password for disabling bad_ips to be encrypted
- eliminate protector block
- modified only GET vars will be checked with "doubtful file spec"

2.38 (2005/3/18)
- modified system of rollbacking .htaccess in DoS or CRAWLER
- updated Italian language files (thx Defkon1)

2.37 (2005/3/9)
- fixed missing dbname quoting in prefix manager (thx king76)
- modified log level of Null-byte to 64

2.36 (2005/3/9)
- modified the pattern of bad_ext

2.35 (2005/3/5)
- updated myblocksadmin 0.27 & mymenu 0.12
- added a logging level
- added an option for disabling whole of Protector for debugging (thx Dave_L)
- updated Traditional Chinese language files (thx Kikuchi)
- updated French language files (thx HEMON) 2.35a
- updated Brazilian Portuguese & Spanish language files (thx Yuji) 2.35a

2.34 (2005/2/18)
- fixed a typo in protecting session hijacking (thx blues)
- modified messages on forced exiting against specifical features (thx suin)
- added an option of 'Deny by .htaccess' against DoS experimentaly

2.33 (2005/2/11)
- modified the action when '../../' found (thx mayor)
- modified IP check disabled with XoopsGTicket

2.32 (2005/2/1)
- modified enabling "MySQL/Blocks debug" with strict checking (thx jseymour)

2.31 (2005/1/30)
- fixed recognization of root controllers (thx nobunobu)
- modified compatibility with IIS (thx okuhiki)
- updated French language files (thx HMN) (2.31a)
- added German language files (thx Rene) (2.31b)

2.30 release (2005/1/30)
- modified some default values of configs.
- updated Italian language files (thx Defkon1)
- updated Brazilian Portuguese & Spanish language files (thx Yuji)
- added Dutch language files (thx Dirk Louwers)

2.30RC5 (2005/1/22)
- fixed some non-harmful typos
- updated Italian language files (thx Defkon1)

2.30RC4 (2005/1/21)
- fixed postcheck.inc.php with $xoopsConfig['nocommon'] (thx dendeke)

2.30RC3 (2005/1/21)
- modified anti null-byte from die to sanitize
- modified prefix manager a little
- added French language files (thx HMN)
- added Italian language files (thx Defkon1)

2.30RC2 (2005/1/20)
- fixed prefix manager

2.30RC (2005/1/19)
- added prefix manager
- added 2.0.9.2 specific patches (Special thx to zx team!)
- added checker against null-byte attack
- modified doubtful file specifications (thx minahito)
- added anti session hi-jacking
- added include/postcheck.inc.php (Notice: mainfile.php should be rewritten)
- modified options about contami & SQL Injections

2.22 (2005/1/4) (not so important fixes)
- fixed a typo in check_dos_attack_* (thx Mithrandir)
- modified with REQUEST_URI for IIS
- updated myblocksadmin 0.22 & mymenu 0.07

2.21 (2004/12/31)
- fixed a missing pattern with contami checking (thx onokazu)

2.20 (2004/12/27)
- fixed a missing pattern with contami checking (thx JM2)
- fixed typo missing global for HTTP_*_VARS
- added logging doubtful file spec
- updated Brazilian Portuguese & Spanish language files (thx Marcelo Yuji Himoro)
- updated traditional Chinese language files (thx Kikuchi)

2.20RC3 (2004/12/18)
- added "Patch doubtful file specifications" (thx JM2)
- added Spanish language files (thx Marcelo Yuji Himoro)

2.20RC2 (2004/12/16)
- updated myblocksadmin (0.12) & mymenu (0.06)
- modified Brazilian Portuguese language files (thx Marcelo Yuji Himoro)

2.20RC (2004/12/15)
- modified to use $_GET or $_POST instead of $HTTP_*_VARS (for PHP5)
- added a feature to rescue
- added to store user_agent
- modified Anti-DoS routine radically
- added each settings of "F5 attacks" and "high load crawlers"
- fixed not to "Force intval" against array
- modified a pattern finding UNION

2.11 (2004/9/30)
- fixed some typos

2.10a (2004/9/27)
- modified Brazilian Portuguese language files (thx Marcelo Yuji Himoro)

2.10 (2004/9/22)
- added checker to uploaded files
- added security advisory
- modified as selectable whether sanitizing or not against SQL Injections
- fixed short tags (thx t_miyabi)
- added traditional Chinese language files (thx Kikuchi)

2.01 (2004/9/11)
- added some checks of contamination to some super globals
- modified Brazilian Portuguese language files (thx Marcelo Yuji Himoro)

2.0 (2004/9/10)
- The 1st release as Xoops Protector.
Downloaded 36638 times  36638  File Size 87.58 KB  Supported Platforms tar.gz|zip|php5  Home Page http://www.peak.ne.jp/
Modify | Report Broken File | Tell a Friend | Comments (3)


Comments list

Re: Xoops Protector 2.57
GIJOE  Posted on 2006/9/5 6:53
refer it
http://www.peak.ne.jp/xoops/md/xhnewbb/viewtopic.php?topic_id=1680
Re: Xoops Protector 2.57
device  Posted on 2006/9/4 18:05
Hello GIJOE and Everyone!

Ive been introduce to Xoops a few month ago and I found out that Xoops really rock! Or in other word Im kinda in a rookie class about all this. So please be patient with me.. hehe. Anyways, wherever I may wonder around the net..(learning more about Xoops) I always ended up to Xoop Protector, whenever security issues kicks in and highly recomended too..Congrats!

So the story began when Ive downloaded Protector 2.57 and tried to install it into my test website running Apache 2,PHP5, MYSQL5..etc, and Xoops 2.2.13. And also on Xoops 2.0.15. ( Im learning ..ok ) Well everything runs fine, on both of them, until Ive modified the mainfile.php file according to your guideline. And afterthat..my website retuns empty page. Ive tried to do the same on a hosting service Ive subcribed. Well they runs PHP 4 and MySQL 4 also..but then the same thing happens. So, the question is "what am I missing here?"

So MR GIJOE and friends..can you guide me throughly about Protector installation? A "Dummie" kinda guideline would really help..Not for me but also ther rookies that shared the same fate as I did. And of course we would really appreciate that..
Re: mainfile.php にパッチを当てる?
GIJOE  Posted on 2006/7/22 5:26
mainfile.dist.php は、mainfile.php を作るための雛形ですので、そこにパッチを当てても意味がありません。
あくまで、mainfile.php です。

もし似たような部分が本当に存在しないのだとしたら、mainfile.php 待避Hackみたいなのがかかっているかもしれませんね。
mainfile.php にパッチを当てる?
osaemon  Posted on 2006/7/21 22:24 | Last modified
現在、xoopsを構築中で、評判を聞き、Protector2.57をダウンロード、インストールさせていただきました。
うまくいったかに思えたのですが、セキュリティガイドを見たところ、

  「'mainfile.php' : missing precheck 非推奨
READMEに記述された通りに、mainfile.php にパッチを当てて下さい」

と表示されていました。
確かに、mainfile.phpにはパッチは当てていません。
というのが、ダウンロードの記事中に具体例として

    define('XOOPS_GROUP_ADMIN', '1');
define('XOOPS_GROUP_USERS', '2');
define('XOOPS_GROUP_ANONYMOUS', '3');

include( XOOPS_ROOT_PATH . '/modules/protector/include/precheck.inc.php' ) ;
if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '' ) {
include XOOPS_ROOT_PATH."/include/common.php";
}
include( XOOPS_ROOT_PATH . '/modules/protector/include/postcheck.inc.php' ) ;

となっていたため、当該mainfile.phpを見てみたのですが、該当するような部分がなかったので、他のファイルを探したところ、mainfile.dist.phpに

    define("XOOPS_GROUP_ADMIN", "1");
define("XOOPS_GROUP_USERS", "2");
define("XOOPS_GROUP_ANONYMOUS", "3");

include( XOOPS_ROOT_PATH . '/modules/protector/include/precheck.inc.php' ) ;
if (!isset($xoopsOption['nocommon']) && XOOPS_ROOT_PATH != '') {
include XOOPS_ROOT_PATH."/include/common.php";
}
include( XOOPS_ROOT_PATH . '/modules/protector/include/postcheck.inc.php' ) ;
}

という部分を見つけたので、こちらが当該ファイルだと思い、こちらにパッチを当てました。

しかし、以上のような始末です。
いったいどこが間違っていたのでしょうか。
素人なのでご教示いただければと思い、こちらに書き込みました。

当方の環境は次のとおりです。
サーバー xrea
xoops  2.0.15

よろしくお願いします。
Re: Xoops Protector 2.54a
tl  Posted on 2005/12/24 8:56 | Last modified
Firefox 1.0.7 has the prefetch as default and I have been able to deny any firefox 1.0.7 access by adding the following lines into .htaccess
RewriteCond %{HTTP:x-moz} ^prefetch [OR]
RewriteCond %{X-moz} ^prefetch

I have also added the following lines into header.php

//stop prefetching
if ((isset($_SERVER['HTTP_X_MOZ'])) && ($_SERVER['HTTP_X_MOZ'] == 'prefetch')) {
    header('HTTP/1.0 403 Forbidden');
    echo '403: Forbidden<br><br>Prefetching not allowed.';
    exit;
}

It seems not working. Firefox 1.5 with prefetch on will continue the crawling through all the links except it is getting 403 denied (I am not sure if it is because of the codes or the the lines in .htaccess - I have not done the test).

If protector could detect "prefetch", then it would be great if it could stop the crawling right away so no valuable resource get wasted by prefetch.

I am seriously thinking of banning firefox all together (including those with prefetch off) because of this extremly abusive feature.
Re: Xoops Protector 2.54a
GIJOE  Posted on 2005/12/24 6:54
hi tl.

Quote:
Any plan adding an option against prefetch. Currently, DOS would be triggered if preftech were enabled. But the problem is that prefetch would continue to go through all the links regardless. It would be great if prefetch were detected, Protector would immediately stop rendering to the browser and maybe a warning message to the user (immediately replacing what the page they are seeing).
Is this possible?

It is possible if the client sends "This access is prefetch".

Do you mean google or the other reliable application service ?
If so, they tell us "This access is prefetch" by sending HTTP_USER_AGENT or the other HTTP request header.

I'm sorry that I'm not familier with such informations.
Re: Xoops Protector 2.54a
tl  Posted on 2005/12/22 8:07
GIJOE:
Any plan adding an option against prefetch. Currently, DOS would be triggered if preftech were enabled. But the problem is that prefetch would continue to go through all the links regardless. It would be great if prefetch were detected, Protector would immediately stop rendering to the browser and maybe a warning message to the user (immediately replacing what the page they are seeing).
Is this possible?
tl
View more comments...
Login
Username or e-mail:

Password:

Remember Me

Lost Password?

Register now!