mod_access_rbl (2)
from PEAK XOOPS Support&Experiment
(2007/2/12 4:56)
|
The success ratio of mod_access_rbl was up to 50-60%, in this three days statistics.It does not look enough.Thus, all XOOPS site should be installed Protector with its URI counting filter, I guess.That's because RBL servers is made not for comment/trackback SPAMs but for mailing SPAMs.Only sbl-xbl.spamhaus.org works great for comment/trackback SPAMs.With this result, I've just added it as default servers into Protector's RBL plugin.
|
mod_access_rbl
from PEAK XOOPS Support&Experiment
(2007/2/9 9:33)
|
There are too many comment/trackback spams recently.The amount of comment/trackback spams should be called as DDoS.Thus I've just installed mod_access_rbl as an apache module in this site.As I cannot access here (I don't know why),http://www.blars.org/mod_access_rbl.htmlI have to re-import the patch from Apache2 to Apache1.3If you can get the original patch from blarson@blars.org, use it instead of mine :-D
|
Protector V3
from PEAK XOOPS Support&Experiment
(2007/1/31 4:28)
|
Protector V3 has just been released.You'll find this is a changed version drastically.- The logic goes to XOOPS_TRUST_PATHDon't forget remove"2 lines"for hooking into protector in mainfile.php before updating the module.After Protector V3 has been installed/updated, you have to insert"2 lines"containing XOOPS_TRUST_PATH instead of XOOPS_ROOT_PATH into mainfile.php.- Denying IPsProtector V3 uses a file for denying IP instead of DB.If you banned yourself, just remove the file under XOOPS_TRUST_PATH/modules/protector/configs/- Limiting IPs for group=1If webmaters of your site access from small range of IPs, set this.It saves you from password cracking, session hijacking etc.If you cannot log your site in, just remove the file under XOOPS_TRUST_PATH/modules/protector/configs/- anti-XSS (BigUmbrella)http://xoops.peak.ne.jp/md/news/index.php?page=article&storyid=126- anti-SPAM with many URIsBasic logic:http://xoops.hypweb.net/wiki/5589.html- compatibility checks with XOOPS Cube 2.1 LegacyOf ...
|
starting to check compatilitiies with XOOPS Cube 2.1 RC
from PEAK XOOPS Support&Experiment
(2007/1/27 6:43)
|
XOOPS Cube 2.1 Legacy RC has already released on 22nd Jan 2007.I've just tested it whether my modules work fine or not.The result... ALL GREEN!Though Cube 2.1 Legacy has full-scratched core far from X2, it maintains high module compatibity!I'm surprised with the great work.Bravo! minahito, nobunobu, and Tom_G3X.I've just made an icon of"XC2.1 Ready!".I'll add it into mydownload's records of the modules have been checked the compatibility.
|
Overriding icon of D3 module
from PEAK XOOPS Support&Experiment
(2007/1/26 4:14)
|
In D3 modules (pico, wraps etc.), the module icons are drawn with its dirname automatically.But they are not so clear to distinguish, if you've installed them a lot.You can override each module icons safely.Just make a icon named module_icon.png and copy it into public side of XOOPS_ROOT_PATH/modules/dirname/ .The file will never be overwritten by updating D3 module.
|
SPAW 1.x vulnerability?
from PEAK XOOPS Support&Experiment
(2007/1/25 6:25)
|
http://blog.solmetra.com/2007/01/19/php-vulnerability-possibly-affecting-spaw-1x-installations/It looks curious...Old PHP enables variables after unset() if it runs with register_globals=on ...?If you are applicatable such conditions and you use common/spaw (TinyD etc.), you'd better update common/spaw.- Download the latest TinyD- Overwrite common/spaw/dialogs/img_library.phpAnyway, you MUST turn register_globals off, and you should turn allow_url_fopen off.Moreover, I recommend you to use common/fckeditor instead of common/spaw.
|
pico (D3) beta release
from PEAK XOOPS Support&Experiment
(2007/1/19 16:42)
|
http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=92&cid=1The standard of"D3 module"- pico 0.90 has been released as BETA version.This just means that almost features are implemented.I'm waiting your tests and reports. :-D
|
FCKEditor
from PEAK XOOPS Support&Experiment
(2006/12/14 12:49)
|
I've just tried a wysiwyg editor FCKeditor for pico.http://www.fckeditor.net/It looks the best HTML&JavaScript and not so good PHP.In 2.3.2, I can find a fatal vulnerability in php uploader at a glance.(.php files can be uploaded)Thus I've remade php uploader and connector almost full scratch for XOOPS.You can try this.http://xoops.peak.ne.jp/md/mydownloads/singlefile.php?lid=93pico 0.2 has a feature of editing contents via this FCKeditor on XOOPS.p.s. I don't test xoops.org's FCKeditor under /class/xoopseditor/ because class directory should be DENY for httpd.And I guess the same vulnerability of original exists in the xoops.org version.:-)
|
pico (D3) alpha release
from PEAK XOOPS Support&Experiment
(2006/12/2 6:09)
|
pico is the successor of TinyD.Of course, pico is quite irrelevalent from TinyD or TinyContent in source code level.The difference between TinyD and pico+ D3+ category with permissions+ flexible filters (Smarty etc.)+ native d3forum comment-integration- WYSIWYG Editor (will be implemented)- page wrap (will be implemented?)- X2 system comment (never implemented :-P)
|
d3forum comment-integration applied
from PEAK XOOPS Support&Experiment
(2006/12/1 17:43)
|
As you can see, d3forum comment-integration has already been applied on this site.The usage for the comment-integration is written in README of d3forum.You may feel the procedure looks too difficult.It is not necessary to do such procedure with Native D3 module.The first native D3 module [b]-pico-[/b] will be released tomorrow.
|