We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

How to protect your oxwall site from hackers | Forum

Ahmed Khlifi
Ahmed Khlifi Jul 2 '11
Its easy and usefull, just go to your cPanel ---> File manager
then go to ur web root
choose the folder where u put ur site then right click with the mouse on it after it choose change permission!!
untick all the boxes then change the permision from 755 to 111
now all your site files will be invisible and safe :D
wish its works as i wanted it ^_^
ma3ih Club
ma3ih Jul 2 '11
then no1 can upload pic /change avatar/ and some change in plugins not work too

Perfect work :|
Ahmed Khlifi
Ahmed Khlifi Jul 2 '11
lol really ?
sorry but i didnt know 3:)
Ajith Joseph
Ajith Joseph Aug 17 '12
http://www.openlax.com/groups/5 we are started a new organisation for protect oxwall please join with us  
DesignOX Sep 12 '12
My entire site is gone!

You don't have permission to access /index on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

MarkieMark67 Sep 13 '12

Here are a couple quick mods to help keep out proxies 

Add this to .htaccess

rewriteCond %{HTTP:VIA}                 !^$ [OR]

RewriteCond %{HTTP:FORWARDED}           !^$ [OR]

RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]

RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]

RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]

RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]

RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]

RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$

RewriteRule ^(.*)$ - [F]

Two more mods to help keep out Other types of proxies. Place them in your index.php file on top, and anyplace u might want added security from proxies connections.

if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){        die("Don't use proxies, please.");}
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))die("Proxy access not allowed");

Hope this helps 

 Here is an easy mod that can be added to any website.

spamIP is a PHP script that blocks out spambots from any type of website that supports PHP. It uses the data collected by Stopforumspam.com and the GeoIP data from MaxMind.com. 


Pete Sep 14 '12

Quote from Paul Cuffe I am going to make a plugin that will use the spamIP DB and checks IP every page on a oxwall site :)

Nice one Paul,just what is needed .
MarkieMark67 Sep 14 '12
Paul Spamip is so easy to install anyone can do it. It really helps. But a plugin would be very nice also. Just remember with Spamip you have to set up cron to run once a day, and Early AM is the best time :) 

I have more problems with Proxy connections for some reason, and the other small three mods together pretty much stop them from connection.  

The Forum post is edited by MarkieMark67 Sep 14 '12
MarkieMark67 Sep 14 '12
Good Job Paul. I have used SpamIp for 6 months on another site and it works great.
MarkieMark67 Sep 14 '12
Sounds good. Remember the other mods I post also help a lot. With the HTaccess, and the little php I posted. I went from 50-100 spammers Down to 10 a day. So all together they are good to have.
MarkieMark67 Sep 14 '12
Just a friendly reminder The database that the IP's are pulled from. We can only pull once a day. 
MarkieMark67 Sep 14 '12
That's cool with me. Took some research to come up with them. But they work good for me.... Hope it helps everyone ...  
MarkieMark67 Sep 15 '12
The only spammers I get now are random IP's spammers with nothing to do. Knock on wood :)  
MarkieMark67 Sep 15 '12
So far Anti Spammer is working great. One suggestion. 

On the search. If an IP isn't found could we have an option 

too add the ip? Something simple like IP not found would you like to add.

MarkieMark67 Sep 15 '12
Cool Beans. That's all I see so far.
Oxwall Accessories
Oxwall Accessories Sep 16 '12
That would be a good idea Paul
Oxwall Accessories
Oxwall Accessories Sep 16 '12
Where is this plugin located? lol

MarkieMark67 Sep 16 '12
Quote from Paul Cuffe MarkieMark67  I have updated the software with your idea! :) if you search and cant find the IP, it gives you a click button to add it right away

Great Job Paul. Can't wait to see it...
The Forum post is edited by MarkieMark67 Sep 16 '12
MarkieMark67 Sep 17 '12
Good Job Paul :)
Michael Sep 29 '12
My 2 cents....The problem with getting ip addresses from spam databases is some of them are actually harmless ips that may have been used by a user at some point for something untoward. In my example I installed a plugin which checks with a DB called SpamForum, after enabling the plugin it banned me when using my mobile phone and accessing via a 3g network.

A lot of our users on our site come from mobile devices and normally connect via 3g when they are out and about. Any public IP will probably be on a spam DB as public ips are best to use when doing something untoward. The downisde is genuine users who pass through and connect via the same IP will be blocked. From my experience most of the public ips are blocked and as our site is a niche site we get more connections from mobiles than any other device.

The best thing for us is to log down the ips of the users as they sign up, if they spam then there IP gets banned and if the ISP looks dodgy then we ban the ip range. We also got spammed a lot by china and ended up blocking most of china, since then we have been fine.

I personally wouldn't use plugins with predefined banned IP's or plugins that check via a DB unless we created that DB ourselves.

Pages: 1 2 »