Its easy and usefull, just go to your cPanel ---> File manager
then go to ur web root
choose the folder where u put ur site then right click with the mouse on it after it choose change permission!!
untick all the boxes then change the permision from 755 to 111
now all your site files will be invisible and safe :D
wish its works as i wanted it ^_^
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
How to protect your oxwall site from hackers | Forum
Club ma3ih
Jul 2 '11
yes
then no1 can upload pic /change avatar/ and some change in plugins not work too
Perfect work :|
then no1 can upload pic /change avatar/ and some change in plugins not work too
Perfect work :|
Ajith Joseph
Aug 17 '12
http://www.openlax.com/groups/5 we are started a new organisation for protect oxwall please join with us
DesignOX
Sep 12 '12
My entire site is gone!
Forbidden
Forbidden
You don't have permission to access /index on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
MarkieMark67
Sep 13 '12
Here are a couple quick mods to help keep out proxies
Add this to .htaccess
rewriteCond %{HTTP:VIA} !^$ [OR]
RewriteCond %{HTTP:FORWARDED} !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
RewriteRule ^(.*)$ - [F]
Two more mods to help keep out Other types of proxies. Place them in your index.php file on top, and anyplace u might want added security from proxies connections.
if(isset($_SERVER['HTTP_X_FORWARDED_FOR']) || ($_SERVER['HTTP_USER_AGENT']=='') || ($_SERVER['HTTP_VIA']!='')){ die("Don't use proxies, please.");}
if(@fsockopen($_SERVER['REMOTE_ADDR'], 80, $errstr, $errno, 1))die("Proxy access not allowed");
Hope this helps
spamIP is a PHP script that blocks out spambots from any type of website that supports PHP. It uses the data collected by Stopforumspam.com and the GeoIP data from MaxMind.com.
Pete
Sep 14 '12
I am going to make a plugin that will use the spamIP DB and checks IP every page on a oxwall site :)
Nice one Paul,just what is needed .
MarkieMark67
Sep 14 '12
Paul Spamip is so easy to install anyone can do it. It really helps. But a plugin would be very nice also. Just remember with Spamip you have to set up cron to run once a day, and Early AM is the best time :)
I have more problems with Proxy connections for some reason, and the other small three mods together pretty much stop them from connection.
The Forum post is edited by MarkieMark67 Sep 14 '12
MarkieMark67
Sep 14 '12
Good Job Paul. I have used SpamIp for 6 months on another site and it works great.
MarkieMark67
Sep 14 '12
Sounds good. Remember the other mods I post also help a lot. With the HTaccess, and the little php I posted. I went from 50-100 spammers Down to 10 a day. So all together they are good to have.
MarkieMark67
Sep 14 '12
Just a friendly reminder The database that the IP's are pulled from. We can only pull once a day.
MarkieMark67
Sep 14 '12
That's cool with me. Took some research to come up with them. But they work good for me.... Hope it helps everyone ...
MarkieMark67
Sep 15 '12
The only spammers I get now are random IP's spammers with nothing to do. Knock on wood :)
MarkieMark67
Sep 15 '12
So far Anti Spammer is working great. One suggestion.
On the search. If an IP isn't found could we have an option
too add the ip? Something simple like IP not found would you like to add.
MarkieMark67
Sep 16 '12
MarkieMark67 I have updated the software with your idea! :) if you search and cant find the IP, it gives you a click button to add it right away
Great Job Paul. Can't wait to see it...
The Forum post is edited by MarkieMark67 Sep 16 '12
Michael
Sep 29 '12
My 2 cents....The problem with getting ip addresses from spam databases is some of them are actually harmless ips that may have been used by a user at some point for something untoward. In my example I installed a plugin which checks with a DB called SpamForum, after enabling the plugin it banned me when using my mobile phone and accessing via a 3g network.
A lot of our users on our site come from mobile devices and normally connect via 3g when they are out and about. Any public IP will probably be on a spam DB as public ips are best to use when doing something untoward. The downisde is genuine users who pass through and connect via the same IP will be blocked. From my experience most of the public ips are blocked and as our site is a niche site we get more connections from mobiles than any other device.
The best thing for us is to log down the ips of the users as they sign up, if they spam then there IP gets banned and if the ISP looks dodgy then we ban the ip range. We also got spammed a lot by china and ended up blocking most of china, since then we have been fine.
I personally wouldn't use plugins with predefined banned IP's or plugins that check via a DB unless we created that DB ourselves.
A lot of our users on our site come from mobile devices and normally connect via 3g when they are out and about. Any public IP will probably be on a spam DB as public ips are best to use when doing something untoward. The downisde is genuine users who pass through and connect via the same IP will be blocked. From my experience most of the public ips are blocked and as our site is a niche site we get more connections from mobiles than any other device.
The best thing for us is to log down the ips of the users as they sign up, if they spam then there IP gets banned and if the ISP looks dodgy then we ban the ip range. We also got spammed a lot by china and ended up blocking most of china, since then we have been fine.
I personally wouldn't use plugins with predefined banned IP's or plugins that check via a DB unless we created that DB ourselves.
