XOOPS 2.5.6  Final
 All Classes Namespaces Files Functions Variables Pages
modinfo.php
Go to the documentation of this file.
1 <?php
2 
3 if( defined( 'FOR_XOOPS_LANG_CHECKER' ) ) $mydirname = 'protector' ;
4 $constpref = '_MI_' . strtoupper( $mydirname);
5 
6 if( defined( 'FOR_XOOPS_LANG_CHECKER' ) || ! defined( $constpref.'_LOADED' ) ) {
7 
8 define( $constpref.'_LOADED' , 1);
9 
10 // The name of this module
11 define($constpref."_NAME","Protector");
12 
13 // A brief description of this module
14 define($constpref."_DESC","This module protects your XOOPS site from various attacks like DoS, SQL Injection, and Variables contamination.");
15 
16 // Menu
17 define($constpref."_ADMININDEX","Protector Center");
18 define($constpref."_ADVISORY","Security Advisory");
19 define($constpref."_PREFIXMANAGER","Prefix Manager");
20 define($constpref.'_ADMENU_MYBLOCKSADMIN','Permissions');
21 
22 // Configs
23 define($constpref.'_GLOBAL_DISBL','Temporary disabled');
24 define($constpref.'_GLOBAL_DISBLDSC','All protections are disabled in temporary.<br />Don\'t forget turn this off after shooting the trouble');
25 
26 define($constpref.'_DEFAULT_LANG','Default language');
27 define($constpref.'_DEFAULT_LANGDSC','Specify the language set to display messages before processing common.php');
28 
29 define($constpref.'_RELIABLE_IPS','Reliable IPs');
30 define($constpref.'_RELIABLE_IPSDSC','set IPs you can rely separated with | . ^ matches the head of string, $ matches the tail of string.');
31 
32 define($constpref.'_LOG_LEVEL','Logging level');
33 define($constpref.'_LOG_LEVELDSC','');
34 
35 define($constpref.'_BANIP_TIME0','Banned IP suspension time (sec)');
36 
37 define($constpref.'_LOGLEVEL0','none');
38 define($constpref.'_LOGLEVEL15','Quiet');
39 define($constpref.'_LOGLEVEL63','quiet');
40 define($constpref.'_LOGLEVEL255','full');
41 
42 define($constpref.'_HIJACK_TOPBIT','Protected IP bits for the session');
43 define($constpref.'_HIJACK_TOPBITDSC','Anti Session Hi-Jacking:<br />Default 32(bit). (All bits are protected)<br />When your IP is not stable, set the IP range by number of the bits.<br />(eg) If your IP can move in the range of 192.168.0.0-192.168.0.255, set 24(bit) here');
44 define($constpref.'_HIJACK_DENYGP','Groups disallowed IP moving in a session');
45 define($constpref.'_HIJACK_DENYGPDSC','Anti Session Hi-Jacking:<br />Select groups which is disallowed to move their IP in a session.<br />(I recommend to turn Administrator on.)');
46 define($constpref.'_SAN_NULLBYTE','Sanitizing null-bytes');
47 define($constpref.'_SAN_NULLBYTEDSC','The terminating character "\\0" is often used in malicious attacks.<br />a null-byte will be changed to a space.<br />(highly recommended as On)');
48 define($constpref.'_DIE_NULLBYTE','Exit if null bytes are found');
49 define($constpref.'_DIE_NULLBYTEDSC','The terminating character "\\0" is often used in malicious attacks.<br />(highly recommended as On)');
50 define($constpref.'_DIE_BADEXT','Exit if bad files are uploaded');
51 define($constpref.'_DIE_BADEXTDSC','If someone tries to upload files which have bad extensions like .php , this module exits your XOOPS.<br />If you often attach php files into B-Wiki or PukiWikiMod, turn this off.');
52 define($constpref.'_CONTAMI_ACTION','Action if a contamination is found');
53 define($constpref.'_CONTAMI_ACTIONDS','Select the action when someone tries to contaminate system global variables into your XOOPS.<br />(recommended option is blank screen)');
54 define($constpref.'_ISOCOM_ACTION','Action if an isolated comment-in is found');
55 define($constpref.'_ISOCOM_ACTIONDSC','Anti SQL Injection:<br />Select the action when an isolated "/*" is found.<br />"Sanitizing" means adding another "*/" in tail.<br />(recommended option is Sanitizing)');
56 define($constpref.'_UNION_ACTION','Action if a UNION is found');
57 define($constpref.'_UNION_ACTIONDSC','Anti SQL Injection:<br />Select the action when some syntax like UNION of SQL.<br />"Sanitizing" means changing "union" to "uni-on".<br />(recommended option is Sanitizing)');
58 define($constpref.'_ID_INTVAL','Force intval to variables like id');
59 define($constpref.'_ID_INTVALDSC','All requests named "*id" will be treated as integer.<br />This option protects you from some kind of XSS and SQL Injections.<br />Though I recommend to turn this option on, it can cause problems with some modules.');
60 define($constpref.'_FILE_DOTDOT','Protection from Directory Traversals');
61 define($constpref.'_FILE_DOTDOTDSC','It eliminates ".." from all requests looks like Directory Traversals');
62 
63 define($constpref.'_BF_COUNT','Anti Brute Force');
64 define($constpref.'_BF_COUNTDSC','Set count you allow guest try to login within 10 minutes. If someone fails to login more than this number, her/his IP will be banned.');
65 
66 define($constpref.'_BWLIMIT_COUNT','Bandwidth limitation');
67 define($constpref.'_BWLIMIT_COUNTDSC','Specify the max access to mainfile.php during watching time. This value should be 0 for normal environments which have enough CPU bandwidth. The number fewer than 10 will be ignored.');
68 
69 define($constpref.'_DOS_SKIPMODS','Modules out of DoS/Crawler checker');
70 define($constpref.'_DOS_SKIPMODSDSC','set the dirnames of the modules separated with |. This option will be useful with chatting module etc.');
71 
72 define($constpref.'_DOS_EXPIRE','Watch time for high loadings (sec)');
73 define($constpref.'_DOS_EXPIREDSC','This value specifies the watch time for high-frequent reloading (F5 attack) and high loading crawlers.');
74 
75 define($constpref.'_DOS_F5COUNT','Bad counts for F5 Attack');
76 define($constpref.'_DOS_F5COUNTDSC','Preventing from DoS attacks.<br />This value specifies the reloading counts to be considered as a malicious attack.');
77 define($constpref.'_DOS_F5ACTION','Action against F5 Attack');
78 
79 define($constpref.'_DOS_CRCOUNT','Bad counts for Crawlers');
80 define($constpref.'_DOS_CRCOUNTDSC','Preventing from high loading crawlers.<br />This value specifies the access counts to be considered as a bad-manner crawler.');
81 define($constpref.'_DOS_CRACTION','Action against high loading Crawlers');
82 
83 define($constpref.'_DOS_CRSAFE','Welcomed User-Agent');
84 define($constpref.'_DOS_CRSAFEDSC','A perl regex pattern for User-Agent.<br />If it matches, the crawler is never considered as a high loading crawler.<br />eg) /(bingbot|Googlebot|Yahoo! Slurp)/i');
85 
86 define($constpref.'_OPT_NONE','None (only logging)');
87 define($constpref.'_OPT_SAN','Sanitizing');
88 define($constpref.'_OPT_EXIT','Blank Screen');
89 define($constpref.'_OPT_BIP','Ban the IP (No limit)');
90 define($constpref.'_OPT_BIPTIME0','Ban the IP (moratorium)');
91 
92 define($constpref.'_DOSOPT_NONE','None (only logging)');
93 define($constpref.'_DOSOPT_SLEEP','Sleep');
94 define($constpref.'_DOSOPT_EXIT','Blank Screen');
95 define($constpref.'_DOSOPT_BIP','Ban the IP (No limit)');
96 define($constpref.'_DOSOPT_BIPTIME0','Ban the IP (moratorium)');
97 define($constpref.'_DOSOPT_HTA','DENY by .htaccess(Experimental)');
98 
99 define($constpref.'_BIP_EXCEPT','Groups never registered as Bad IP');
100 define($constpref.'_BIP_EXCEPTDSC','A user who belongs to the group specified here will never be banned.<br />(I recommend to turn Administrator on.)');
101 
102 define($constpref.'_DISABLES','Disable dangerous features in XOOPS');
103 
104 define($constpref.'_DBLAYERTRAP','Enable DB Layer trapping anti-SQL-Injection');
105 define($constpref.'_DBLAYERTRAPDSC','Almost SQL Injection attacks will be canceled by this feature. This feature is required a support from databasefactory. You can check it on Security Advisory page. This setting must be on. Never turn it off casually.');
106 define($constpref.'_DBTRAPWOSRV','Never checking _SERVER for anti-SQL-Injection');
107 define($constpref.'_DBTRAPWOSRVDSC','Some servers always enable DB Layer trapping. It causes wrong detections as SQL Injection attack. If you got such errors, turn this option on. You should know this option weakens the security of DB Layer trapping anti-SQL-Injection.');
108 
109 define($constpref.'_BIGUMBRELLA','enable anti-XSS (BigUmbrella)');
110 define($constpref.'_BIGUMBRELLADSC','This protects you from almost attacks via XSS vulnerabilities. But it is not 100%');
111 
112 define($constpref.'_SPAMURI4U','anti-SPAM: URLs for normal users');
113 define($constpref.'_SPAMURI4UDSC','If this number of URLs are found in POST data from users other than admin, the POST is considered as SPAM. 0 means disabling this feature.');
114 define($constpref.'_SPAMURI4G','anti-SPAM: URLs for guests');
115 define($constpref.'_SPAMURI4GDSC','If this number of URLs are found in POST data from guests, the POST is considered as SPAM. 0 means disabling this feature.');
116 
117 //3.40b
118 define($constpref."_ADMINHOME","Home");
119 define($constpref."_ADMINABOUT","About");
120 //3.50
121 define($constpref.'_STOPFORUMSPAM_ACTION','Stop Forum Spam');
122 define($constpref.'_STOPFORUMSPAM_ACTIONDSC','Checks POST data against spammers registered on www.stopforumspam.com database. Requires php CURL lib.');
123 }