PageRenderTime 55ms CodeModel.GetById 19ms RepoModel.GetById 1ms app.codeStats 0ms

/xoops_trust_path/modules/protector/README

https://github.com/nouphet/momoxo
#! | 787 lines | 605 code | 182 blank | 0 comment | 0 complexity | f1a60139577ac6c426c8178211a86bb4 MD5 | raw file
Possible License(s): AGPL-1.0, LGPL-2.1
  1. [mlimg]
  2. [xlang:en]
  3. = SUMMARY =
  4. Protector is a module to defend your CMS origined from XOOPS2 from various and malicious attacks.
  5. This module can protect a various kind of attacks like:
  6. - DoS
  7. - Bad Crawlers (like bots collecting e-mails...)
  8. - SQL Injection
  9. - XSS (not all though)
  10. - System globals pollution
  11. - Session hi-jacking
  12. - Null-bytes
  13. - Directory Traversal
  14. - Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)
  15. - Brute Force
  16. - Camouflaged Image File Uploading (== IE Content-Type XSS)
  17. - Executable File Uploading Attack
  18. - XMLRPC's eval() and SQL Injection Attacks
  19. - SPAMs for comment, trackback etc.
  20. Protector defends you CMS from these attacks, and it records into its log.
  21. Of course, all vulnerablities can't be prevented.
  22. Be not overconfident, please.
  23. However, I [color=ff0000][b]strongly[/b][/color] recommend installing this module to all XOOPS/ImpressCMS/XCL sites with any versions.
  24. = INSTALL =
  25. First, define XOOPS_TRUST_PATH into mainfile.php if you've never done it yet.
  26. Copy html/modules/protector in the archive into your XOOPS_ROOT_PATH/modules/
  27. Copy xoops_trust_path/modules/protector in the archive into your XOOPS_TRUST_PATH/modules/
  28. Turn permission of XOOPS_TRUST_PATH/modules/protector/configs writable
  29. After Protector is installed, edit your mainfile.php like this:
  30. [code]
  31. [color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;[/color]
  32. if (!isset($xoopsOption['nocommon']) [color=0000ff]&& XOOPS_ROOT_PATH != ''[/color] ) {
  33. include XOOPS_ROOT_PATH."/include/common.php";
  34. }
  35. [color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;[/color]
  36. [/code]
  37. Just add two red-colored lines.
  38. If the blue-colored part is different from your mainfile.php, don't mind it.
  39. Both pre-check and post-check are needed.
  40. An option "DENY by .htaccess" is added on version 2.34.
  41. If you try this option, set writable XOOPS_ROOT_PATH/.htaccess
  42. Before installing this, you should compare it to the security risks which .htaccess is writable.
  43. = How to rescue =
  44. If you've been banned from Protector, just delete files under XOOPS_TRUST_PATH/modules/protector/configs/
  45. The setting and controller of "rescue password" has been eliminated.
  46. = How to install it into XOOPS Cube Legacy 2.1 =
  47. Almost the same as installing into XOOPS 2.0.x.
  48. There is just a different with the patching point in mainfile.php.
  49. Refer this.
  50. [code]
  51. if (!defined('_XCORE_PREVENT_LOAD_CORE_') && XOOPS_ROOT_PATH != '') {
  52. include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;
  53. @include_once XOOPS_ROOT_PATH.'/include/cubecore_init.php';
  54. if (!isset($xoopsOption['nocommon']) && !defined('_XCORE_PREVENT_EXEC_COMMON_')) {
  55. include XOOPS_ROOT_PATH.'/include/common.php';
  56. }
  57. include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;
  58. }
  59. [/code]
  60. = How to install it into ImpressCMS =
  61. You need not patch to mainfile.php.
  62. Just copy extras/ImpressCMS/preload/protector.php in the archive into your preload/ of ImpressCMS.
  63. I thank vaughan about releasing the preload.
  64. original usage written by vaughan:
  65. ----------------------------------
  66. Install the module the same way as any other module.
  67. You do not need to edit mainfile.php when using ImpressCMS, instead locate the ImpressCMS_Extras directory
  68. inside the protector package, and copy the preload directory to your root ImpressCMS directory, so that your
  69. ImpressCMS preload folder contains the file protector.php
  70. your root ImpressCMS directory is the directory on your server where mainfile.php is located.
  71. example: htdocs/preload/protector.php
  72. ----------------------------------
  73. = UPGRADE from Protector 2.x =
  74. - remove two lines for Protector from your mainfile.php
  75. - remove all files under XOOPS_ROOT_PATH/modules/protector/ via FTP etc.
  76. - upload files in the archive (refer INSTALL)
  77. - do "upgrade" Protector in modulesadmin
  78. - add two lines for Protector into your mainfile.php
  79. Note: "XOOPS_TRUST_PATH" for 3.0 instead of "XOOPS_ROOT_PATH" for 2.x
  80. = Using filter-plugin =
  81. You can try filter-plugins in XOOPS_TRUST_PATH/modules/protector/filters_byconfig/ just by copying them into filters_enabled.
  82. Since XOOPS_TRUST_PATH can be shared by multi-sites, you may want to set a filter enabled for a site but disabled for the other site.
  83. If you want to turn a filter on for a specific site, input the name of the filter into Protector's preferences.
  84. Of course, you can make filter-plugins as you like because it is easy to create.
  85. Here is an introduction for filter-plugins in this archive.
  86. - postcommon_post_deny_by_rbl.php
  87. an anti-SPAM plugin.
  88. All of Post from IP registered in RBL will be rejected.
  89. This plugin can slow the performance of Post, especially chat modules.
  90. - postcommon_post_deny_by_httpbl.php
  91. an anti-SPAM plugin.
  92. All of Post from IP registered in http:BL will be rejected.
  93. Before using it, get HTTPBL_KEY from http://www.projecthoneypot.org/ and set it into the filter file.
  94. define( 'PROTECTOR_HTTPBL_KEY' , '............' ) ;
  95. - postcommon_post_need_multibyte.php
  96. an anti-SPAM plugin.
  97. Post without multi-byte characters will be rejected.
  98. This plugin is only for sites of japanese, tchinese, schinese, and korean.
  99. -postcommon_post_htmlpurify4guest.php
  100. All post data sent by guests will be purified by HTMLPurifier.
  101. If you allow guests posting HTML, I strongly recommend you to enable it.
  102. -postcommon_register_insert_js_check.php
  103. This plugin prevents your site from robot's user registering.
  104. Required JavaScript working on the vistors browser.
  105. -bruteforce_overrun_message.php
  106. Specify a message for visitors tried wrong passwords more than the specified times.
  107. All plugins named *_message.php specifys the message for rejected accesses.
  108. -precommon_bwlimit_errorlog.php
  109. When band width limitaion works unfortunately, this plugin logs it into Apache's error_log.
  110. All plugins named *_errorlog.php log some informations into Apaches error_log.
  111. = NEW FEATURE SINCE 3.3: DBLayer trapping anti-SQL-Injection
  112. This feature can beat almost malicious SQL Injection attacks if you uses some modules vulnerable to "SQL Injection".
  113. However, you have to patch a file "class/database/databasefactory.php" to enable the feature.
  114. I prepared patches/ folder, and it contains patched databasefactory.php for each cores.
  115. Of course, I welcome if each core teams adpot the patches as HEAD :-)
  116. The latest version of these cores are ready for this feature:
  117. - XCL2.1.x
  118. - ImpressCMS 1.x
  119. Thank you minahito and marcan!
  120. = CHANGES =
  121. 3.50 beta (2009/11/17)
  122. - modified filters can be turned on/off by preferences of Protector
  123. - moved filters under filters_disabled/ into filters_byconfig/
  124. - added manipulation checker against ftp worms or silent raiders
  125. 3.41 (2009/11/17)
  126. - fixed some swf/swc files are confused often
  127. - added language files
  128. -- polish_utf8 (thx jagi)
  129. 3.40 (2009/09/16)
  130. - numbered as a STABLE version
  131. - renamed from "Xoops Protector" to "Protector" simply
  132. - modified module icons for some forked cores (thx rene)
  133. - modified postcommon_post_need_multibyte with func_overload (thx orange) 3.40a
  134. - updated language files
  135. -- spanish (thx Colossus) 3.40b
  136. 3.36 beta (2009/08/27)
  137. - updated HTMLPurifier into 4.0.0
  138. - added a filter postcommon_post_htmlpurify4everyone.php
  139. - added a filter postcommon_post_register_moratorium.php 3.36a
  140. - updated language files
  141. -- persian (thx voltan) 3.36a
  142. 3.35 beta (2009/08/13)
  143. - fixed english modinfo.php is always loaded. (thx Phoenyx)
  144. - modified comment attacking detection of DBL anti-SQL-Injection again
  145. - defined some constants for detecting Protector's mode for module maintainers
  146. -- PROTECTOR_ENABLED_ANTI_SQL_INJECTION
  147. -- PROTECTOR_ENABLED_ANTI_XSS
  148. - updated language files
  149. -- arabic (thx Onasre) 3.35a
  150. 3.34 beta (2009/07/06)
  151. - modified comment attacking detection of DBL anti-SQL-Injection
  152. - added an option for some environment always enables DBL trapping
  153. 3.33 beta (2009/04/03)
  154. - stopped to force rewriting PHP_SELF and PATH_INFO (thx nao-pon)
  155. - added checking PHP_SELF into bigumbrella anti-XSS
  156. - added a constant PROTECTOR_VERSION
  157. - modified compatibities with ImpressCMS (thx vaughan)
  158. - fixed "none" option for F5Attack and Crawler cannot work finen (thx ChaFx)
  159. - turned default value of bugumbrella anti-XSS on
  160. 3.32 beta (2009/01/27)
  161. - fixed DBL anti-SQL-Injection is skipped on condition nocommon=1 (thx naao)
  162. - updated language files
  163. -- persian (thx voltan)
  164. -- de_utf8 (ths Rene) 3.32a
  165. 3.31 beta (2009/01/20)
  166. - fixed DBL anti-SQL-Injection's wrong detection by db->quiteString() with "
  167. - updated language files
  168. -- spanish (thx Colossus)
  169. 3.30 beta (2009/01/14)
  170. - added DBLayer trapping anti-SQL-Injection
  171. - added a filter precommon_bwlimit_errorlog.php
  172. - added a filter precommon_badip_errorlog.php
  173. - updated language files
  174. -- spanish (thx Colossus)
  175. - modified precommon_bwlimit_*.php returns 503 error (thx Colossus) 3.30a
  176. 3.22 (2008/12/03)
  177. - modified the condition the cookie 'deleted' is sent as autologin_uname
  178. - added a checker for the privacy of XOOPS_TRUST_PATH into the Advisory
  179. - added language files
  180. -- nederlands (thx Cath)
  181. - updated language files
  182. -- persian (thx voltan) 3.22a
  183. - modified page navigation (thx McDonald) 3.22a
  184. 3.21 (2008/11/21)
  185. - added a preferences for bandwidth limitation
  186. - enabled precommon_badip_message.php as default
  187. - modified messages by precommon filter
  188. - updated language files
  189. -- spanish (thx Colossus) 3.21a
  190. - fixed fatal typo in protector.php (thx rohi) 3.21a
  191. 3.20 (2008/09/17)
  192. - numbered as a stable version
  193. - updated language files
  194. -- arabic (onasre)
  195. - fixed language files
  196. -- de_utf8
  197. - added language files
  198. -- italian (thx Defcon1) 3.20a
  199. - added a method isMobile() into ProtectorFilterAbstract 3.20b
  200. 3.17 beta (2008/04/24)
  201. - modified URLs with the same hostname as XOOPS_URL are not counted as URI SPAM
  202. - updated language files
  203. -- persian (thx stranger and voltan) 3.17a
  204. - added language files
  205. -- de_utf8 (thx wuddel) 3.17a
  206. 3.16 beta (2008/01/08)
  207. - added a filter postcommon_post_deny_by_httpbl for antispam by honeypotproject
  208. - updated language files
  209. -- polish (thx kurak_bu)
  210. 3.15 beta (2007/10/18)
  211. - added "compact log"
  212. - added "remove all log"
  213. - added language files
  214. -- fr_utf8 (thx gigamaster)
  215. 3.14 beta (2007/09/17)
  216. - imported HTMLPurifier (special thx! Edward Z. Yang) PHP5 only
  217. - added filtering point (spamcheck, crawler, f5attack, bruteforce, purge)
  218. - added filter plugins
  219. -- postcommon_post_htmlpurify4guest (guest's post will be purified) only PHP5
  220. -- spamcheck_overrun_message
  221. -- crawler_overrun_message
  222. -- f5attack_overrun_message
  223. -- bruteforce_overrun_message
  224. -- prepurge_exit_message
  225. 3.13 beta (2007/08/22)
  226. - modified the filter structure from function to class
  227. - added filtering point (badip, register)
  228. - added filter plugins
  229. -- postcommon_register_insert_js_check (against registering SPAM)
  230. -- precommon_badip_message (displays a message on rejecting the IP)
  231. -- precommon_badip_redirection (redirects somewhere on rejecting the IP)
  232. 3.12 beta (2007/08/16)
  233. - fixed for controllers with $xoopsOption['nocommon']=true
  234. 3.11 beta (2007/08/16)
  235. - modified ordering precheck and postcheck
  236. - removed a rbl server from postcommon_post_deny_by_rbl.php
  237. - added language files
  238. -- french (thx Christian)
  239. 3.10 beta (2007/07/30)
  240. - modified precheck getting config via local cache
  241. - modified precheck does not connect MySQL as possible
  242. - fixed "reliable IP" does not work well
  243. - modified mainfile patch can be inserted before protector installation
  244. - added a logic to check some folder's permission on installing protector
  245. - modified IP denying pattern. 'full', 'foward match', and 'preg match'
  246. - added denied IP moratorium
  247. - added a warning if the directory for configs is not writable
  248. 3.04 (2007/06/13)
  249. - added a check against the phpmailer command-injection vulnerability.
  250. - modified postcommon_post_need_multibyte (3.04a)
  251. 3.03 (2007/06/03)
  252. - added a protection against installer attack
  253. - changed language name
  254. -- ja_utf8 (formerly japaneseutf) 3.03a
  255. 3.02 (2007/04/08)
  256. - modified compatibility of the option "force_intval"
  257. - fixed wrong link in advisory.php (thx genet)
  258. - added a method module can skip DoS/crawler check (define a constant)
  259. - updated D3 system
  260. - added language files
  261. -- persian (thx voltan)
  262. -- russian (thx West) 3.02a
  263. -- arabic (thx onasre) 3.02b
  264. -- japaneseutf 3.02c
  265. 3.01 (2007/02/10)
  266. - modified the rule for sorting IPs
  267. - added language files
  268. -- portuguesebr (thx beduino)
  269. -- spanish (thx PepeMty)
  270. -- polish (thx kurak_bu) 3.01a
  271. -- german (thx wuddel) 3.01b
  272. - modified module_icon.php 3.01c
  273. - fixed typo in module_icon.php 3.01d
  274. 3.00 (2007/02/06)
  275. - marked as a stable version
  276. - fixed typo in log level
  277. - fixed multibyte plugin never denies registered users (thx mizukami)
  278. - modified compatibility with 2.2.x from xoops.org 3.00a
  279. 3.00beta2 (2007/01/31)
  280. - added plugin system (just postcommon_post_*)
  281. - added filtering-plugins
  282. -- postcommon_post_deny_by_rbl.php (deny SPAM by RBL)
  283. -- postcommon_post_need_multibyte.php (deny SPAM by character type)
  284. 3.00beta (2007/01/30)
  285. - moved almost files under XOOPS_TRUST_PATH
  286. - modified denying IP from DB to a file under configs
  287. - removed rescue feature (just remove a file via FTP)
  288. - added allowed IPs for user of group=1
  289. - modified table structures (compatible MySQL5)
  290. - added BigUmbrella anti-XSS system
  291. - added anti-SPAM feature
  292. = THANKS =
  293. - Kikuchi (Traditional Chinese language files)
  294. - Marcelo Yuji Himoro (Brazilian Portuguese and Spanish language files)
  295. - HMN (French language files)
  296. - Defkon1 (Italian language files)
  297. - Dirk Louwers (Dutch language files)
  298. - Rene (German language files)
  299. - kokko (Finnish language files)
  300. - Tomasz (Polski language files)
  301. - Sergey (Russian language files)
  302. - Bezoops (Spanish language files)
  303. These contributions was made for v2.x
  304. I'm appreciated new language files for v3.0 :-)
  305. Moreover, I thank to JM2 and minahito -zx team- about having taught me kindly.
  306. You are very great programmers!
  307. [/xlang:en][xlang:ja]
  308. ׻
  309. Protector ϡXOOPS2١γƼCMS͡ʰդ뤿ΥǤ
  310. ΥǤϡʲιɤޤ
  311. - DoS
  312. - դ?ʥܥåȤʤɡ
  313. - SQL Injection
  314. - XSS ʤȤäƤƤǤϤޤ
  315. - ƥ?Хѿ
  316. - åϥå
  317. - ̥Хȹ
  318. - ǥȥ̤
  319. - Ĥδ?CSRF (XOOPS 2.0.9.2ʲ¸ߤ)
  320. - Brute Force ʥѥ
  321. - ĥҵեåץ? (ʤIE Content-Type XSS)
  322. - ¹Բǽʥե򥢥åץ?ɤ
  323. - XMLRPCϢ
  324. - SPAM/ȥåХåSPAMSPAM
  325. ιʤXOOPS2١CMS?˵Ͽޤ
  326. ΥϤޤǡŪɸ椷Ԥޤ
  327. 3rdѡƥ˸ʷΰɤޤ󤬡٤ƤηɤΤǤϤʤ϶ʪǤ
  328. θ³ϾΤξǡ٤ƤXOOPS2١CMSФơ󥹥ȡ[color=ff0000][b][/b][/color]ޤ
  329. ˡ
  330. 󥹥ȡˤϡXOOPS_TRUST_PATHɬפǤ
  331. ֤htmlXOOPS_ROOT_PATH¦˥ԡ֤xoops_trust_pathXOOPS_TRUST_PATH¦˥ԡޤ
  332. 󥹥ȡǤСե֤Ƥޤ
  333. ǤϤޤäưƤޤΤǡmainfile.php ƤӽФˤȤɬ׾Ǥ
  334. Protector 򥤥󥹥ȡȤXOOPS2١CMS mainfile.php ΰֲΤ
  335. [code]
  336. [color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;[/color]
  337. if (!isset($xoopsOption['nocommon']) [color=0000ff]&& XOOPS_ROOT_PATH != ''[/color] ) {
  338. include XOOPS_ROOT_PATH."/include/common.php";
  339. }
  340. [color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;[/color]
  341. [/code]
  342. ȡ֤ʤäƤԤɲäƲ
  343. Ŀʬϡǽ˥󥹥ȡΥСˤäưۤʤޤäƤƤⵤˤʤƷ빽Ǥ
  344. С3ƥͳIPݤѤʤʤޤXOOPS_TRUST_PATH/modules/protector/configs ĤƤProtectorIPưϿ˵Ҥˤʤޤ
  345. ʤͳǡʬȤIPݥꥹȤ˺ܤäƤޤäС2ޤǤϥ쥹ѥɤѤƤޤС3ϡFTP XOOPS_TRUST_PATH/modules/protector/configs ΥեԽޤϺƤ
  346. 2.34¸Ūˡ.htaccessˤDoSɸȤץɲäޤѤ硢XOOPS_ROOT_PATHˤ.htaccessǽȤɬפޤƳݤˤϡ.htaccessեǽǤȤӤƲ
  347. XOOPS Cube Legacy 2.1ؤΥ󥹥ȡ
  348. ʰ㤤Ϥޤ
  349. mainfile.php ν񤭴ݥȤμդΤǡѥåƤ򼨤Ƥޤ
  350. [code]
  351. if (!defined('_XCORE_PREVENT_LOAD_CORE_') && XOOPS_ROOT_PATH != '') {
  352. include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;
  353. @include_once XOOPS_ROOT_PATH.'/include/cubecore_init.php';
  354. if (!isset($xoopsOption['nocommon']) && !defined('_XCORE_PREVENT_EXEC_COMMON_')) {
  355. include XOOPS_ROOT_PATH.'/include/common.php';
  356. }
  357. include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;
  358. }
  359. [/code]
  360. ImpressCMSؤΥ󥹥ȡ
  361. mainfile.php ؤΥѥåɬפޤ
  362. ֤ extras/ImpressCMS/preload/protector.php 򡢤ImpressCMSpreloadե˥ԡƤ
  363. preload󶡤Ƥ줿vaughan˴դޤ
  364. С2ΥС󥢥å
  365. ޤmainfile.php 顢Protector˴ؤԤƤ
  366. ˡäXOOPS_ROOT_PATH/modules/protector/ Υեƺޤ
  367. ˡ󥹥ȡƱͤե򥢥åץ?ɤޤ
  368. ̤äơProtector򥢥åץǡȤޤ
  369. Ǹˡ١mainfile.phpԽprecheckpostcheckͭˤƤС2ǤϡXOOPS_ROOT_PATH ȤʤäƤʬС3ǤϡXOOPS_TRUST_PATH ȤʤäƤȤդɬפǤ
  370. ե륿ץ饰
  371. V3顢XOOPS_TRUST_PATH/modules/protector/filters_enabled/ ˥ե륿ץ饰ǼȤǡɲååɲåå?󥰤ʤɤǤˤʤޤ¤ñʤϤǤ
  372. Υ˥ǥեȤѰդƤե륿ץ饰ΤŪʤΤҲ𤷤ޤ
  373. - postcommon_post_deny_by_rbl.php
  374. ѥкѡ
  375. RBLѤPOSTϤͤޤ
  376. RBLϿ줿IPƤϤ٤SPAMȽޤ뤿ƻνŤʤ뤫ޤ󡣡äChatʤɤǤϱƶ
  377. - postcommon_post_deny_by_httpbl.php
  378. ѥкѡ
  379. http:BLѤPOSTϤͤޤ
  380. Ѥˡե򥨥ǥdzơ
  381. define( 'PROTECTOR_HTTPBL_KEY' , '............' ) ;
  382. ιԤ񤭴ޤHTTPBL_KEYϡhttp://www.projecthoneypot.org/ ����������Ƥ���������
  383. -postcommon_post_need_multibyte.php
  384. ѥкѡ
  385. ƤܸޤޤƤȤ׵ץ饰
  386. ܸʸޤޤƤʤ100byteʾʸ󤬤äSPAMȽޤ
  387. -postcommon_post_htmlpurify4guest.php
  388. ȤˤPOSTǡ٤ƤˤĤơHTMLPurifier̲ե륿Ǥ
  389. ȤHTMLĤƤǤͭˤȤ򶯤ޤ
  390. -postcommon_register_insert_js_check.php
  391. ܥåȤˤϿɤץ饰
  392. ϿȤΥ֥JavaScriptưƤɬפޤ
  393. -bruteforce_overrun_message.php
  394. ѥɤʾְΥåޤ*_message.php Ȥե륿ץ饰Ϥå륿פΥե륿Ǥ
  395. -precommon_bwlimit_errorlog.php
  396. ɻߵǽƯˡλݤApacheΥ?˵Ͽޤ
  397. *_errorlog.php Ȥե륿ץ饰Ϥ?˵Ͽ륿פΥե륿Ǥ
  398. XOOPS_TRUST_PATH/modules/protector/filters_byconfig/ ֤ƤΤǡɬפ˱ơfilters_enabled ˥ԡƤ
  399. XOOPS_TRUST_PATHϡʣȤѽͤʤΤǡե륿򥵥ȤˤäƻȤʬǤ
  400. ξϡProtectorΰˡѤե륿̾򵭽ҤƤ󡢵ҤΤʤȤǤͭޤ
  401. 3.3οǽ: DBȥåanti-SQL-Injection
  402. Protector-3.3ʹߡǡ١üäơưŪSQL Injectionк򤹤뵡ǽɲäޤˤäơۤȤɤSQL Injectionȼ̵Ǥޤʤ虜ȷĤʤ餤ǤϤΤǡݾڤϤޤ
  403. ͭˤ뤿ˤϡŪ˥ǡ١եȥꥯ˥ѥåƤɬפޤ
  404. patches/ եˡƥѤΥѥåѥǡ١եȥꥯեѰդƤΤǡεǽѤˤϡǾ񤭤Ƥ
  405. 󡢳ƥѶŪˤΥѥåHEAD˺ѤƤΤ٥ȤȹͤƤޤѥåˤĤƤʤ٤ѤˤĤǤ
  406. ʤʲΥκǿǤϡεǽΥѥåǽ餫äƤޤбȤޤ
  407. - XCL2.1.x
  408. - ImpressCMS 1.x
  409. ѹ
  410. 3.50 beta (2009/11/17)
  411. - ƥȤProtectorǥե륿ON/OFF򥳥ȥ?ǽȤ
  412. - filters_disabled ˼ޤäƤե륿filters_byconfigذư
  413. - FTPԤˤȲåߤ
  414. 3.41 (2009/11/17)
  415. - swfեΥե륿׸ǧб
  416. - եɲ
  417. -- polish_utf8 (thx jagi)
  418. 3.40 (2009/09/16)
  419. - ǤȤֹ򿶤ľ
  420. - "Xoops Protector" Ȥ̾ƥץ "Protector" ؤѹ
  421. - ImpressCMSXCLбѰդ (thx rene)
  422. - ĶǤpostcommon_post_need_multibyteưɤб (thx orange) 3.40a
  423. - ե
  424. -- spanish (thx Colossus) 3.40b
  425. 3.36 beta (2009/08/27)
  426. - HTMLPurifier 4.0.0 ˹
  427. - ե륿ɲ
  428. -- postcommon_post_htmlpurify4everyone.php (POSTHTMLPurifier̲)
  429. -- postcommon_post_register_moratorium.php (ϿľURLƤػߤ) 3.36a
  430. - ե
  431. -- persian (thx voltan) 3.36a
  432. 3.35 beta (2009/08/13)
  433. - ImpressCMSmodinfo.php˱ѸˤʤäƤΤ (thx Phoenyx)
  434. - DBLT-ASIΥȤФưȤȽǤ˽
  435. - ƥʡΤˡProtectorưɤΤ뤿
  436. -- PROTECTOR_ENABLED_ANTI_SQL_INJECTION
  437. -- PROTECTOR_ENABLED_ANTI_XSS
  438. - ե
  439. -- arabic (thx Onasre) 3.35a
  440. 3.34 beta (2009/07/06)
  441. - DBȥåanti-SQL-Injection(DBLT-ASI)ΥȤФư¤
  442. - DBȥåפONˤʤäƤޤĶбץɲ
  443. 3.33 beta (2009/04/03)
  444. - PHP_SELFPATH_INFOüʸѴ᤿ (thx nao-pon)
  445. - PHP_SELFʻanti-XSSоݤ˲ä
  446. - PROTECTOR_VERSION ǡProtectorΥСǧǤˤ
  447. - ImpressCMS ؤΥ󥹥ȡˡHTMLPurifierŬѤ (thx vaughan)
  448. - F5Attack?ǡ֥?ΤߡפνäΤ (thx ChaFx)
  449. - ʻAnti-XSSνͤͭѹ
  450. 3.32 beta (2009/01/27)
  451. - nocommonǤDBȥåanti-SQL-Injectionư򤷤 (thx naao)
  452. - ե
  453. -- persian (thx voltan)
  454. 3.31 beta (2009/01/20)
  455. - ʤɤǥ֥ơ󤬤SQL InjectionȽ
  456. - ե
  457. -- spanish (thx Colossus)
  458. 3.30 beta (2009/01/14)
  459. - DBȥåanti-SQL-Injection
  460. - Υե륿ä˥?Ǥե륿ɲ
  461. - IPȤƤ줿ˤĤƥ?Ǥե륿ɲ
  462. - ե
  463. -- spanish (thx Colossus)
  464. - кե륿ˤĤƤ503֤ˤ (thx Colossus) 3.30a
  465. 3.22 (2008/12/03)
  466. - ѥå'deleted'Ȥͤ졢BruteForceȤʤ븽ݤб
  467. - ƥɤXOOPS_TRUST_PATHץ饤١ȤȤʤäƤΥåɲ
  468. - եɲ
  469. -- nederlands (thx Cath)
  470. - ե
  471. -- persian (thx voltan) 3.22a
  472. - ڡʥӤ򲼤ˤɽˤ (thx McDonald) 3.22a
  473. 3.21 (2008/11/21)
  474. - Ӱ¤ɲ
  475. - IP BANä˲֤Τ餻åǥեȤˤ
  476. - precommonե륿Ǥǽˤ
  477. - ե
  478. -- spanish (thx Colossus) 3.21a
  479. - IPȤ򹹿ʤʤäƤΤ (thx rohi) 3.21a
  480. 3.20 (2008/09/17)
  481. - ǤȤƥСֹդľ
  482. - ե
  483. -- arabic (onasre)
  484. - ե
  485. -- de_utf8
  486. - եɲ
  487. -- italian (thx Defcon1) 3.20a
  488. - Ƚå isMobile() ProtectorFilterAbstractɲ 3.20b
  489. 3.17 beta (2008/04/24)
  490. - URI SPAMȽǡۥȤƱξ̲ˤ
  491. - ե
  492. -- persian (thx stranger and voltan) 3.17a
  493. - եɲ
  494. -- de_utf8 (thx wuddel) 3.17a
  495. 3.16 beta (2008/01/08)
  496. - SPAMե륿ɲ postcommon_post_deny_by_httpbl (honeypotproject.orgBL)
  497. - ե
  498. -- polish (thx kurak_bu)
  499. 3.15 beta (2007/10/18)
  500. - ?ΥѥȲɲ
  501. - ?ɲ
  502. - եɲ
  503. -- fr_utf8 (thx gigamaster)
  504. 3.14 beta (2007/09/17)
  505. - HTMLPurifierƳ (special thx! Edward Z. Yang) PHP4ǤϤޤȤưޤ
  506. - ե륿ݥȤɲ (spamcheck, crawler, f5attack, bruteforce, purge)
  507. - ե륿ץ饰ɲ
  508. -- ƤΤ٤ƤHTMLPurifier̲ե륿 (PHP5)
  509. -- SPAMȽ줿˥åɽʥȤ˥ե륿
  510. -- ?Ƚ줿˥åɽʥȤ˥ե륿
  511. -- F5åȽ줿˥åɽʥȤ˥ե륿
  512. -- ֥ȥե˥åɽʥȤ˥ե륿
  513. -- ¾ͽľ˥åɽʥȤ˥ե륿
  514. 3.13 beta (2007/08/22)
  515. - ե륿ץ饰򥰥?Хؿѹ
  516. - ե륿ݥȤɲ (badip, register)
  517. - ե륿ץ饰ɲ
  518. -- ϿJavaScriptåե륿(ϿSPAMк)
  519. -- IP˥åɽե륿
  520. -- IP˥Ȥե륿
  521. 3.12 beta (2007/08/16)
  522. - $xoopsOption['nocommon'] ưƤʤäХν
  523. 3.11 beta (2007/08/16)
  524. - mainfile.php ؤΥѥåprecheckpostcheckƤưб
  525. - RBLե륿ΥǥեȤniku.2ch.net
  526. - եɲ
  527. -- ե󥹸 (thx Christian)
  528. 3.10 beta (2007/07/30)
  529. - precheckconfigϡ?åˤ
  530. - MySQLؤťͥӽ
  531. - ѤǤIPǵǽƤʤХν
  532. - 󥹥ȡmainfileѥåν֤դǤФʤˤ
  533. - ۥΥ󥹥ȡȥեΥѡߥå˥å?åɲ
  534. - IPְססססɽפΤǤɽǤˤ
  535. - IP˻¤ߤ
  536. - configsǥȥػߤˤʤäƤWarningɲ
  537. 3.04 (2007/06/13)
  538. - phpmailerΥޥɼ¹ȼФåɲä
  539. - postcommon_post_need_multibyte ΥåϤˤ (3.04a)
  540. 3.03 (2007/06/03)
  541. - 󥹥ȡåؤкɲä
  542. - ̾ѹ
  543. -- ja_utf8 (japaneseutf) 3.03a
  544. 3.02 (2007/04/08)
  545. - IDѿζѴνˤ䤫ˤ
  546. - ƥɤΥڤ
  547. - DoS/crawlerå򥹥åפǤʤ󶡡ʤ
  548. - D3ƥΥåץǡ
  549. - եɲ
  550. -- persian (thx voltan)
  551. -- russian (thx West) 3.02a
  552. -- arabic (thx onasre) 3.02b
  553. -- japaneseutf 3.02c
  554. 3.01 (2007/02/10)
  555. - IPȥ롼ѹ
  556. - եɲ
  557. -- portuguesebr (thx beduino)
  558. -- spanish (thx PepeMty)
  559. -- polish (thx kurak_bu) 3.01a
  560. -- german (thx wuddel) 3.01b
  561. - module_icon.php 򥭥åǽ 3.01c
  562. - module_icon.php typo 3.01d
  563. 3.00 (2007/02/06)
  564. - ǤȤƤΥ
  565. - ?٥ߥν
  566. - ޥХȥץ饰ϿPOSTƤʤ˽ (thx mizukami)
  567. - ܲ2.2.xȤβ 3.00a
  568. 3.00beta2 (2007/01/31)
  569. - ץ饰󥷥ƥƳ (Ȥꤢ postcommon_post_* ȤפΤ)
  570. - ե륿ץ饰ɲ
  571. -- postcommon_post_deny_by_rbl.php (RBLˤIP١SPAMк)
  572. -- postcommon_post_need_multibyte.php (ʸˤSPAMк)
  573. 3.00beta (2007/01/30)
  574. - XOOPS_TRUST_PATH¦Τ֤Ȥˤ
  575. - IPݵǽñʥե(configsǥȥ겼)ѹ
  576. - 1ˤʤIPɥ쥹µǽɲáʤñʤե
  577. - ǽκ 3.0ʹߤñFTPǥեޤ
  578. - ơ֥¤ν (MySQL5б)
  579. - BigUmbrella anti-XSS Ƴ
  580. - ȡȥåХåSPAMкǽɲ
  581. - Cube 2.1 Legacy RC Ǥưǧ
  582. ռ
  583. - Kikuchi (ե)
  584. - Marcelo Yuji Himoro (֥Υݥȥڥե)
  585. - HMN (ե󥹸ե)
  586. - Defkon1 (ե)
  587. - Dirk Louwers (ե)
  588. - Rene (ɥĸե)
  589. - kokko (եɸե)
  590. - Tomasz (ݡɸե)
  591. - Sergey (?ե)
  592. - Bezoops (ڥե)
  593. (ʾ塢С2ޤǤθեԤǤС3ǤϤääƤޤߤޤ
  594. - beduino (֥Υݥȥե)
  595. - PepeMty (ڥե)
  596. - kurak_bu (ݡɸե)
  597. - wuddel (ɥĸ)
  598. - voltan&stranger (ڥ륷)
  599. - onasre (ӥ)
  600. ޤΥˤ͡ʤƳڥ򤤤zxγ͡Ȥ櫓JM2minahitoˡդޤ
  601. [/xlang:ja]
  602. ------------------------------------------------------------
  603. GIJ=CHECKMATE <gij@peak.ne.jp>
  604. 2004-2009
  605. PEAK XOOPS http://xoops.peak.ne.jp/