Recent Posts

Pages: 1 ... 3 4 [5] 6 7 ... 10

Security / Re: [Solved] Banned, probable cause lightbox?

« Last post by datahell on September 07, 2025, 10:18:23 »

I use CSS/JS minifier in some sites, including elxis.org, and I have not this problem.

Despite the above an other solution would be to change Elxis Defender general rules.

Open includes/libraries/elxis/defender/general.rules.php
Locate "PHP wrapper attack" line and remove the "data:" from the list

Replace this:
array('URI,QUERY', 'ftp\:|ftps\:|rtp\:|udp\:|php\:|data\:|file\:|glob\:|zlib\:|ogg\:|ssh2\:|expect\:', 'PHP wrapper attack'),
with this:
array('URI,QUERY', 'ftp\:|ftps\:|rtp\:|udp\:|php\:|file\:|glob\:|zlib\:|ogg\:|ssh2\:|expect\:', 'PHP wrapper attack'),

Security / Re: Banned, probable cause lightbox?

« Last post by kyomar on September 07, 2025, 09:39:27 »

Sorry guys, I have just come across the other post about PHP wrapper attack. I have turned off the Elxis CSS minifier as suggested - problem solved.

Security / [Solved] Banned, probable cause lightbox?

« Last post by kyomar on September 07, 2025, 08:14:20 »

Hello Elxis Team,

I haven't posted here for a long time; this shows how well Elxis works. But now I have a problem with being banned multiple times (hoped it will be better after upgrading to v5.6). I cannot explain it better as I am just a normal user, please be patient.

I think it has something to do with lightbox. When I open an image I cannot see the forward, backward and close buttons (on a locally installed copy it works). When I inspect the code in a browser I see a 403 error and in the security log I have this message (something about a php wrapper attack):

Quote

2025-09-07 02:29:42 GMT [xx.x.xxx.xx - ae227021.dynamic.ppp.xxxx-net.or.jp]
Mozilla/5.0 (X11; Linux x86_64; rv:142.0) Gecko/20100101 Firefox/142.0
REFERER: https://www."website".com/inner.php/minify/268cec204dbdfdfb8e8d2e6d364d84e7.css
GET /components/com_content/plugins/gallery/includes/data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAGMAAAA2CAYAAADTeCfRAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNS1jMDE0IDc5LjE1MTQ4MSwgMjAxMy8wMy8xMy0xMjowOToxNSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIE1hY2ludG9zaCIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo5NThDMEMwNzg3NjgxMUU1QUM2MUYwRDYwNTNEN0UxMSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo5NThDMEMwODg3NjgxMUU1QUM2MUYwRDYwNTNEN0UxMSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjk1OEMwQzA1ODc2ODExRTVBQzYxRjBENjA1M0Q3RTExIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjk1OEMwQzA2ODc2ODExRTVBQzYxRjBENjA1M0Q3RTExIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+htE8KwAAA9BJREFUeNrsm1tIFGEYhndDI4OSLgqkMrKjBXYwCjt40QkpL4pMyoqMgigIgm6iiy66KSwpj2vrucKgpINRRhYRooQkWYEWUkaWERokhVQXbu/QOyDhpjPzz3H/Dx7W1f2+753/3X9mnPnHHwqFfDKcEWPkEEgzZEgzpBkybDbjHLhvIP8GKLNhPILgksEaFaDKKWacAMdAn4Ean8F+kGOxGXFgDyjSmZ8L9oFpurKVU1uBnAr9jZMCah1hrQLBGkciyL7FGvNymXdZb2+RG3GGYo4LrHmINS9abEiZRkMu8PNXjPQVJV4Vc9SEgclm7WqLDSkd5RdBiBGizCihmMMmDkwWe1yz2JBy9g2E+ft5o7smkWZUUMwBCwYmg71u2nQMCZhphFEzaihmt4UDk86e9TYZUsj3OaKNMGJGHcVkWjwoChvZ+7HFfQvZt42vpaJ76Em6SzHbbDBCZR01NFvct519u8yorzXhEcWk2WiESiq1tFrUT901veZrnp1mNFHEWgcYoZJMTe0m98ljn3K+z+f7oB1mtLD5agcZoZJEbZ3Ab0J9deCrwpzSB6004xWbLnegESqJ1NgNok04aFeF+XtA5MF8pA90stkiBxuhkkCtvSBGQL2iEYz415Bys8yIAu/ZZKELjFCJp+Z+EGugTgHrVGq8ClEm2oxZ4CUYAHNcZIRKHOjj6ed8A8eISo15xUaPIcP9spFFk11ohMp0bkOHxrxa5lXo7Ksack9Pvn+YpTqLwS0QDZbxRo+bYgJoBZPAZtCiIVe5QzceZBroXwP8YKfWRH+YdVOx4AOYCOJBt0uMUAz4BGLAVNDjhXvg/bwF2UdTElywLVOoN5o/97hsRv/3HvgAv10fwVuQ6ODtUO45f6HmyaDXi6tDfoMZNKMdJDlwG2ZyN/qVs/mbl5fqDILZoAO8AMkO0j8XvONJhjKLf0TKuqkF4Dl4BlY6QLty1vcGdHE39SvSFrEtBc2gCWywUfcKfjE6eHIxGKkrCleBRvAApNmgOQU8BW2crRG/vDMV1JN0C/WmcmYqZizxeSyMLO/cBG6DOyDDAq3rwRPOyhSfB8PoWtst4DrJMlGnYnwDeMjZ4c0QdGGumhfIsk246LeVtetcfOFyVEQJ8nQv+AkqwThQIqjuDnAV1ILtPo9HlMBaB/kfewCMBfkG6ylL85VnJZSroLt8kRAmTLezOpfUD+W0WQvFnIzfpEePlaeO5oE1OvOVp56+R8KuaWiYZYYMG05tZUgzpBkypBnSDBnSDGmGDGmGDGmGNEOGNEOaIUOa4YH4I8AAM9m8BFEzyDIAAAAASUVORK5CYII=
REFCODE: DEFG-0018 Request blocked, Method: URI, Rule: data:, Reason: PHP wrapper attack

Your help would be greatly appreciated.

Thank you,
Markus

Installation / I move my website from Hostgator to another hosting but I got problem.

« Last post by komang on September 06, 2025, 11:22:48 »

Dear all,

I move my hosting from hostgator, I move everything (files and database). But I got this when I access my website:

Looks like there’s a problem with this site

https://ksmtour.com/ might have a temporary problem or it could have moved.

Error code: 500 Internal Server Error

The site could be temporarily unavailable or too busy. Try again in a few moments.

Please help me the steps how to move hosting safely.

Thank a lot.

BR,
Komang

General / Re: User list new view

« Last post by zillo on September 05, 2025, 00:02:34 »

datahell, do you have the CSS settings? I've tried, but I can't get it to work. Please

General / Re: User list new view

« Last post by datahell on August 29, 2025, 21:21:28 »

The users list is not a table, it is a list (UL / LI elements). By default it shows one user per row. Via CSS you can make it be displayed as a grid/table if you like. If you want a very custom user list you can create a plugin. I attach 2 screenshots of a sample user list transformation (1 minute work with CSS).

General / User list new view

« Last post by zillo on August 24, 2025, 20:45:36 »

Dear community, can someone please rewrite the user list? It's currently a table, and I wanted to display user pictures side by side, with information like name, age, location, and online or offline relationship status below the pictures.

Thanks in advance.

News and announcements / Re: Elxis 5.6 Oxylus released!

« Last post by datahell on August 21, 2025, 18:57:50 »

Release notes for Elxis 5.6 Oxylus.

News and announcements / Re: Elxis 5.6 Oxylus released!

« Last post by datahell on August 19, 2025, 21:39:22 »

Revisions 2732 and 2733 released today after the initial revision 2731. They both contain small fixes. Please always use the latest Elxis version.

Current version: Elxis 5.6 Oxylus rev2733.

elxis.org and elxis.net proudly run Elxis 5.6 Oxylus

News and announcements / Elxis 5.6 Oxylus released!

« Last post by datahell on August 18, 2025, 20:55:45 »

Elxis 5.6 Oxylus released. You can download it from elxis.org.
In Elxis 5.6 (Oxylus) we have strengthen CMS security even more.
This is a quick change-log. Detailed presentation of Elxis 5.6 Oxylus will be available from elxis.org soon.

Security related

Password policy configuration option (chars length, complexity, expiration)
Enforce password expiration policy
New exit page "pwchange" (for expired password change)
Lock user account for 5 minutes after 3 unsucessfull login attempts
Crypt helper: added sha256, sha384 and sha512 encryption arlgorithm
Plugin Contact: Added security token
Always set header X-Content-Type-Options: nosniff regardless the security level
x-frame-options = SAMEORIGIN by default
sha256 integrity hash html attribute in CSS and JS files
nonce html attribute in CSS and JS files
crossorigin="anonymous" in CSS ans JS files
Added CSP nonce and {nonce} replacement for elxis config option
Minifier: Calculate CSP sha-256 checksums
Removal of inline events in all Elxis extensions and libraries
New method preAuthCheck for the elxisAuth library

Other

Page generators for content Categories, Articles, Tags and Archive
Provide an ID to all module DIV wrappers (id="moduleX")
Added Czech language
Update JQuery from v3.6.0 to v3.7.1
ElxisForm library: Option to add html attributes in Yes/No checkboxes
Database tables: DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci

Fixes

HTML helper: Fix unclosed tag
Messages helper: Fix GROUP BY issue when sql_mode=only_full_group_by
Administration login: Fix user trying to login from wrong URL
Component user: Add missing label for Country
Template Five: Fix possible XSS attack
Fix Google maps plugin

Pages: 1 ... 3 4 [5] 6 7 ... 10