Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Bug reports and fixes
.
Home
Help
Login
Register
Elxis CMS Forum
»
Extensions
»
Tools
»
Elxis Defender
« previous
next »
Print
Pages: [
1
]
Author
Topic: Elxis Defender (Read 21284 times)
datahell
Elxis Team
Hero Member
Posts: 10358
Elxis Defender
«
on:
October 08, 2006, 23:05:39 »
Elxis Defender protects your Elxis site against XSS and SQL injection attacks. It is also an IP blocker tool.
Click
here
for more (in Greek)
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Haic
Jr. Member
Posts: 72
it's me
Re: Elxis Defender
«
Reply #1 on:
November 05, 2006, 00:00:12 »
Hello,
I want some explanation with the filter in defender
Wich is the importent filter for security?
Example Filters
SELECT UNION UNION SELECT BENCHMARK( ASCII( SUBSTRING(
CONCAT( CONCAT ( CONCAT_WS CHAR( INNER JOIN
FROM elx_ ' OR ' " OR " INSERT( INSERT (
LEFT JOIN RIGHT JOIN JOIN elx_ SELECT * FIELD(
DROP elx_ alert( alert ( SUBSTRING_INDEX( FIND_IN_SET(
DROP haico_elxis SELECT IF haico_elxis.elx_ mosConfig_ ADODB
ENCODE( MD5( UNION ALL '-- /**/
I hope you have a FAQ for this?
Logged
greetz,
Haico
datahell
Elxis Team
Hero Member
Posts: 10358
Re: Elxis Defender
«
Reply #2 on:
November 05, 2006, 08:30:26 »
Defender purpose is to block XSS attacks by filtering user input data. In these fields you add which words or phrases you do NOT wish to be accepted. It works just like apache's mod_security. If you search on the internet for how these attacks are performed you will find useful information on the way hackers usually use to attack to a site. There are two categories: attack to the database by adding words such as BENCHMARK, DROP, UNION, JOIN etc and attacking to the php/file system (for example by trying to overwrite global variables).
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Extensions
»
Tools
»
Elxis Defender