GXSecurity
The GX Website Security plugin is a script designed to take on the burdon of dealing with certain common security problems in PHP scripts.
It is made to immediate, transparent security of varying types. Far, far too often you hear about scripts having some common vulnerability - people just aren’t careful enough when writing scripts. This script is desiged to try to compensate for some of this carelessness.
It is a very usefull protection plugin developed and distributed under GPL by Gerd Xhonneux from xtc.
GXSecurity tries to defend against:
- HTTP request floods
- Script display vulnerabilities
- General flood protection
- IP banning via .htaccess
- HTML source viewing/stealing
- Block blacklisted IP addresses
- Block visitors from user-defined countries
- Detect URL cracks and injections
A website where GXSecurity is installed and wich was under fire from spammers and hackers were observed for a year.
This is the convincing result:
GXSecurity’s home page with informations in english, german and french can be accessed at:
http://xtc.xhonneux.com/?Projekte:GXSecurity
GXSecurity can be downloaded from
http://xtc.xhonneux.com/?Projekte:GXSecurity:Download
back to plugins
Discussion
I am running into problems when I try to include GXSecurity into my script. It keeps on complaining that Cookies are not switched on in the browser, although they are. What is happening, it seems, is that the session variable $_SESSION[’gx_nocookie’] is incremented continuously and stored server-sided. Why this is I don’t know, but it seems my Apache/PHP setup does not like the way GXsecurity works. If I forcefully switch off the cookie check in the code, I don’t get a response from the webserver any more. I’m using PHP_5.1.6 on Apache_1.3.33. Any clues what the problem might be?
Hi,
you could contact me over my website: http://xtc.xhonneux.com
Then we could try together via email to resolve this.