[mlimg]
[xlang:en]
= SUMMARY =

Protector is a module to defend your CMS origined from XOOPS2 from various and malicious attacks.

This module can protect a various kind of attacks like:

- DoS
- Bad Crawlers (like bots collecting e-mails...)
- SQL Injection
- XSS (not all though)
- System globals pollution
- Session hi-jacking
- Null-bytes
- Directory Traversal
- Some kind of CSRF (fatal in XOOPS <= 2.0.9.2)
- Brute Force
- Camouflaged Image File Uploading (== IE Content-Type XSS)
- Executable File Uploading Attack
- XMLRPC's eval() and SQL Injection Attacks
- SPAMs for comment, trackback etc.

Protector defends you CMS from these attacks, and it records into its log. 

Of course, all vulnerablities can't be prevented.
Be not overconfident, please.

However, I [color=ff0000][b]strongly[/b][/color] recommend installing this module to all XOOPS/ImpressCMS/XCL sites with any versions.



= INSTALL =

First, define XOOPS_TRUST_PATH into mainfile.php if you've never done it yet.

Copy html/modules/protector in the archive into your XOOPS_ROOT_PATH/modules/
Copy xoops_trust_path/modules/protector in the archive into your XOOPS_TRUST_PATH/modules/

Turn permission of XOOPS_TRUST_PATH/modules/protector/configs writable

After Protector is installed, edit your mainfile.php like this:
[code]
	[color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;[/color]
	if (!isset($xoopsOption['nocommon']) [color=0000ff]&& XOOPS_ROOT_PATH != ''[/color] ) {
		include XOOPS_ROOT_PATH."/include/common.php";
	}
	[color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;[/color]
[/code]
Just add two red-colored lines.
If the blue-colored part is different from your mainfile.php, don't mind it.

Both pre-check and post-check are needed.

An option "DENY by .htaccess" is added on version 2.34.
If you try this option, set writable XOOPS_ROOT_PATH/.htaccess
Before installing this, you should compare it to the security risks which .htaccess is writable.


= How to rescue =

If you've been banned from Protector, just delete files under XOOPS_TRUST_PATH/modules/protector/configs/

The setting and controller of "rescue password" has been eliminated.


= How to install it into XOOPS Cube Legacy 2.1 =

Almost the same as installing into XOOPS 2.0.x.
There is just a different with the patching point in mainfile.php.
Refer this.
[code]
    if (!defined('_LEGACY_PREVENT_LOAD_CORE_') && XOOPS_ROOT_PATH != '') {
        include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;
        @include_once XOOPS_ROOT_PATH.'/include/cubecore_init.php';
        if (!isset($xoopsOption['nocommon']) && !defined('_LEGACY_PREVENT_EXEC_COMMON_')) {
            include XOOPS_ROOT_PATH.'/include/common.php';
        }
        include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;
    }
[/code]


= How to install it into ImpressCMS =

You need not patch to mainfile.php.
Just copy extras/ImpressCMS/preload/protector.php in the archive into your preload/ of ImpressCMS.

I thank vaughan about releasing the preload.

original usage written by vaughan:
----------------------------------
Install the module the same way as any other module.

You do not need to edit mainfile.php when using ImpressCMS, instead locate the ImpressCMS_Extras directory
inside the protector package, and copy the preload directory to your root ImpressCMS directory, so that your
ImpressCMS preload folder contains the file protector.php

your root ImpressCMS directory is the directory on your server where mainfile.php is located.

example: htdocs/preload/protector.php
----------------------------------


= UPGRADE from Protector 2.x =

- remove two lines for Protector from your mainfile.php
- remove all files under XOOPS_ROOT_PATH/modules/protector/ via FTP etc.
- upload files in the archive (refer INSTALL)
- do "upgrade" Protector in modulesadmin
- add two lines for Protector into your mainfile.php

Note: "XOOPS_TRUST_PATH" for 3.0 instead of "XOOPS_ROOT_PATH" for 2.x


= Using filter-plugin =

You can try filter-plugins in XOOPS_TRUST_PATH/modules/protector/filters_disabled/ just by copying them into filters_enabled.
Of course, you can make filter-plugins as you like because it is easy to create.

Here is an introduction for filter-plugins in this archive.

- postcommon_post_deny_by_rbl.php
an anti-SPAM plugin.
All of Post from IP registered in RBL will be rejected.
This plugin can slow the performance of Post, especially chat modules.

- postcommon_post_deny_by_httpbl.php
an anti-SPAM plugin.
All of Post from IP registered in http:BL will be rejected.
Before using it, get HTTPBL_KEY from http://www.projecthoneypot.org/ and set it into the filter file.
define( 'PROTECTOR_HTTPBL_KEY' , '............' ) ;

- postcommon_post_need_multibyte.php
an anti-SPAM plugin.
Post without multi-byte characters will be rejected.
This plugin is only for sites of japanese, tchinese, schinese, and korean.

-postcommon_post_htmlpurify4guest.php
All post data sent by guests will be purified by HTMLPurifier.
If you allow guests posting HTML, I strongly recommend you to enable it.

-postcommon_register_insert_js_check.php
This plugin prevents your site from robot's user registering.
Required JavaScript working on the vistors browser.

-bruteforce_overrun_message.php
Specify a message for visitors tried wrong passwords more than the specified times.
All plugins named *_message.php specifys the message for rejected accesses.

-precommon_bwlimit_errorlog.php
When band width limitaion works unfortunately, this plugin logs it into Apache's error_log.
All plugins named *_errorlog.php log some informations into Apaches error_log.


= NEW FEATURE SINCE 3.3: DBLayer trapping anti-SQL-Injection

This feature can beat almost malicious SQL Injection attacks if you uses some modules vulnerable to "SQL Injection".

However, you have to patch a file "class/database/databasefactory.php" to enable the feature.

I prepared patches/ folder, and it contains patched databasefactory.php for each cores.

Of course, I welcome if each core teams adpot the patches as HEAD :-)

minahito, marcan, and phppp BEST REGARDS!


= CHANGES =

3.40 (2009/09/16)
- numbered as a STABLE version
- renamed from "Xoops Protector" to "Protector" simply
- modified module icons for some forked cores (thx rene)

3.36 beta (2009/08/27)
- updated HTMLPurifier into 4.0.0
- added a filter postcommon_post_htmlpurify4everyone.php
- added a filter postcommon_post_register_moratorium.php 3.36a
- updated language files
-- persian (thx voltan) 3.36a

3.35 beta (2009/08/13)
- fixed english modinfo.php is always loaded. (thx Phoenyx)
- modified comment attacking detection of DBL anti-SQL-Injection again
- defined some constants for detecting Protector's mode for module maintainers
-- PROTECTOR_ENABLED_ANTI_SQL_INJECTION
-- PROTECTOR_ENABLED_ANTI_XSS
- updated language files
-- arabic (thx Onasre) 3.35a

3.34 beta (2009/07/06)
- modified comment attacking detection of DBL anti-SQL-Injection
- added an option for some environment always enables DBL trapping

3.33 beta (2009/04/03)
- stopped to force rewriting PHP_SELF and PATH_INFO (thx nao-pon)
- added checking PHP_SELF into bigumbrella anti-XSS
- added a constant PROTECTOR_VERSION
- modified compatibities with ImpressCMS (thx vaughan)
- fixed "none" option for F5Attack and Crawler cannot work finen (thx ChaFx)
- turned default value of bugumbrella anti-XSS on

3.32 beta (2009/01/27)
- fixed DBL anti-SQL-Injection is skipped on condition nocommon=1 (thx naao)
- updated language files
-- persian (thx voltan)
-- de_utf8 (ths Rene) 3.32a

3.31 beta (2009/01/20)
- fixed DBL anti-SQL-Injection's wrong detection by db->quiteString() with "
- updated language files
-- spanish (thx Colossus)

3.30 beta (2009/01/14)
- added DBLayer trapping anti-SQL-Injection
- added a filter precommon_bwlimit_errorlog.php
- added a filter precommon_badip_errorlog.php
- updated language files
-- spanish (thx Colossus)
- modified precommon_bwlimit_*.php returns 503 error (thx Colossus) 3.30a

3.22 (2008/12/03)
- modified the condition the cookie 'deleted' is sent as autologin_uname
- added a checker for the privacy of XOOPS_TRUST_PATH into the Advisory
- added language files
-- nederlands (thx Cath)
- updated language files
-- persian (thx voltan) 3.22a
- modified page navigation (thx McDonald) 3.22a

3.21 (2008/11/21)
- added a preferences for bandwidth limitation
- enabled precommon_badip_message.php as default
- modified messages by precommon filter
- updated language files
-- spanish (thx Colossus) 3.21a
- fixed fatal typo in protector.php (thx rohi) 3.21a

3.20 (2008/09/17)
- numbered as a stable version
- updated language files
-- arabic (onasre)
- fixed language files
-- de_utf8
- added language files
-- italian (thx Defcon1) 3.20a
- added a method isMobile() into ProtectorFilterAbstract 3.20b

3.17 beta (2008/04/24)
- modified URLs with the same hostname as XOOPS_URL are not counted as URI SPAM
- updated language files
-- persian (thx stranger and voltan) 3.17a
- added language files
-- de_utf8 (thx wuddel) 3.17a

3.16 beta (2008/01/08)
- added a filter postcommon_post_deny_by_httpbl for antispam by honeypotproject
- updated language files
-- polish (thx kurak_bu)

3.15 beta (2007/10/18)
- added "compact log"
- added "remove all log"
- added language files
-- fr_utf8 (thx gigamaster)

3.14 beta (2007/09/17)
- imported HTMLPurifier (special thx! Edward Z. Yang) PHP5 only
- added filtering point (spamcheck, crawler, f5attack, bruteforce, purge)
- added filter plugins
-- postcommon_post_htmlpurify4guest (guest's post will be purified) only PHP5
-- spamcheck_overrun_message
-- crawler_overrun_message
-- f5attack_overrun_message
-- bruteforce_overrun_message
-- prepurge_exit_message

3.13 beta (2007/08/22)
- modified the filter structure from function to class
- added filtering point (badip, register)
- added filter plugins
-- postcommon_register_insert_js_check (against registering SPAM)
-- precommon_badip_message (displays a message on rejecting the IP)
-- precommon_badip_redirection (redirects somewhere on rejecting the IP)

3.12 beta (2007/08/16)
- fixed for controllers with $xoopsOption['nocommon']=true

3.11 beta (2007/08/16)
- modified ordering precheck and postcheck
- removed a rbl server from postcommon_post_deny_by_rbl.php
- added language files
-- french (thx Christian)

3.10 beta (2007/07/30)
- modified precheck getting config via local cache
- modified precheck does not connect MySQL as possible
- fixed "reliable IP" does not work well
- modified mainfile patch can be inserted before protector installation
- added a logic to check some folder's permission on installing protector
- modified IP denying pattern. 'full', 'foward match', and 'preg match'
- added denied IP moratorium
- added a warning if the directory for configs is not writable

3.04 (2007/06/13)
- added a check against the phpmailer command-injection vulnerability.
- modified postcommon_post_need_multibyte (3.04a)

3.03 (2007/06/03)
- added a protection against installer attack
- changed language name
-- ja_utf8 (formerly japaneseutf) 3.03a

3.02 (2007/04/08)
- modified compatibility of the option "force_intval"
- fixed wrong link in advisory.php (thx genet)
- added a method module can skip DoS/crawler check (define a constant)
- updated D3 system
- added language files
-- persian (thx voltan)
-- russian (thx West) 3.02a
-- arabic (thx onasre) 3.02b
-- japaneseutf 3.02c

3.01 (2007/02/10)
- modified the rule for sorting IPs
- added language files
-- portuguesebr (thx beduino)
-- spanish (thx PepeMty)
-- polish (thx kurak_bu) 3.01a
-- german (thx wuddel) 3.01b
- modified module_icon.php 3.01c
- fixed typo in module_icon.php 3.01d

3.00 (2007/02/06)
- marked as a stable version
- fixed typo in log level
- fixed multibyte plugin never denies registered users (thx mizukami)
- modified compatibility with 2.2.x from xoops.org 3.00a

3.00beta2 (2007/01/31)
- added plugin system (just postcommon_post_*)
- added filtering-plugins
-- postcommon_post_deny_by_rbl.php (deny SPAM by RBL)
-- postcommon_post_need_multibyte.php (deny SPAM by character type)

3.00beta (2007/01/30)
- moved almost files under XOOPS_TRUST_PATH
- modified denying IP from DB to a file under configs
- removed rescue feature (just remove a file via FTP)
- added allowed IPs for user of group=1
- modified table structures (compatible MySQL5)
- added BigUmbrella anti-XSS system
- added anti-SPAM feature

= THANKS =
 - Kikuchi  (Traditional Chinese language files)
 - Marcelo Yuji Himoro (Brazilian Portuguese and Spanish language files)
 - HMN (French language files)
 - Defkon1 (Italian language files)
 - Dirk Louwers (Dutch language files)
 - Rene (German language files)
 - kokko (Finnish language files)
 - Tomasz (Polski language files)
 - Sergey (Russian language files)
 - Bezoops (Spanish language files)
These contributions was made for v2.x
I'm appreciated new language files for v3.0 :-)

Moreover, I thank to JM2 and minahito -zx team- about having taught me kindly.
You are very great programmers!


[/xlang:en][xlang:ja]

׻

Protector ϡXOOPS2١γƼCMS͡ʰդ빶⤫뤿Υ⥸塼Ǥ

Υ⥸塼Ǥϡʲιɤޤ

- DoS
- դ륯顼ʥ᡼ܥåȤʤɡ
- SQL Injection
- XSS ʤȤäƤ⡢ƤǤϤޤ
- ƥ॰Хѿ
- åϥå
- ̥Хȹ
- ǥ쥯ȥ̤깶
- ĤδCSRF (XOOPS 2.0.9.2ʲ¸ߤ)
- Brute Force ʥѥ
- ĥҵե륢åץ (ʤIE Content-Type XSS)
- ¹Բǽʥե򥢥åץɤ빶
- XMLRPCϢ
- SPAM/ȥåХåSPAMSPAM

ι⤫餢ʤXOOPS2١CMSꡢ˵Ͽޤ

Υ⥸塼ϤޤǡŪɸ椷Ԥޤ
3rdѡƥ⥸塼˸褦ʷΰɤ뤫⤷ޤ󤬡٤ƤηɤΤǤϤʤ΅϶ʪǤ

θ³ϾΤξǡ٤ƤXOOPS2١CMS桼Фơ󥹥ȡ[color=ff0000][b][/b][/color]ᤷޤ



ˡ

󥹥ȡˤϡXOOPS_TRUST_PATH꤬ɬפǤ

֤htmlXOOPS_ROOT_PATH¦˥ԡ֤xoops_trust_pathXOOPS_TRUST_PATH¦˥ԡޤ

⥸塼饤󥹥ȡǤСե뤬֤Ƥޤ

ǤϤޤäưƤޤΤǡmainfile.php ƤӽФ褦ˤ뤳Ȥɬ׾Ǥ

Protector 򥤥󥹥ȡ塢ȤXOOPS2١CMS mainfile.php ΰֲΤ
[code]
	[color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;[/color]
	if (!isset($xoopsOption['nocommon']) [color=0000ff]&& XOOPS_ROOT_PATH != ''[/color] ) {
		include XOOPS_ROOT_PATH."/include/common.php";
	}
	[color=ff0000]include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;[/color]
[/code]
ȡ֤ʤäƤ룲ԤɲäƲ

Ŀʬϡǽ˥󥹥ȡ뤷ΥСˤäưۤʤޤäƤƤⵤˤʤƷ빽Ǥ

С3顢ƥ⥸塼ͳIPݤѤʤʤޤXOOPS_TRUST_PATH/modules/protector/configs ĤƤProtectorIPưϿ硢˵Ҥ褦ˤʤޤ

⤷ʤ餫ͳǡʬȤIPݥꥹȤ˺ܤäƤޤä硢С2ޤǤϥ쥹塼ѥɤѤƤޤС3ϡFTP XOOPS_TRUST_PATH/modules/protector/configs ΥեԽޤϺƤ

2.34顢¸Ūˡ.htaccessˤDoSɸȤץɲäޤѤ硢XOOPS_ROOT_PATHˤ.htaccessǽȤɬפޤƳݤˤϡ.htaccessե뤬ǽǤ롢ȤꥹӤƲ


XOOPS Cube Legacy 2.1ؤΥ󥹥ȡ

ʰ㤤Ϥޤ
mainfile.php ν񤭴ݥȤμդ㤦ΤǡѥåƤ򼨤Ƥޤ
[code]
    if (!defined('_LEGACY_PREVENT_LOAD_CORE_') && XOOPS_ROOT_PATH != '') {
        include XOOPS_TRUST_PATH.'/modules/protector/include/precheck.inc.php' ;
        @include_once XOOPS_ROOT_PATH.'/include/cubecore_init.php';
        if (!isset($xoopsOption['nocommon']) && !defined('_LEGACY_PREVENT_EXEC_COMMON_')) {
            include XOOPS_ROOT_PATH.'/include/common.php';
        }
        include XOOPS_TRUST_PATH.'/modules/protector/include/postcheck.inc.php' ;
    }
[/code]


ImpressCMSؤΥ󥹥ȡ

mainfile.php ؤΥѥåɬפޤ
֤ extras/ImpressCMS/preload/protector.php 򡢤ImpressCMSpreloadե˥ԡƤ

preload󶡤Ƥ줿vaughan˴դޤ


С2ΥС󥢥å

ޤmainfile.php 顢Protector˴ؤԤƤ

ˡäXOOPS_ROOT_PATH/modules/protector/ Υեƺޤ

ˡ󥹥ȡƱͤե򥢥åץɤޤ

̤⥸塼äơProtector⥸塼򥢥åץǡȤޤ

Ǹˡ١mainfile.phpԽprecheckpostcheckͭˤƤС2ǤϡXOOPS_ROOT_PATH ȤʤäƤʬС3ǤϡXOOPS_TRUST_PATH ȤʤäƤ뤳ȤդɬפǤ


ե륿ץ饰

V3顢XOOPS_TRUST_PATH/modules/protector/filters_enabled/ ˥ե륿ץ饰Ǽ뤳Ȥǡɲååɲåå󥰤ʤɤǤ褦ˤʤޤ¤ñʤϤǤ

Υ˥ǥեȤѰդƤե륿ץ饰ΤŪʤΤҲ𤷤ޤ

- postcommon_post_deny_by_rbl.php
ѥкѡ
RBLѤPOSTϤͤޤ
RBLϿ줿IPƤϤ٤SPAMȽꤷޤ䤤碌뤿ᡢƻνŤʤ뤫⤷ޤ󡣡äChatʤɤǤϱƶ뤫

- postcommon_post_deny_by_httpbl.php
ѥкѡ
http:BLѤPOSTϤͤޤ
Ѥˡե򥨥ǥǳơ
define( 'PROTECTOR_HTTPBL_KEY' , '............' ) ;
ιԤ񤭴ޤHTTPBL_KEYϡhttp://www.projecthoneypot.org/ Ƥ

-postcommon_post_need_multibyte.php
ѥкѡ
Ƥܸ줬ޤޤƤ뤳Ȥ׵᤹ץ饰
ܸ줬ʸޤޤƤʤ100byteʾʸ󤬤äSPAMȽꤷޤ

-postcommon_post_htmlpurify4guest.php
ȤˤPOSTǡ٤ƤˤĤơHTMLPurifier̲ᤵե륿Ǥ
ȤHTMLĤƤǤͭˤ뤳Ȥ򶯤ᤷޤ

-postcommon_register_insert_js_check.php
ܥåȤˤ桼Ͽɤץ饰
Ͽ褦Ȥ桼Υ֥饦JavaScriptưƤɬפޤ

-bruteforce_overrun_message.php
ѥɤʾְ㤨Υåꤷޤ*_message.php Ȥե륿ץ饰Ϥ⡢åꤹ륿פΥե륿Ǥ

-precommon_bwlimit_errorlog.php
ɻߵǽƯˡλݤApacheΥ顼˵Ͽޤ
*_errorlog.php Ȥե륿ץ饰Ϥ⡢顼˵Ͽ륿פΥե륿Ǥ


⡢XOOPS_TRUST_PATH/modules/protector/filters_disabled/ ֤ƤΤǡɬפ˱ơfilters_enabled ˥ԡƤ


3.3οǽ: DB쥤䡼ȥåanti-SQL-Injection

Protector-3.3ʹߡǡ١쥤䡼üäơưŪSQL Injectionк򤹤뵡ǽɲäޤˤäơۤȤɤSQL Injectionȼ̵Ǥ뵤ޤʤ虜ȷĤʤ餤ǤϤΤǡݾڤϤޤ

ͭˤ뤿ˤϡŪ˥ǡ١եȥꥯ饹˥ѥåƤɬפޤ

patches/ եˡƥѤΥѥåѥǡ١եȥꥯ饹ե뤬ѰդƤΤǡεǽѤˤϡǾ񤭤Ƥ

󡢳ƥबѶŪˤΥѥåHEAD˺ѤƤΤ٥ȤȹͤƤޤѥåˤĤƤ⡢ʤ٤Ѥ䤹ˤĤǤ

minahitomarcanphppp󡢤


ѹ

3.40 (2009/09/16)
- ǤȤֹ򿶤ľ
- "Xoops Protector" Ȥ̾ƥץ "Protector" ؤѹ
- ImpressCMSXCLбѰդ (thx rene)

3.36 beta (2009/08/27)
- HTMLPurifier  4.0.0 ˹
- ե륿ɲ
-- postcommon_post_htmlpurify4everyone.php (POSTHTMLPurifier̲᤹)
-- postcommon_post_register_moratorium.php (ϿľURLƤػߤ) 3.36a
- ե빹
-- persian (thx voltan) 3.36a

3.35 beta (2009/08/13)
- ImpressCMSmodinfo.php˱ѸˤʤäƤΤ (thx Phoenyx)
- DBLT-ASIΥȤФưꥯȤȽǤ褦˽
- ⥸塼ƥʡΤˡProtectorư⡼ɤΤ뤿
-- PROTECTOR_ENABLED_ANTI_SQL_INJECTION
-- PROTECTOR_ENABLED_ANTI_XSS
- ե빹
-- arabic (thx Onasre) 3.35a

3.34 beta (2009/07/06)
- DB쥤䡼ȥåanti-SQL-Injection(DBLT-ASI)ΥȤФư¤
- DB쥤䡼ȥåפONˤʤäƤޤĶб륪ץɲ

3.33 beta (2009/04/03)
- PHP_SELFPATH_INFOüʸѴ᤿ (thx nao-pon)
- PHP_SELF礭ʻanti-XSSоݤ˲ä
- PROTECTOR_VERSION ǡProtectorΥСǧǤ褦ˤ
- ImpressCMS ؤΥ󥹥ȡˡHTMLPurifierŬѤ (thx vaughan)
- F5Attack䥯顼ǡ֥ΤߡפνäΤ (thx ChaFx)
- 礭ʻAnti-XSSνͤͭѹ

3.32 beta (2009/01/27)
- nocommonǤDB쥤䡼ȥåanti-SQL-Injectionư򤷤 (thx naao)
- ե빹
-- persian (thx voltan)

3.31 beta (2009/01/20)
- ʤɤǥ֥륯ơ󤬤SQL InjectionȽꤵ
- ե빹
-- spanish (thx Colossus)

3.30 beta (2009/01/14)
- DB쥤䡼ȥåanti-SQL-Injection
- Υե륿ä˥顼Ǥե륿ɲ
- IPȤƤ줿ˤĤƥ顼Ǥե륿ɲ
- ե빹
-- spanish (thx Colossus)
- кե륿ˤĤƤ503顼֤褦ˤ (thx Colossus) 3.30a

3.22 (2008/12/03)
- ѥå'deleted'Ȥͤ졢BruteForceȤʤ븽ݤб
- ƥɤXOOPS_TRUST_PATHץ饤١ȤȤʤäƤ뤫Υåɲ
- եɲ
-- nederlands (thx Cath)
- ե빹
-- persian (thx voltan) 3.22a
- ڡʥӤ򲼤ˤɽ褦ˤ (thx McDonald) 3.22a

3.21 (2008/11/21)
- Ӱ¤ɲ
- IP BANä˲֤Τ餻åǥեȤˤ
- precommonե륿Ǥǽˤ
- ե빹
-- spanish (thx Colossus) 3.21a
- IPꥹȤ򹹿ʤʤäƤΤ (thx rohi) 3.21a

3.20 (2008/09/17)
- ǤȤƥСֹդľ
- ե빹
-- arabic (onasre)
- ե뽤
-- de_utf8
- եɲ
-- italian (thx Defcon1) 3.20a
- Ƚ᥽å isMobile() ProtectorFilterAbstract饹ɲ 3.20b

3.17 beta (2008/04/24)
- URI SPAMȽǡۥȤƱξ̲᤹褦ˤ
- ե빹
-- persian (thx stranger and voltan) 3.17a
- եɲ
-- de_utf8 (thx wuddel) 3.17a

3.16 beta (2008/01/08)
- SPAMե륿ɲ postcommon_post_deny_by_httpbl (honeypotproject.orgBL)
- ե빹
-- polish (thx kurak_bu)

3.15 beta (2007/10/18)
- ΥѥȲɲ
- ɲ
- եɲ
-- fr_utf8 (thx gigamaster)

3.14 beta (2007/09/17)
- HTMLPurifierƳ (special thx! Edward Z. Yang) PHP4ǤϤޤȤưޤ
- ե륿ݥȤɲ (spamcheck, crawler, f5attack, bruteforce, purge)
- ե륿ץ饰ɲ
-- ƤΤ٤ƤHTMLPurifier̲ᤵե륿 (PHP5)
-- SPAMȽꤵ줿˥åɽʥ쥯Ȥ˥ե륿
-- Ƚꤵ줿˥åɽʥ쥯Ȥ˥ե륿
-- F5åȽꤵ줿˥åɽʥ쥯Ȥ˥ե륿
-- ֥롼ȥե˥åɽʥ쥯Ȥ˥ե륿
-- ¾ͽľ˥åɽʥ쥯Ȥ˥ե륿

3.13 beta (2007/08/22)
- ե륿ץ饰򥰥Хؿ饯饹ѹ
- ե륿ݥȤɲ (badip, register)
- ե륿ץ饰ɲ
-- 桼ϿJavaScriptåե륿(桼ϿSPAMк)
-- IP˥åɽե륿
-- IP˥쥯Ȥե륿

3.12 beta (2007/08/16)
- $xoopsOption['nocommon'] ưƤʤäХν

3.11 beta (2007/08/16)
- mainfile.php ؤΥѥåprecheckpostcheck㤨Ƥư褦б
- RBLե륿ΥǥեȤniku.2ch.net
- եɲ
-- ե󥹸 (thx Christian)

3.10 beta (2007/07/30)
- precheckconfigϡ륭å夫褦ˤ
- MySQLؤťͥӽ
- ѤǤIPǵǽƤʤХν
- 󥹥ȡmainfileѥåν֤դǤ⥨顼Фʤ褦ˤ
- ۥΥ󥹥ȡȥեΥѡߥå˥ååɲ
- IPְססססɽפΤǤɽǤ褦ˤ
- IP˻¤ߤ
- configsǥ쥯ȥ꤬ػߤˤʤäƤWarningɲ

3.04 (2007/06/13)
- phpmailerΥޥɼ¹ȼФåɲä
- postcommon_post_need_multibyte Υå⤦Ϥˤ (3.04a)

3.03 (2007/06/03)
- 󥹥ȡ饢åؤкɲä
- ̾ѹ
-- ja_utf8 (japaneseutf) 3.03a

3.02 (2007/04/08)
- IDѿζѴν⤦ˤ䤫ˤ
- ƥɤΥڤ
- DoS/crawlerå򥹥åפǤʤ󶡡ʤ
- D3ƥΥåץǡ
- եɲ
-- persian (thx voltan)
-- russian (thx West) 3.02a
-- arabic (thx onasre) 3.02b
-- japaneseutf 3.02c

3.01 (2007/02/10)
- IPȥ롼ѹ
- եɲ
-- portuguesebr (thx beduino)
-- spanish (thx PepeMty)
-- polish (thx kurak_bu) 3.01a
-- german (thx wuddel) 3.01b
- module_icon.php 򥭥åǽ 3.01c
- module_icon.php typo 3.01d

3.00 (2007/02/06)
- ǤȤƤΥ꡼
- ٥ߥν
- ޥХȥץ饰Ͽ桼POSTƤʤ褦˽ (thx mizukami)
- ܲ2.2.xȤβ 3.00a

3.00beta2 (2007/01/31)
- ץ饰󥷥ƥƳ (Ȥꤢ postcommon_post_* ȤפΤ)
- ե륿ץ饰ɲ
-- postcommon_post_deny_by_rbl.php (RBLˤIP١SPAMк)
-- postcommon_post_need_multibyte.php (ʸˤSPAMк)

3.00beta (2007/01/30)
- XOOPS_TRUST_PATH¦Τ֤Ȥˤ
- IPݵǽñʥե(configsǥ쥯ȥ겼)ѹ
- 롼1ˤʤIPɥ쥹µǽɲáʤñʤե
- 쥹塼ǽκ 3.0ʹߤñFTPǥե褷ޤ
- ơ֥빽¤ν (MySQL5б)
- BigUmbrella anti-XSS Ƴ
- ȡȥåХåSPAMкǽɲ
- Cube 2.1 Legacy RC Ǥưǧ


ռ
 - Kikuchi (ե)
 - Marcelo Yuji Himoro (֥饸Υݥȥ졦ڥե)
 - HMN (ե󥹸ե)
 - Defkon1 (ꥢե)
 - Dirk Louwers (ե)
 - Rene (ɥĸե)
 - kokko (եɸե)
 - Tomasz (ݡɸե)
 - Sergey (ե)
 - Bezoops (ڥե)
 (ʾ塢С2ޤǤθեԤǤС3ǤϤääƤޤߤޤ
 - beduino (֥饸Υݥȥե)
 - PepeMty (ڥե)
 - kurak_bu (ݡɸե)
 - wuddel (ɥĸ)
 - voltan&stranger (ڥ륷)
 - onasre (ӥ)


ޤΥ⥸塼ˤꡢ͡ʤƳڥ򤤤zxγ͡Ȥ櫓JM2minahitoˡ괶դޤ


[/xlang:ja]

------------------------------------------------------------

GIJ=CHECKMATE <gij@peak.ne.jp>
2004-2009

PEAK XOOPS  http://xoops.peak.ne.jp/

