Posted by kdineshbe on January 31, 2011 at 1:40pm
Anyone help me in removing CSRF attacks from drupal 6 sites.
i tried to pad some token with logout menu and validate it when logout is invoked.
When i am updating the site using update.php this module gets invoked, but after that it is not invoking
My site has cck, date and so on modules.
Any other options for CSRf attacks ?
Thanks in advance.
Comments
set settings.php permission to 444
Also check the files which are infected to have settings.php 444. Go into the problem deeper so as to why it happened. Contact your hosting provider.
Solved!
I got the output by adding menu_rebuild in the custom module i developed.
But what the problem is it requires atleast a line of code outside the functions i declared ie. when my module simply has hooks, it is not invoked, but after adding a line of code in the top of the module i got the result.
Tips for avoiding CSRF.....
Use poormanscron Module...this is useful for avoiding CSRF attack from site...
Regards
Sivakumar M
+91-9751776660
How poormanscron help
How poormanscron module avoid CSRF attack.
I implemented the module and still getting the CSRF. Kindly let me know how you did.
Thanks,
Sree