Help me on removing CSRF attack

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
kdineshbe's picture
Posted by kdineshbe on January 31, 2011 at 1:40pm

Anyone help me in removing CSRF attacks from drupal 6 sites.

i tried to pad some token with logout menu and validate it when logout is invoked.
When i am updating the site using update.php this module gets invoked, but after that it is not invoking
My site has cck, date and so on modules.

Any other options for CSRf attacks ?

Thanks in advance.

Comments

set settings.php permission to 444

Posted by Oliver Louis on January 31, 2011 at 4:48pm
Oliver Louis's picture

Also check the files which are infected to have settings.php 444. Go into the problem deeper so as to why it happened. Contact your hosting provider.

Solved!

Posted by kdineshbe on February 1, 2011 at 10:21am
kdineshbe's picture

I got the output by adding menu_rebuild in the custom module i developed.
But what the problem is it requires atleast a line of code outside the functions i declared ie. when my module simply has hooks, it is not invoked, but after adding a line of code in the top of the module i got the result.

Tips for avoiding CSRF.....

Posted by msk2020ckp on February 8, 2011 at 10:11am
msk2020ckp's picture

Use poormanscron Module...this is useful for avoiding CSRF attack from site...

Regards
Sivakumar M
+91-9751776660

How poormanscron help

Posted by sreedharprabhu.... on March 19, 2011 at 10:59am
sreedharprabhu.mca@gmail.com's picture

How poormanscron module avoid CSRF attack.
I implemented the module and still getting the CSRF. Kindly let me know how you did.

Thanks,
Sree