Featured Sites: A-Z Index

H


Newest 10 Entries

Question What is the purpose of "confirmed" and "non-confirmed" sessions?
Answer Composr distinguishes between confirmed and non-confirmed sessions for added security:
  • Confirmed: When you actively log in with your credentials.
  • Non-confirmed: When you return to the site and are automatically logged in via cookies.

You can configure zones to require confirmed sessions, preventing access from cookie-based logins alone. The Admin Zone uses this by default.
Question How can I enhance the security of my Composr installation on shared hosting?
Answer Shared hosting environments can be inherently less secure. Here are some tips:
  • Choose a Secure Host: Opt for hosts that offer suEXEC and open_basedir for better account isolation.
  • Test Security: Verify the host's security measures with the provided filesystem_browser.php script.
  • Restrict _config.php: Remove world-writable permissions from _config.php after installation.
Question How does Composr protect against Cross-Site Scripting (XSS) attacks?
Answer Composr utilizes multiple layers of defense against XSS attacks:
  • HTML Filtering: Configurable levels of filtering prevent malicious script injection.
  • Content Security Policy (CSP): Restricts the sources from which scripts and other resources can be loaded.
  • Input Sanitization: Data is sanitized before being processed to prevent malicious code execution.
  • Output Encoding: Data displayed to users is properly encoded to prevent interpretation as active code.
Question What are the different types of security alerts in Composr?
Answer Composr has a variety of hack-attack codenames that trigger security alerts and logging. Some common examples include:
  • DODGY_GET_HACK: Suspicious URLs with potentially harmful characters.
  • EVIL_POSTED_FORM_HACK: Possible CSRF attempts via malicious form submissions.
  • SCRIPT_UPLOAD_HACK: Attempts to upload PHP scripts, potentially malicious.
  • DOWNLOAD_PRIVATE_URL_HACK/TRY_TO_DOWNLOAD_SCRIPT: Attempts to download sensitive files.
  • BRUTEFORCE_LOGIN_HACK: Repeated failed login attempts.
  • SQL_INJECTION_HACK: Attempts to exploit SQL queries for data extraction.

You can customize alert handling for each type in data_custom/xml_config/advanced_banning.xml (Admin Zone > Security > Configure advanced banning).
Question What are some tips for secure website maintenance?
Answer
  • Avoid FTP: Use secure alternatives like SFTP or SSH for file transfer.
  • Secure Email: Enable SSL for IMAP and POP3 email protocols.
  • Strong Passwords: Use unique and complex passwords for different services.
  • Secure Computers: Keep your own devices patched and secure.
  • Maintenance Password: Remove the maintenance password from _config.php when not in use.
Question What are the main security features of Composr?
Answer Composr has a robust set of security features to protect your website, including:

Passwords:
  • Visual representation of password quality and enforcement of complexity rules.
  • Password expiry and prevention of re-use.
  • Secure password hashing, even if the database is compromised.
  • Temporary passwords for staff setup.

Login Restrictions:
  • Two-factor authentication via IP address approval.
  • IP address banning, including wildcard banning.
  • Session locking to IP addresses.
  • Configurable session expiry times.
  • Ability to prevent privileged actions from auto-logged in sessions.
  • Optional member approval process.

Auditing Systems:
  • Comprehensive audit logging of administrative actions.
  • Logging of user actions and IP address history.
  • Tools to analyze audit logs.
  • Failed login logging.
  • Hack attack detection, logging, and banning.
  • Email notifications for changes to user credentials.

Framework Security:
  • Protection against CSRF attacks.
  • Click-jacking prevention via CSP implementation.
  • Secure coding standards and scanning techniques.
  • Configurable HTML filtering to prevent XSS attacks.
  • Secure code modularization standards.

Other features:
  • Granular privileges and access permissions.
  • Content submission validation process.
  • Rootkit detection system.
  • Spam prevention systems.
  • Web application firewall rules.
  • Moderation systems.
Question Why are my searches slow, and how can I improve search speed?
Answer Slow searches can occur when dealing with large amounts of content. Here are some workarounds and solutions:
  • MySQL timeout setting: For MySQL 5.7+, set a query timeout to prevent searches from locking up your database. Composr automatically sets this, but you can configure it manually if needed.
  • Use InnoDB tables: Switching to InnoDB tables in MySQL can prevent slow queries from affecting other users on your website. Note that InnoDB is not officially supported by Composr yet.
  • Enable the fast custom index: As mentioned earlier, the fast custom index is optimized for handling large datasets and filtered searches, potentially leading to significant speed improvements.
Question How does the search engine handle different languages?
Answer Composr's fast custom index supports multiple languages. Content is indexed based on its translated version, ensuring that you get relevant results even when searching in a different language.
Question What are quoted phrases and how do they work?
Answer Quoted phrases allow you to search for an exact sequence of words. For example, searching for "red apple" will only return results containing that exact phrase. Keep in mind that enabling quoted phrases can increase disk space usage.
Question How do stop words affect search results?
Answer Stop words are common words (like "the", "a", "is") that are ignored by the search engine because they add noise and don't contribute to the meaning of the search query. You can customize the list of stop words for the fast custom index. See the search tutorial for more information.

Top 10 Entries

Question How do I report an emergency problem with my Composr site?
Answer Emergency problems are events that have significantly and suddenly affected your website's functionality due to legitimate bugs or undocumented usability issues. To report these:
  • Open a tracker issue explaining the problem and providing as much detail as possible (mark it as a major bug).
  • Help the developers help you. Provide access to your site (see the software feedback tutorial for more information), describe the exact situation, and avoid protracted back-and-forth communication.
  • Take backups before upgrading. This allows for easier recovery in case of problems.
Remember that bug fixing is not a free service. While developers are committed to Composr's stability, maintaining backups and practicing restoration procedures is your responsibility.
Question How can I get support for Composr?
Answer The community forum is an excellent resource for support. Users can help each other out with various problems. However, please remember that there's no guarantee of free professional support. If you need immediate or guaranteed assistance, consider hiring a professional developer.
Question I'm getting a lot of spam on my site. What can I do?
Answer Composr offers various anti-spam measures. Refer to the Anti-spam settings tutorial for advice on configuring these settings. If you believe there's an issue with the anti-spam system itself, report it to the issue tracker. Do not report general spam incidents.
Question My website is experiencing performance issues. What should I do?
Answer If you are experiencing performance issues, first identify the specific problem with your web host's help. Composr provides tools to manage database size, bandwidth, and disk I/O. However, high request volume or CPU usage may require server upgrades like a VPS or dedicated server.

If your web host complains about resource usage, gather detailed information from them, including specific URLs causing problems and resource usage metrics. If their limits are unreasonable, consider switching web hosts.
Question How do I report a security problem?
Answer Security problems must be reported privately. You can do this by marking the issue as 'Private' on the issue tracker (if you use the Report Issue Wizard, it will do that automatically when you select security-hole). Publicly disclosing security holes is irresponsible and may result in penalties. The core developer team will disclose the issue after a patch is released.
Question How do I report a bug in Composr?
Answer Every bug, no matter how small, should be reported. You can report bugs using the Report Issue Wizard or directly through the issue tracker. There is also a link to report bugs on your Admin Zone Dashboard where the version information is located. And when clicking that link, you can view open issues specific to your version of Composr.

When reporting a bug, be sure to:
  • Check for duplicates: Make sure the bug hasn't already been reported.
  • Report bugs individually: Each issue should be reported separately for better tracking and resolution.
  • Verify it's a Composr bug: Issues with third-party addons and code should be reported to their respective developers.
  • Consult the FAQ and tutorials: Check for common problems and solutions, particularly server configuration issues.
  • Provide comprehensive information: Include a clear and specific title, detailed steps to reproduce the problem, your browser version, Composr version, error messages, stack traces (if available), and any other
relevant details.
  • Use clear and concise language: Write in proper English, use correct terminology, and avoid vagueness.
  • Be respectful and patient: Remember that developers are volunteers and may not respond immediately.
Question What is the role of robots.txt in SEO?
Answer The robots.txt file provides instructions to search engine crawlers about which parts of your website they should and should not access. You can customize the robots.txt file to prevent sensitive content from being indexed or to guide crawlers toward the most important areas of your site.
Question What is SEO and why is it important for my Composr website?
Answer SEO is the practice of optimizing your website to rank higher in search engine results pages (SERPs). By improving your SEO, you increase the visibility of your website, driving more organic (non-paid) traffic to your content.
Question How can I edit the metadata in Composr?
Answer Composr provides several ways to customize your metadata:
  • Site-wide Settings: You can configure default metadata for your entire site in the Admin Zone under Setup > Configuration > Site options.
  • Content-Specific Settings: When adding or editing content like Comcode pages or news posts, Composr provides fields for customizing titles, descriptions, and keywords specific to that content under the "Metadata" section.
  • Automatic Detection: Composr can automatically generate metadata by analyzing your content, but it's generally recommended to refine these suggestions manually for best results.
Question Should I trust agencies that promise top search engine results?
Answer No; be wary of agencies guaranteeing top rankings for any desired keyword. Achieving top results for competitive terms requires significant effort, expertise, and often, an ongoing strategy.

Focus on agencies that prioritize ethical "white-hat" SEO techniques like creating valuable content, optimizing website structure, and building natural backlinks. Avoid those employing "black-hat" methods that can lead to penalties from search engines.