Features: A-Z Index

A

Administration Zone

Administration Zone

B

Banners

Banners

C

Calendar

Calendar

Catalogues

Catalogues

Chatrooms and IM

Chatrooms and IM

Community features

Community features

Content Sharing

Content Sharing

Conversr Forums

Conversr Forums

Conversr Topic Polls

Conversr Topic Polls

D

Design without barriers

Design without barriers

Downloads

Downloads

E

Ease of Use

Ease of Use

eCommerce and Subscriptions

eCommerce and Subscriptions

Extendable

Extendable

F

Featured Content

Featured Content

G

Galleries

Galleries

I

Installation

Installation

Integration

Integration

L

Localisation

Localisation

M

Membership

Membership

N

News and Blogs

News and Blogs

Newsletters

Newsletters

P

Parental Controls

Parental Controls

Performance

Performance

Points

Points

Privacy Tools

Privacy Tools

Q

Quizzes and Surveys

Quizzes and Surveys

R

Rich Media

Rich Media

S

Search Engine Optimisation

Search Engine Optimisation

Searching

Searching

Security

Security

Spam Protection

Spam Protection

Stay on Top

Stay on Top

Structure / Navigation

Structure / Navigation

Support Tickets

Support Tickets

T

Template Programming Language

Template Programming Language

Testing tools

Testing tools

Themeing tools

Themeing tools

Third party integration

Third party integration

W

Warnings / Moderation

Warnings / Moderation

Web Pages

Web Pages

Web standards

Web standards

Website Polls

Website Polls

White-labeling (Debranding)

White-labeling (Debranding)

Wiki+

Wiki+

Newest 10 Entries

Question What defines a staff member in Composr?
Answer There are two ways to define "staff" in Composr:
  • System-defined staff: This includes administrators and super moderators who have specific privileges within the forum/member system (Conversr).
  • Privilege-based staff: Anyone granted the necessary permissions for a particular situation is considered staff for that context.

Composr prioritizes flexibility by utilizing privileges over fixed roles, allowing for customized staff responsibilities. However, certain features like "staff reply" in tickets inherently rely on a pre-existing understanding of "staff."

View

Question What steps should I take if my website has been hacked?
Answer If you suspect a security breach, take immediate action:
  • Identify the Cause: Analyze access logs for suspicious activity and pinpoint the vulnerability.
  • Clean and Restore: Restore your website from a clean backup and thoroughly remove any malicious code.
  • Address Vulnerabilities: Patch security holes, update software, and strengthen security configurations.
  • Seek Expert Help: If needed, consult security professionals for assistance with cleanup and prevention.

View

Question What additional security measures can I implement for my Composr website?
Answer
  • SSL: Enable HTTPS for encrypted communication and improved user trust.
  • Secure Zones: Configure sensitive zones to require confirmed sessions.
  • Restrict Logins: Enforce IP address confirmation for enhanced account security.
  • Maintenance Scripts: Restrict access to maintenance scripts like upgrader.php via IP restrictions.
  • Server Hardening: Disable unnecessary services, change default ports, enable automatic updates, and more.
  • Robots.txt: Use the robots.txt file to prevent search engine indexing of sensitive areas.

View

Question How does Content Security Policy (CSP) contribute to Composr security?
Answer CSP adds a layer of protection by controlling the resources the browser is allowed to load. It helps prevent:
  • XSS Attacks: By restricting inline scripts and limiting script sources.
  • Data Injection Attacks: By controlling the allowed origins for data requests.
  • Clickjacking: By specifying allowed framing sources.

Composr's CSP implementation utilizes "Trusted partner sites" and nonces for fine-grained control.

View

Question What is the purpose of "confirmed" and "non-confirmed" sessions?
Answer Composr distinguishes between confirmed and non-confirmed sessions for added security:
  • Confirmed: When you actively log in with your credentials.
  • Non-confirmed: When you return to the site and are automatically logged in via cookies.

You can configure zones to require confirmed sessions, preventing access from cookie-based logins alone. The Admin Zone uses this by default.

View

Question How can I enhance the security of my Composr installation on shared hosting?
Answer Shared hosting environments can be inherently less secure. Here are some tips:
  • Choose a Secure Host: Opt for hosts that offer suEXEC and open_basedir for better account isolation.
  • Test Security: Verify the host's security measures with the provided filesystem_browser.php script.
  • Restrict _config.php: Remove world-writable permissions from _config.php after installation.

View

Question How does Composr protect against Cross-Site Scripting (XSS) attacks?
Answer Composr utilizes multiple layers of defense against XSS attacks:
  • HTML Filtering: Configurable levels of filtering prevent malicious script injection.
  • Content Security Policy (CSP): Restricts the sources from which scripts and other resources can be loaded.
  • Input Sanitization: Data is sanitized before being processed to prevent malicious code execution.
  • Output Encoding: Data displayed to users is properly encoded to prevent interpretation as active code.

View

Question What are the different types of security alerts in Composr?
Answer Composr has a variety of hack-attack codenames that trigger security alerts and logging. Some common examples include:
  • DODGY_GET_HACK: Suspicious URLs with potentially harmful characters.
  • EVIL_POSTED_FORM_HACK: Possible CSRF attempts via malicious form submissions.
  • SCRIPT_UPLOAD_HACK: Attempts to upload PHP scripts, potentially malicious.
  • DOWNLOAD_PRIVATE_URL_HACK/TRY_TO_DOWNLOAD_SCRIPT: Attempts to download sensitive files.
  • BRUTEFORCE_LOGIN_HACK: Repeated failed login attempts.
  • SQL_INJECTION_HACK: Attempts to exploit SQL queries for data extraction.

You can customize alert handling for each type in data_custom/xml_config/advanced_banning.xml (Admin Zone > Security > Configure advanced banning).

View

Question What are some tips for secure website maintenance?
Answer
  • Avoid FTP: Use secure alternatives like SFTP or SSH for file transfer.
  • Secure Email: Enable SSL for IMAP and POP3 email protocols.
  • Strong Passwords: Use unique and complex passwords for different services.
  • Secure Computers: Keep your own devices patched and secure.
  • Maintenance Password: Remove the maintenance password from _config.php when not in use.

View

Question What are the main security features of Composr?
Answer Composr has a robust set of security features to protect your website, including:

Passwords:
  • Visual representation of password quality and enforcement of complexity rules.
  • Password expiry and prevention of re-use.
  • Secure password hashing, even if the database is compromised.
  • Temporary passwords for staff setup.

Login Restrictions:
  • Two-factor authentication via IP address approval.
  • IP address banning, including wildcard banning.
  • Session locking to IP addresses.
  • Configurable session expiry times.
  • Ability to prevent privileged actions from auto-logged in sessions.
  • Optional member approval process.

Auditing Systems:
  • Comprehensive audit logging of administrative actions.
  • Logging of user actions and IP address history.
  • Tools to analyze audit logs.
  • Failed login logging.
  • Hack attack detection, logging, and banning.
  • Email notifications for changes to user credentials.

Framework Security:
  • Protection against CSRF attacks.
  • Click-jacking prevention via CSP implementation.
  • Secure coding standards and scanning techniques.
  • Configurable HTML filtering to prevent XSS attacks.
  • Secure code modularization standards.

Other features:
  • Granular privileges and access permissions.
  • Content submission validation process.
  • Rootkit detection system.
  • Spam prevention systems.
  • Web application firewall rules.
  • Moderation systems.

View

Top 10 Entries

Question What is the Composr maintenance policy?
Answer Composr follows a rolling release model. This means:
  • New major/minor versions are released as they are ready.
  • Patch releases, primarily containing bug fixes, are only released for the latest supported major/minor version branch.
Users are responsible for staying updated to the latest release or applying necessary hotfixes.

This policy allows developers to focus resources on the latest versions and encourages users to leverage the ongoing improvements. You can find the release status on the Composr maintenance status page.

View

Question What are the general courtesy guidelines for interacting with the Composr community?
Answer
  • Understand that Composr is developed and maintained by volunteers who dedicate their time to the project.
  • Refrain from demanding free support or expecting developers to work on specific schedules.
  • Avoid placing undue pressure on volunteers or pushing them beyond their capacity.
  • Approach the community with respect and a collaborative spirit.
  • Remember that offering financial sponsorship for desired features can accelerate development.

View

Question How can I provide design feedback for Composr?
Answer Constructive design feedback is valuable. To provide effective feedback:
  • Be specific and detailed. Identify particular issues and provide clear examples.
  • Offer solutions. Suggest improvements or provide mockups demonstrating your ideas.
  • Avoid vague statements. General comments like "it looks dated" are unhelpful.
  • Understand design constraints. Consider factors like modularity, generality, feature density, compatibility, performance, and the subjective nature of design.
Directly reporting specific design bugs to the tracker or redesigning Composr interfaces yourself are excellent ways to contribute.

View

Question How do I make a feature suggestion for Composr?
Answer You can suggest features through the tracker or the Report Issue Wizard. When making a suggestion:
  • Be comprehensive and self-contained. Provide all necessary information and context for the developers to understand your suggestion.
  • Focus on widely beneficial features. Esoteric suggestions are less likely to be implemented.
  • Understand developer constraints. Feature development depends on factors like developer availability, funding, and project strategy.
  • Consider sponsoring features. Financial contributions can prioritize the development of desired features as it affords developers the time to implement it.

View

Question How do I report an emergency problem with my Composr site?
Answer Emergency problems are events that have significantly and suddenly affected your website's functionality due to legitimate bugs or undocumented usability issues. To report these:
  • Open a tracker issue explaining the problem and providing as much detail as possible (mark it as a major bug).
  • Help the developers help you. Provide access to your site (see the software feedback tutorial for more information), describe the exact situation, and avoid protracted back-and-forth communication.
  • Take backups before upgrading. This allows for easier recovery in case of problems.
Remember that bug fixing is not a free service. While developers are committed to Composr's stability, maintaining backups and practicing restoration procedures is your responsibility.

View

Question How can I get support for Composr?
Answer The community forum is an excellent resource for support. Users can help each other out with various problems. However, please remember that there's no guarantee of free professional support. If you need immediate or guaranteed assistance, consider hiring a professional developer.

View

Question I'm getting a lot of spam on my site. What can I do?
Answer Composr offers various anti-spam measures. Refer to the Anti-spam settings tutorial for advice on configuring these settings. If you believe there's an issue with the anti-spam system itself, report it to the issue tracker. Do not report general spam incidents.

View

Question My website is experiencing performance issues. What should I do?
Answer If you are experiencing performance issues, first identify the specific problem with your web host's help. Composr provides tools to manage database size, bandwidth, and disk I/O. However, high request volume or CPU usage may require server upgrades like a VPS or dedicated server.

If your web host complains about resource usage, gather detailed information from them, including specific URLs causing problems and resource usage metrics. If their limits are unreasonable, consider switching web hosts.

View

Question How do I report a security problem?
Answer Security problems must be reported privately. You can do this by marking the issue as 'Private' on the issue tracker (if you use the Report Issue Wizard, it will do that automatically when you select security-hole). Publicly disclosing security holes is irresponsible and may result in penalties. The core developer team will disclose the issue after a patch is released.

View

Question How do I report a bug in Composr?
Answer Every bug, no matter how small, should be reported. You can report bugs using the Report Issue Wizard or directly through the issue tracker. There is also a link to report bugs on your Admin Zone Dashboard where the version information is located. And when clicking that link, you can view open issues specific to your version of Composr.

When reporting a bug, be sure to:
  • Check for duplicates: Make sure the bug hasn't already been reported.
  • Report bugs individually: Each issue should be reported separately for better tracking and resolution.
  • Verify it's a Composr bug: Issues with third-party addons and code should be reported to their respective developers.
  • Consult the FAQ and tutorials: Check for common problems and solutions, particularly server configuration issues.
  • Provide comprehensive information: Include a clear and specific title, detailed steps to reproduce the problem, your browser version, Composr version, error messages, stack traces (if available), and any other
relevant details.
  • Use clear and concise language: Write in proper English, use correct terminology, and avoid vagueness.
  • Be respectful and patient: Remember that developers are volunteers and may not respond immediately.

View