Jump to content

netcarver

PW-Moderators
  • Content Count

    1,730
  • Joined

  • Last visited

  • Days Won

    33

Everything posted by netcarver

  1. @jajaja With both Digital Ocean and Contabo you get a bare VPS that you have to setup and manage yourself - both of these VPS offerings are capable of running Processwire if you are capable of administering the VPS. Costs are comparable between the two services (I've used both), but Digital Ocean has a much better administration interface, whilst Contabo offer a much better spec of VPS server for the about the same price. Feel free to get in contact via Private Message here on the forums if you want any more details. If you are not used to administering your own VPS, then there are managed solutions that might work better for you - but they will cost more. HTH
  2. Hi @Ilyas I'm kind of curious as to your use case for this request. Could you explain a bit more about the reason for wanting to password-protect the login page. Is this something that could be achieved another way - for example by moving the admin login to a less well known location?
  3. @entschleunigung and/or @Vivian Please create an issue on the processwire-issues repository on Github for this, as it needs to be looked at. @entschleunigung If you don't have a github account, just sign up for a free account, then follow the numbered steps on this page to add the issue to the issues repository. Thank you for your co-operation!
  4. Hmm, this reminds me of something from Jeff Starr over at Perishable Press. His stuff usually works very well. Perhaps you made some other inadvertent edit to the htaccess file? Did you do a graceful reload on Apache when you made the edits? If you do find the error to be somewhere else, and do decide to add the track/trace protection, you might want to make it case insensitive and add some other verbs in there too. Something like this... RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC] RewriteRule .* - [F] Which is just a snippet from Jeff's 6G Firewall. Or just use his entire script at the top of your htaccess file. There's also the beta version of his 7G Firewall available which I am using on a couple of sites.
  5. Just noticed this post on the issues-repo that might happen to fix the above as it contains a space -> "+" mapping. Untested, might be worth a shot.
  6. @Robin S That looks like a better fit for this scenario.
  7. Try posting the same URL but with the '%20's replaced with a '+'. Have you - or the hoster - added any rules to the htaccess file, or enabled any security modules?
  8. @Peter Falkenberg Brown Hello Peter, I've not used this on a new site in a while (ie, not tested on a recent version of PW) but have no doubts the method works as presented above as I'm using on my own internal site to generate invoice numbers. The version of PW I am using there is 3.0.119. If your general approach is the same, (given what you wrote above, I can't tell for sure) then I think this could work for you. Best wishes, Steve
  9. Hi Bernhard, Thanks for this. There is also Marc's FontAwesomePro module that might be similar.
  10. Here are a couple more PW-related calendar options, courtesy of my secret project.
  11. @Mikeinnc I think you have an error in the first line of your virtual host config. You posted that it has... <VirtualHost \*:80> I think it should be... <VirtualHost *:80> You will need to restart Apache after the edit.
  12. Hi @Mikeinnc, I assume that if you do a ping processwire.test that it resolves to localhost? Also, have you checked for permission issues on the file system? Specifically, can the user account that Apache runs under actually access /var/www/html/Processwire? Finally, have you had a look in Apache's logfile for the site? (Should be something like /var/log/apache2/errors.log or something like it.) Best wishes
  13. Hello @alex159753 Good to see you back again - I initially thought you were a spammer as your first post was a close fit to a very common pattern we see here as moderators. I am glad I was wrong! Regarding my points earlier, I wasn't aware your company was a startup and you have a fair point about certification. I don't know of any places doing online certified CCNA training, but you could look at itpro.tv as they might. However, that's not a free service, so if you do think of signing up with them do grab a sign-up code from somewhere like the Security Now podcast as that will give you a significant lifetime discount. Hope things work out for you in the startup. Best wishes, Steve
  14. Hello @alex159753, I've redacted the link from your post as you are a newcomer to the forum. Questions... If you are working at a networking firm, surely they can advise you about professional qualifications. Does your firm have a policy about continuing professional development? I would have thought google or youtube would be good places to find answers to this question - are you looking for something more specific than either of those can provide?
  15. While the PR list has been static for a long time, some of the PRs have been addressed and can actually be closed now - just not by me (eg see this one.) However, because the code repo is separated from the issues and requests repo, this makes the linkage a little diffucult to follow at times and some PRs that have been acted on are probably still open. If anyone spots PRs in this state, please ping the original author (or Ryan) on Github asking them to close the PR. I do see your p.o.v in that many of the PRs have not seen any action, and this may discourage potential contributors from posting any more PRs. Like this?..
  16. If your PR addresses an issue, rather than a feature, then one approach to the logjam would be to post your Pull Request on processwire/proceswire as normal, but then to add a new issue on processwire-issues that links to it. I can then tag your issue as "contains a fix". Hopefully this will put it on Ryan's radar. I've done one example of how this might work: https://github.com/processwire/processwire-issues/issues/1016 Similarly, if you create a PR for a feature, then there is nothing preventing it being referenced by a new issue on processwire-requests. I really wish this were more frictionless, but it's all I can think of at the moment.
  17. Hi @bernhard, @rjgamer Thanks for the comments - I share some of the frustration you are voicing - but I'm only able to handle issues on the processwire-issues and processwire-requests repos. I don't have admin rights on the main processwire code repo so I can't take any action on PRs, even if I wanted to. Perhaps we could invite @horst to also comment here as he is the only member of the community who I feel has been successful at having bulk code submissions adopted into Processwire.
  18. Site/System admins: If you are running any PHP-based site on Nginx using the php-fpm back-end, please be aware of CVE-2019-11043 [see 1]. This vulnerability potentially allows remote code execution on your site by simply sending it a specially crafted URL. Nextcloud have released this page and suggest upgrading your versions of PHP immediately. Minimum safe versions of PHP are: 7.1.33 7.2.24 7.3.11 I heard of this from the Security Now podcast - but the bug has been around for a few days and there is exploit code on github. A brief read through the details of this in the Security Now show notes [3], alongside the Nginx configs posted here in the forum [4] makes me think that this is relevant, and the need to upgrade is pressing. Please note, this is not specifically a flaw in ProcessWire but some of the technology it can be run on. [1] https://meterpreter.org/cve-2019-11043-php-fpm-arbitrary-code-execution-vulnerability-alert/ [2] https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/ [3] https://www.grc.com/sn/sn-738-notes.pdf page 9 [4]
  19. @adrian Just a thought, could you go into GH and update your readme to point to the new code under @wbmnfktr's account and also your GH repo to "Archived"? Many thanks for the work you've put into this BTW.
  20. Hi @rafaoski, thank you for the profile. The demo seems to be unavailable via the link above, would you be able to bring it back to life?
  21. Hi Wouter, Can you be a little more specific about what's happening? Can you visit your site in the browser? If so, can you see the admin login page?
  22. https://processwire-recipes.com/recipes/resetting-admin-password-via-api/
  23. Those sound more like brands of toothpaste or mouthwash to me.
  24. Other quick thoughts: If you fetch the page using curl/wget from the command line, is everything structured properly in the saved page body? Are your page results being cached or otherwise not being reloaded either in the browser or via one of PWs caches?
  25. @creativejay Have you tried turning off all your browser extensions, then closing and reloading your browser? In the past, I've spent hours fruitlessly trying to track down insertions into a page. I looked in my templates, modules and js. I eventually found out it was the Grammerly browser extension.
×
×
  • Create New...