Drupal Perimeter Defence

Basic perimeter defence for a Drupal site. This module bans the IPs who send suspicious requests to the site. The concept is: if you have no business here, go away.

Use the perimeter module if you get a lot of requests to 'wp-admin' or to .aspx urls on a linux server, or other similar requests.

Currently, the module bans users who generate "page not found" events for requesting any of the following url patterns:

MYDIGIPASS.COM Tokens

Provides tokens for fields acquired from MYDIGIPASS.COM authentication.

Requirements

https://www.drupal.org/project/mydigipass
https://www.drupal.org/project/token

Usage

Enable like any other module.
MYDIGIPASS.COM tokens will be available in all places where tokens are enabled.
For security and usability reasons, only the tokens enabled on admin/config/services/mydigipass/user_data_fields can be used.

AJAX Upload Disabler

My employer's website was flagged by Google as "hacked" a week and a half ago. Since that time, the other web and security team members and I have been pouring over logs attempting to figure out what has happened. Eventually, we nailed down that files were being uploaded to our server as temporary files through Drupal's AJAX file uploader via public webforms without the form truly being submitted and the appropriate parties notified that a submission had occurred.

Webform Encrypt Form Builder

Webform Encrypt by default is not compatible with the Form Builder Webform UI, so this module allows both modules to be used.

Pages

Subscribe with RSS Subscribe to RSS - Security