Help protect the website from attackers or bad actors, by identifying, preventing, or mitigating security vulnerabilities.

Boost Captcha

The module allows boost caching of Drupal pages with forms with CAPTCHA for long durations without running into the "Session reuse attack detected" error. The module allows forms with CAPTCHA to be cached even after the CAPTCHA session expires by allowing the CAPTCHA to be re-loaded using AJAX when a user starts filling in the form.

Categories: Actively maintained, Under active development, Performance, Security

Login Notify

The purpose of Login Notify is to alert you when someone logs in to your account from an unrecognized browser. It also gives you the opportunity to "lock out" a browser if you wish.

Categories: Seeking new maintainer, No further development, Security, Access control

Cookie Stealer

Provides way of accepting and logging cookies submitted from XSS vulnerable sites, as well as generating XSS injection strings.

Categories: Seeking new maintainer, Under active development, Security

CRON Sec

cron_sec, when enabled as the lightest module, implements key security similar to
Drupal 7's enhanced key security, and optionally allows cron to run at an elevated
permission level thought the use of switching the active user for the session to
one specified in its configuration, and then switching the user back as the cron
session ends to the anonymous user.

Installation

Install cron_sec like any standard Drupal 6 contrib module. Place its directory
under sites/all/modules, and then enable the module. In the course of being
installed, cron_sec will ensure its module weight is the lightest so that it can
execute its security functions as the first module to run via cron.

Configuration

To use cron_sec's elevated user permissions feature, you will want to create a user specifically to be the user running cron, with the permissions you specifically
want that user to have. Note that this user will also have all authenticated user
permissions.

  1. Create a role called "Cron" (or whatever you want to call it), and assign it permissions over and above the authenticated user permissions you want to have to run cron.
  2. Create a new user called "cron", and give it the role "Cron" you created in the previous step.
Categories: Actively maintained, Under active development, Security, Developer tools

IP Block

Block user access based on their IP address.
Also provide Maxmind integration to block Proxy users.

Categories: Seeking co-maintainer(s), Maintenance fixes only, Administration tools, Access control, Content editing experience

Spam Blackhole

This is a simple module to fight against spam submissions on a site. This module replaces form actions with a dummy URL which is then replaced during form submission using javascript.

Categories: Actively maintained, Under active development, Security

Pages

Subscribe with RSS Subscribe to RSS - Security