I have just started using Dolibarr and I’m impressed with the quality of this software. Tres bien!
Because I also run several joomla sites on my hosting account I was forced into installing an anti-hacking solution as joomla sites are often targeted by hackers.
The solution I use screens the URLs passed to the server before it is passed to the actual php code using a php-prepend script. This script looks for ill-formed URLs and may either sanitize the actual URL or block the IP altogether.
I have noticed that there is a reocurring IP blocking resulting from this specific string:
modulepart=companylogo&file=thumbs%2FAMLCSI-2009x250_small.png
which is passed to http://xxxxxx.com/erp/viewimage.php
The “file=” is considered a security risk by the anti-hacking software.
Maybe on future releases the “file” parameter can be substituted by another word that doesn’t make anti-hacking software nervous.
