Jump to content


Member Since 17 Feb 2018
Offline Last Active Nov 15 2018 12:44 AM

#15310 Error while trying to search an existing account

Posted by Noime on 15 November 2018 - 12:12 AM

That's a really old bug with X2. It has to do with how some GROUP-BY statements are constructed by the framework, and the problem can raise its head at all different locations.


I silenced the problem by activating some backward-compatibility-options for the mysql daemon. My mysqld.cnf for mysql-version 5.7 has the following lines in the [mysqld] section :

# this is to silence X2 group-by errors

Older mysql versions don't know "sql_mode", but instead have just "mode". In that case the line must look like this. From memory, must be tested.


#15278 secure X2 with fail2ban - anyone ?

Posted by Noime on 08 November 2018 - 01:31 AM

Thanks Peter !


No, no : I don't intend to ban on the notifications. I definitely wasn't clear on this. My two lines are meant to suppress the notification lines in the apache logs. There is, for a single user, one line per second added to the log. That's huge ! It not only bloats the log, it makes fail2ban scan loads of data that are good. I chose to suppress the line on apache-level instead of with an ignoreregex in fail2ban.


Protecting against brute force login attempts would be nice, but I don't see a 403 on wrong login. But I maybe try to hack up a new repeat-offender filter that checks for repeated login attempts.


Even better would be if one could rename the login page. If we had this, any attempt to reach index.php/site/login could be regarded as a hacking event.

#14904 GDPR Compliance (EU regulation)

Posted by Noime on 05 June 2018 - 03:11 AM

The quick answer, as far as I understand GDPR, is : No, X2CRM is not compliant.


The long answer, again to my understanding, is that companies need to be compliant.


Compliance is not a software feature, but software can make it easier or harder to comply to GDPR.


Maybe others have a different point of view, and I'd be happy to hear theirs.



#14846 Error 500: serialized data

Posted by Noime on 03 May 2018 - 04:48 AM

Late to the party ...


Had exactly this same issue, turned out to be a missing php-module. mbstring in my case, which was hinted in protected/runtime/errors.log