I'm sure it's possible to s-can the RSS/atom/rdf feed stuff. I'd probably help if we knew what version of b2evolution you were using.

Try as you might, anything on a web-server is (by definition) "connected" and "accessible". No matter how much security and privacy you try to have, I'd not put anything up that you don't mind having leak to the public.

b2evolution 1.8.2 is the version

Not sure what you mean by scan, I would prefer just to disable the option for RSS feed altogether.

I understand the risk of content on the web but I also know that more can be done than this to prevent access from a coding perspective.

s-can == sh*t-can ;)

AFAIK, there's no on|off button for feeds. You might have a quick look in /conf/advanced, but I doubt you'll find anything (most ppl WANT feeds, so I'd be willing to bet there's no easy "OFF" switch).

I can think of three things you can do to surgically remove feed capabilities.

1) In your skins _main.php file ... delete the bit about feeds (if you haven't already done it).

2) Backup to a local drive, then delete the /xmlsrv directory and the files therein (atom, rdf, rss & rss2 feed files for blog content and comments).

3) Backup to a local drive, then delete the /skins/_atom, _rdf, _rss and _rss2 folders (and the files contained therein).

OH ... I'd also check the <head> of your _main.php file, for an auto detecting stuff for feeds, as I think there's some *forget what it's called* autogeneration/autodetect stuff there.

It's a tad Frankenstein-ish, but if you remove the references ( _main.php ) and remove the "deed-do'ers" ... it'd be pretty hard to generate any feeds, eh?

Hope it helps.

PS - All completely untested of course! ;) But then again, I'm in the other camp ... all our stuff is public and I try as hard as I can to get people to listen. :roll: