If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Tired of being hacked? Here is the fix  XML
Forum Index » Support Forum
Author Message
hawkeye
Beginner

Joined: 19/01/2005 01:15:19
Messages: 21
Offline

I am new here and my guestbook was just hacked...I did this that carbonize mentioned and now I am getting this error when trying to access the admin

Fatal error: Call to undefined function: phprequire() in /home/mikespe/public_html/huesped/admin.php on line 1

any ideas?

Thx
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline

Password Lock? - This didn't work for me because I am using Phpnuke. I have not tried it in my non-nuke guestbooks.

Once the 2.2 exploit is fixed or the book is upgraded to 2.3, and html code is always disabled, there is no evidence of the guestbook being hacked. The only exception I can think of would be those guestbooks where the admin got caught in the admin loop after upgrading and mistakenly reverted back to the version 2.2 session.class.php. That's where the exploit is.
tcjay
Beginner
[Avatar]

Joined: 13/02/2002 19:26:25
Messages: 6
Offline

Which directory does the passwordlock.php file belong. The enter network password box appears but will not let me in when using the default test 123 user/passwords. TIA TOm
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Fatal error: Call to undefined function: phprequire() in /home/mikespe/public_html/huesped/admin.php on line 1
Lost me. Where did this phprequire call coem from? It's not in my admin.php and I don't remember anything in the image verification mod that involved the admin.php file.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
hawkeye
Beginner

Joined: 19/01/2005 01:15:19
Messages: 21
Offline

I pasted this in the admin.php like you mentioned in the above posts...and as a result this is the error I got...

This is not the image verication mod..this is the fix to stop from getting hacked...





You did say to put this in the admin.php correct?

Thx
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Try removing the ()'s so it's just require "passwordlock.php";.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
hawkeye
Beginner

Joined: 19/01/2005 01:15:19
Messages: 21
Offline

Thank you Carbonize...I will try it when I get home from work and post back here the results...

On a side note...I sent you an email via your MSN address...I waswondering if you got it?

Thx

hawkeye
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

No as my hotmail account only exists to let me use MSN messenger. My email address is on my website and at the bottom of every post I make in the forum.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



I put the passwordlock on thew geustbook.
But now i have the following problem.
I have put in the password lock the right password and username.
but when i want to login thru the password box, it keeps hanging in a loop.
When i remove the passwordlock.php and adjust admin.php then i can just login normal with the password i have appleid.

How can i solve this
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

If you are using Advanced Guestbook 2.3.1 or 2.3.2 there is no need to go to this extreme.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



Thx i'm using 2.3.2
And i'm really happy with it.
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

Hi,

I am using 2.3.2 now and the admin login is from browser instead of a pop-up password window.

Should I make a change in accoding to the modification posted here? Are the changes work for 2.3.2?

Please advice and thanks in advance.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

2.3.2 is secure so I'd just leave it as it is.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline

Thanks Carbonize.
Severynin322
Newbie

Joined: 26/02/2012 06:33:48
Messages: 1
Offline

It,s problem!
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum