Messages posted by: Carbonize

Because updating brings its own problems which I am trying to write an update script to fix.

the 2.2 login exploit is the only real thing you need to atch. That and remember to leave HTML disabled.

No i am not the developer. As to your questions.

1 - Dunno, so long as they are leavng an email address they should receive notification.

2 - Look in lang/english.php. Most messages are stored i nthere and can be altered.

Your cofig.inc.php file is not empty otherwise your guestbook would not work at all. The reset script is just to reset the admin username and password.

Feel free to ask your questions in here or in my sites forum.

I also used a php script to block anyone from posting in my guestbook unless they had come from the addentry page but spoofing the refer is simple.

There is no way of forcing a person to be on the actual page other than requring some randomly generated information from that page to be sent with the other data. If you look at the url bar for this forum it looks like http://proxy2.de/forum/posting.php?t=4167 This is an example of GET data. GET data is sent in the url request whilst POST data is not but is similar in format. The t in our URL represents thread and the number is the number of this thread. This is how data posting works. The guestbook works in the same way and all the spammers do is send the data they want posted straight to the addentry.php page as if it had been submitted normally.

Yeah send methe fat file your script makes. I need a laugh.

I have an idea I'm toying with. A simple anti automated posting technique that should work well. For a while anyway. It uses the same random characters as the image verification but is invisible so it will not affct normal posters in anyway but should stop automated postings. This method should work fine for you as it doesn't need to create an image.

Auron wrote:

JTD wrote:And no for security reasons we wont post how on this board.

We WILL post how to patch the exploit but, its in several threads already and well documented.

And I would sooner have people visit my forum for help as atleast we will have some control then.

Just for the hell of it I'll probably make a feedback script. From what you said it just sends an email containing the information posted and puts it in a flat file for you to view. Love to know how the flat file is formatted.

The inputs aer the same but the input names wil change. The input name is the part of the tag marked name="INPUTNAME". To automatically submit a post you send the data which is formatted as INPUTNAME=blah. Tell me exactly what you want from the feedback form and I'll see if I can't throw something together.

Click on Search at the top and search for headers already sent.

Sounds like a problem with the server. Have you spoken to your hosts?

the guestbok already has blog/forum type functionality. So long as AGcode is allowed you can use [b]bold[/b], [i]italic[/i] etc. The full list is available by clicking the show legend link below the smileys.