If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Messages posted by: Carbonize
Forum Index » Profile for Carbonize » Messages posted by Carbonize
Author Message
a bot is a program that goes around the net following links. robots.txt is a file that was agreed as a standard to tell these bots where they could and could not go. The spammers will be using either a program or a script which has a list of sites using the guestbook and the exact url for the addentry page. It just sends the add entry info and nothing else.
Yeah I should of said. I turned off private messages a long time ago so forgot all about it.
open up lib/session.class.php and look for

On the next line put the following (rembering to put this between that line and the next line, DO NOT OVERWIRTE THE CURRENT NEXT LINE!)


Very crude but effective. Just change the YOUR PASSWORD to whatever your password is. I assume with this code that your actual password is not NOTYOURPASSWORD but if it is change this bit. Also you will need to change this if you ever change your password.
Mine used to send it from something stupid and not the email i specified. I manually changed mine in lib/add.class.php.

look for

and replace <".$this->name."> $from_email with the email address you want them sent from. Mine looks like this
I have just set my guestbook up to post a nice message if anyone tries to use the exploit password it also logs their details.
or more likely look for "') OR ('a' = 'a" in the supplied password or trim($password)
Hmmm I don't have a copy of 2.2 but I wonder if we couldn't put in a simple

I've just done a search on Google for "advanced guestbook 2.2" and every site i found I could log in on. Some had been hacked so I fixed them and I cleaned up the spam in others. I am running 2.3.1 on PHP 4.3.4 so I am safe as this seems to have fixed the magic quotes problem. I would highly recommend updating to 2.3.1 and hassling your webhost about updating their PHP version. In the meantime I suggest either protecting your admin.php with .htaccess as has been suggested or simply renaming it and removing the link to it from the guestbook. After all if they can't find it they can't exploit it.
Ok I've overhauled the image verification script. It now takes them back to the addentry form with an error message at the top if they get the code wrong. I have also rewrote the instructions to make then clearer, I hope, and included iinstructions for people using 2.2. Finally I have also changed how it appears in the form so it makes more sense to the user.

You can get it from http://www.carbonize.co.uk/verification.zip
Ok I've overhauled the image verification script. It now takes them back to the addentry form with an error message at the top if they get the code wrong. I have also rewrote the instructions to make then clearer, I hope, and included iinstructions for people using 2.2. Finally I have also changed how it appears in the form so it makes more sense to the user.

You can get it from http://www.carbonize.co.uk/verification.zip
My last post was a subtle hint that it would be nice if somebody sent me the files. Unless you have a download link for 2.2 that is.

Out of curiosity why do you prefer 2.2 to 2.3.1?
I'd have to look at the 2.2 script to see what the differences were.
It probably wont work with 2.2 as it was written for 2.3.1. Is it not possible for you to upgrade to 2.3.1?
I've uploaded my image verification script to http://www.carbonize.co.uk/verification.zip
This mod was made for me by my friend Sean. This script stops people posting unless they type in the randomly generated text that appears in an image on the addentry page. You can get it from www.carbonize.co.uk/verification.zip.
 
Forum Index » Profile for Carbonize » Messages posted by Carbonize
Go to:   
Based on the open source JForum