If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Messages posted by: 39 Reasons
Forum Index » Profile for 39 Reasons » Messages posted by 39 Reasons
Author Message
I had the same problem a couple of days ago and everyone was SO helpful!!! I do have phpMyAdmin so I was able to delete the message that way. But I got this info from Trevor after I e-mailed him for help!

Some hackers are trying to get clever by removing the delete links to their offending messgaes, or in your case, having an image so big you can't see anything else. If it ever happens again there's an easy way round it...

Add a new entry to the guestbook
Log in and access the admin panel
Go to the entry you've just added
Point mouse to delete button for new entry, right click, copy shortcut
Paste shortcut into address bar, it'll look something like this...
http://www.yoursite.com/guestbook/admin.php?action=del&tbl=gb&id=123&session=d40f55d2856a686e0f6f8766ba701bb1&uid=1
Reduce the highlighted number by 1 (if the offending entry was 5 entries prior to the one you've just added you'd reduce the number by 5 etc).
Hit enter (or click 'go') and it'll delete the offending entry.
Carbonize wrote:Glad to hear it. You may also want to use my image verification mod to prevent sutomated spamming of your guestbook. Not that I saw any.


where would I find that?

Carbonize wrote:Just a suggestion, why not edit the templates a little so that you could have the guestbook load in the iframe you use for the rest of the site?


Would love to..... but don't know how And I don't want to bother anyone with it. I don't handle the majority of the site, only the extras (guestbook, e-mail, stats and CPanel maintenance) and our "webmaster" is still learning how to do this as well. There are other things I want to (eventually) figure out how to do - get rid of the "here you can leave your mark" note, replace the "GUESTBOOK" image with our logo, have that link return the viewer back to the main site, fun stuff like that. I know all those answers are on this forum somewhere, I just need to find the time to research them. Plus I need to figure out how to allow visitors to the site the option of signing up on our mailing list...... want to add an online journal for the guys in the band to post into... I could go on and on and on and on.... but I won't

Just want to thank you all again for your help - don't know what I would have done without this forum.
No problems. I am able to log in with no problem. Haven't done anything but delete the testing posts - but so far so good.
Actually - that was the first place I went once I knew I still had access to my admin section. But the photo was showing up so huge even in there (like it was on the guestbook itself) that I couldn't get to the message to delete it. It was in message 94 or 95 - and the photo covered everything down to message 80.

And since this happened, I have upgraded to the newer version of the guestbook AND changed my password!
Carbonize wrote:Sorry my mistake. They have editted a post via the admin area. The exploit for the guestbook does not work on your site though so I am curious as to how they got in. Anyway you can delete the post that got editted to fix the problem then change your password. Or if you wish email me the login details and I will deal with it. My email is on my site.


Carbonize - you are a genius!!! I went in through myphpAdmin page - checked the latest entry - and sure enough - that was the problem!!! So I deleted it, and I'm back up and running. Thank you everyone!! And amber... I will read that post you suggested too.
I upgraded to 2.3.1 after reading all of the suggestions on here. Like I said, I'm pretty new to this so I'm not sure what
Did you chmod the template files to 777
means.

This is what my header template looks like - again, I don't know a lot about coding, but I'm trying to learn.

<html>
<head>
<title>$LANG[FormSelect]</title>
$LANG[metatag]
<meta name="keywords" content="guestbook, php, script, mySQL, free, advance">
<style type="text/css">
<!--
.font1 { font-family: $VARS[font_face]; font-size: $VARS[tb_font_1]; color: $VARS[text_color] }
.font2 { font-family: $VARS[font_face]; font-size: $VARS[tb_font_2]; color: $VARS[text_color] }
.font3 { font-family: Arial, Helvetica, sans-serif; font-size: 7.5pt; color: $VARS[text_color]; font-weight: bold}
.select { font-family: $VARS[font_face]; font-size: 9pt}
.input { font-family: $VARS[font_face]; font-size: 9pt}
-->
</style>
<script language="JavaScript">
<!--
function gb_picture(Image,imgWidth,imgHeight) {
var border = 24;
var img = Image;
var features;
var w;
var h;
winWidth = (imgWidth<100) ? 100 : imgWidth+border;
winHeight = (imgHeight<100) ? 100 : imgHeight+border;
if (imgWidth+border > screen.width) {
winWidth = screen.width-10;
w = (screen.width - winWidth)/2;
features = "scrollbars=yes";
} else {
w = (screen.width - (imgWidth+border))/2;
}
if (imgHeight+border > screen.height) {
winHeight = screen.height-60;
h = 0;
features = "scrollbars=yes";
} else {
h = (screen.height - (imgHeight+border))/2 - 20;
}
winName = (img.indexOf("t_") == -1) ? img.substr(4,(img.length-) : img.substr(6,(img.length-10));
features = features+',toolbar=no,width='+winWidth+',height='+winHeight+',top='+h+',left='+w;
theURL = '$GB_PG[base_url]/picture.php?img='+Image;
popup = window.open(theURL,winName,features);
popup.focus();
}
//-->
</script>
</head>
<body bgcolor="$VARS[pbgcolor]" link="$VARS[link_color]" vlink="$VARS[link_color]">

Thanks!!!
Pamela


http://www.39reasons.com/guestbook39/

I'm pretty new at all this. I've done the search for fixing it, but I'm just not sure I understand it enough and don't want to make it worse.

I can still log into my admin pages - but I don't know what to do from there.
THANK YOU THANK YOU THANK YOU!!!!!!
Looks like I've got some work to do!!
I have (or HAD, since I am having to re-do our guestbook) html disabled on our guestbook. Maybe that was the difference. I do allow people to post pictures - so they are able to represent who they are that way (just doesn't link to anything - it's just the photo or logo).

I did a google search for the exact phrase used when these spammers posted - and yes - it does appear that they post that exact message on lots of other guestbooks. I'm sure it works for them though - one of the guys in the band clicked on their link to see who in Germany thought our site "looks really good and gives great information" - now he gets all kinds of junk mail.


.........did someone say fudge????
 
Forum Index » Profile for 39 Reasons » Messages posted by 39 Reasons
Go to:   
Based on the open source JForum