Messages posted by: Carbonize

You mean the code to remove private messages? All that was was to remove the check box from the form.php file.

Post the first block of text from your addentry.php file. It should just be a bunch of includes.

Open up lang/LANGUAGE.php where LANGUAGE is your chosen language. Replace
with

Yours may not exactly match the first bit of code but you will see it as it's the first entry.

Think I will put the option to resolve IP's or not into the config file as it only affects posts made after you set the option. I would say it's a set and forget option as you want one or the other and are not really going to switch between them.

Machte Sie Steigung von 2.2 zu 2.3.1?

----------------------------------------------

Did you upgrade from 2.2 to 2.3.1?

I ask the same question. Did you upgrade from 2.2 to 2.3.1? Would it also be possible to see if your host is using Apache2?

Advanced Guesbook or Advanced Poll?

Amazingly enough it would be found in the lang folder in the file that is named after the language you are using, english.php in your case.

Did you upgrade from 2.2 to 2.3.1 in the move? If not try my password reset script and see if that fixes it.

Btw in the eight days I have been using this method and logging the spam I have just hit 100 attempted spam entries. I think I just started logging in time to catch someone just starting to spam as the first entries are messed up with the date as their name and the date also in the urls. They are still messing up by puttig +'s in the names where spaces should be. You can also tell they are all from the same person due to the fact the ICQ number on all of them is 864530. I think it may be a worm or a trojan as all the posts come from different IP's.

If your hosting comes with a MySQL database then all of the information you require should be in your control panel or in an email. 99 times out of 100 the MySQL server is located on the same machine so try it as localhost first. The third is the username they gave you for the MySQL database. 4th is the password they gave you for your MySQL database.

digits wrote:I have the same problem , I can't fix It

http://www.digitsplace.com/gb/condoleance/

If you are refering to an entry you cannot delete or edit then please email me your username and password for the guestbooks admin so I can take a look. Use webmaster@carbonize.co.uk

Be hard to say without seeing the script in action.

The only major exploit is the SQL injection exploit in 2.2 that lets you log in to the admin section. This does not exist in 2.3.1 which is the current version. The Cross Site Scripting exploit in 2.3.1 does exist but requires skill to implement and the people that deface guestbooks using the SQL injection are not real hackers but children who found the exploit on a web page. The cross site scripting exploit was silently patched in December by Chi Kien Uong. Why silently? don't ask me. Advanced Guestbook 2.3.1 has been around for atleast two years now without any sign of an update (except the silent one). I have been working on a project I call The db Guestbook which, at present, is Advanced Guestbook 2.3.1 with a lot of code changes etc. There is a more complete list of changes in the General Discussion forum.

Recently, when I have been bored and going around fixing defaced guestbooks, I have been emailing the webmasters telling them to come here or my forums and fix their guestbooks. A few days ao I started thinking that maybe I should just email them the fixed files to patch the login exploit, XSS exploit and to implement my simple spam filter.

Problem with that is some people get paranoid about strange emails. I know in one case the person posted my email on the Page-Zone Hosting forum asking how I had found their guestbook and if they really had been hacked.

A lot of people seem to have just installed the guestbook and then left it, I don't even think they read it.

1st is the name of the database you wish to use.
2nd you can probbaly leave
3rd is the username you have for your database
and 4th is your database password.