| Author |
Message |
|
|
|
No it cannot be done. Wha tif they sign from a public computer or a large network? Once they had signed nobody else could sign from that location. The same applies to people on dial up who get assigned a new IP each time they connect.
|
 |
|
|
|
It's been 6 hours and that site is still not patched.
|
|
|
|
|
yes.
|
|
|
|
|
Fixed now you need to patch. Easiest way is goto www.carbonize.co.uk/AG and download the patched file then upload it.
|
|
|
|
|
Post a link to it here.
|
|
|
|
|
the .htaccess file in admin folder is just to prevent the files from being viewed by a web browser. Well it's supposed to anyway.
|
|
|
|
|
I have fixed all the advanced guestbooks you had linked to and I wish to inform you that http://www.zone-h.org/en/advisories/read/id=6449/ has actually ben silently patched and does not work on recent downloads of the guestbook.
|
|
|
|
My answer from your post in the other forum (DO NOT POST THE SAME PROBLEM TWICE)
At a guess open up guestook.pl and look for <title>Administration</title> which is near the start of the admin html. A little below that is the body tag for the admin section.
On a different note it is bad practise to make a site that automatically opens a new window just as telling people to turn off their pop up stopper is bad practice.
|
|
|
|
|
Tried editting the BASE_URL in config.inc.php ?
|
|
|
|
|
Yes cPanel is a pile of pants but I cannot see it being responsible for the recent defacements. If you have HTML enabled then they can post ANY HTML they wish. Also if you run 2.2 or updated from 2.2 to 2.3.1 but kept the 2.2. session.class.php file then they can log in as admin and when an edmin edits a post it is saved exactly as it is sent, complete with html tags.
|
|
|
|
|
1.5 is Perl whilst 2. is PHP. Whilst PHP is simple to understand Perl is not so most "script kiddies" do not bother looking for exploits in it. The only real exploit was in 2.2 and involved a MySQL injection but 1.5 does not use the database.
|
|
|
|
|
2.3.1 is secure. 2.3.2 is more upto date but still in beta. Simple anti spam modification - http://proxy2.de/forum/viewtopic.php?t=4211
|
|
|
|
|
To be honest they can't usually do anything with your username and password as the MySQL server will be set up to only allow only connections from the server it is installed on. This is only a problem on shared hosting where they are on the same server.
|
|
|
|
You were to slow in patching and the last moron deleted all your entries. I have again removed the offending entry.
-------------
Sie sollten beim Ausbessern verlangsamen und das letzte moron löschte alle Ihre Eintragungen. Ich habe wieder die beleidigende Eintragung entfernt.
|
|
|
|
|
Yes I'm already looking into the particular MySQL call used to fetch the entries. It fetches the entries, pics and comments at the same time and e think this is where the problem lies. I will either rewrite it or get Freddy to as he knows MySQL better than me.
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login