| Author |
Message |
|
|
|
Don't know as it's not my site and I joined a long time ago. Advanced Guestbook, like any script, is only secure if it kept upto date. Unfortunately Advanced Guestbook is over 2 years old. I have just put the finishing touches to a beta version of Advanced Guestbook 2.3.2 which I was hoping JTD would test for me but he doesn't answer his friggin emails. Advanced Guestbook 2.3.1 is very secure, I have been running it for 2 years without incident except for spam which I have dealt with and help others deal with.
|
 |
|
|
|
And you didn't bother to read the second and third sticky's of this forum because?
|
|
|
|
I think for #2 you mean use General Discussion 
|
|
|
|
|
Actually ignore my comment about the username above. If you change the username when you change the password on the password page both will be changed.
|
|
|
|
|
I have traced the reason for the malformed headers warning. it is partly due to a reversal of display name and email address in the emails sent out by the guestbook and is also down to sloppy coding in cPanel
|
|
|
|
Any Advanced Guestbook posts made in the forum that get answered in this thread will be deleted. If you cannot find the answer to your question here use the SEARCH function before creating a new thread.
For security reasons we advise you to disable HTML in posts
You can find a list of current patches for known Advanced Guestbook exploits at http://proxy2.de/forum/viewtopic.php?t=4238
Trevor explains more about hacking and various related subjects at http://proxy2.de/forum/viewtopic.php?t=3475
Here is a list of frequently asked questions with links to the relevant threads kindly compiled by Amber222.
Simple Anti Spam Mod - http://proxy2.de/forum/viewtopic.php?t=4389
Resetting the Admin Password:
With Carbonize's reset.php file:
http://proxy2.de/forum/viewtopic.php?t=4071
In PhpMyAdmin, by Jam'n:
http://proxy2.de/forum/viewtopic.php?t=2595
http://proxy2.de/forum/viewtopic.php?t=1711
(Important: Only follow Jam'n's instructions for resetting the password. Do Not follow others' suggestions to Overwrite the v2.3.1 session.class.php file with the 2.2 version!)
Encrypt visitors email addresses in guestbook (stop email harvesters):
http://proxy2.de/forum/viewtopic.php?t=3778
Help with Upgrade from 2.2 to 2.3.1:
Guestbook 2.2. to 2.3.1 upgrade script, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=4010
Discussion on Manual Upgrade:
http://proxy2.de/forum/viewtopic.php?t=3334Admin Loop (Keeps going back to Login):
http://proxy2.de/forum/viewtopic.php?p=11334&highlight=#11334
http://proxy2.de/forum/viewtopic.php?t=3786
Admin config.inc.php file:
http://proxy2.de/forum/viewtopic.php?t=3654
Password Lock, by Carbonize:
http://proxy2.de/forum/viewtopic.php?p=9621&highlight=#9621
Changing the Admin Password:
http://proxy2.de/forum/viewtopic.php?t=3744
Make a backup .sql file of guestbook entries:
Export/Import MySQL Database:
http://proxy2.de/forum/viewtopic.php?t=3580&highlight=sql
Guestbook MySQL database transfer:
http://proxy2.de/forum/viewtopic.php?p=5819&highlight=#5819
Where is the guestbook database?:
http://proxy2.de/forum/viewtopic.php?t=2761&highlight=sql
Change the Guestbook Picture:
http://proxy2.de/forum/viewtopic.php?t=3827&highlight=picture
How To Change The Drop Down Menu In Advanced Guestbook, by Trevor: http://proxy2.de/forum/viewtopic.php?t=3315
How to change the required fields in Advanced Guestbook, by Trevor:
http://proxy2.de/forum/viewtopic.php?t=2877
Change the Comments Text Color:
http://proxy2.de/forum/viewtopic.php?t=3380
http://proxy2.de/forum/viewtopic.php?t=3219
Image Verification script, by Carbonize (Help reduce Guestbook spam):
http://proxy2.de/forum/viewtopic.php?p=9976
http://www.carbonize.co.uk/verification.zip is the official download for the image verification mod
Quick Mod to have AG 2.3.1 log the IP rather than the hostname, by Carbonize: http://proxy2.de/forum/viewtopic.php?p=10108&highlight=#10108
Admin Panel Logout redirect, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=3409
"Warning: Cannot modify header information - headers already sent by...":
http://proxy2.de/forum/viewtopic.php?t=3200&highlight=cannot+modify+headers
http://proxy2.de/forum/viewtopic.php?t=3093&highlight=cannot+modify+header
"Warning: fopen(./templates/body.php): failed to open stream: Permission denied in..."
"Warning: fwrite(): supplied argument is not a valid stream resource in..."
"Warning: fclose(): supplied argument is not a valid stream resource in..."
http://proxy2.de/forum/viewtopic.php?t=3580&highlight=fopen
"Fatal error: Cannot instantiate non-existent class: "
http://proxy2.de/forum/viewtopic.php?t=3812
"Warning: fread(): Length parameter must be greater than 0"
http://proxy2.de/forum/viewtopic.php?t=3351&postdays=0&postorder=asc&highlight=fread&start=30
Missing Pictures in Guestbook:
http://proxy2.de/forum/viewtopic.php?t=3628&highlight=missing+pictures
Configuring Smilies in Guestbook:
http://proxy2.de/forum/viewtopic.php?t=3901
Getting Your Logo and Menus In The Guestbook:
Include your header, by Carbonize:
http://proxy2.de/forum/viewtopic.php?t=3460
How can I integrate my guestbook into an existing site?:
http://proxy2.de/forum/viewtopic.php?t=3863
A newbies guide to placing the guestbook in an html page, by fatjack:
http://proxy2.de/forum/viewtopic.php?t=3921
How To Change The Drop Down Menu In Advanced Guestbook, by Trevor: http://proxy2.de/forum/viewtopic.php?t=3315
Adding Guestbook to a Frame:
http://proxy2.de/forum/viewtopic.php?p=9728Changing the wording ("here you can leave your mark."... etc.):
http://proxy2.de/forum/viewtopic.php?p=9870
http://proxy2.de/forum/viewtopic.php?p=9264
Making Email a Required field:
http://proxy2.de/forum/viewtopic.php?t=3388&highlight=required+field
http://proxy2.de/forum/viewtopic.php?t=2877
Remove visitors email addresses from guestbook view:
http://proxy2.de/forum/viewtopic.php?p=10856&highlight=#10856
Increase email field size to 60 characters (in templates/form.php):
http://proxy2.de/forum/viewtopic.php?t=3912
Increase homepage field size to 65 characters (in templates/form.php):
http://proxy2.de/forum/viewtopic.php?t=4075
Change the Time in Advanced Guestbook:
http://proxy2.de/forum/viewtopic.php?t=3758
Advanced Guestbook Manual, by Jam'n:
http://www.geocities.com/nathalonia/gbpoll
Explanation of Chmod File Permissions:
http://proxy2.de/forum/viewtopic.php?p=10072&highlight=#10072
How to change File Permissions from the CPanel:
http://proxy2.de/forum/viewtopic.php?p=10713&highlight=#10713
Advanced Guestbook versions for Content Management Systems:
TPK Guestbook 3.1.1 (PhpNuke Version)
See it at: http://www.tp-krefeld.de/modules.php?name=Guestbook
Download it at: http://www.phpnuke-module.de/
Nuke Guestbook 2.0.0 (PhpNuke Version)
http://www.codec-download.com/modules.php?name=Guestbook (English)
http://www.rideo.de/modules.php?cid=18&d_op=viewdownload&min=30&name=Downloads (German)
There are probably more PhpNuke versions out there.
Html code enabled does not appear to pose a risk, but that could be because the admin is using Sentinel (a must-have for PhpNuke Security!).
http://www.3hc.co.uk/studentsupport/ (PhpWebSite Version)
Note: Some CMS versions are based on early versions of Advanced Guestbook (not 2.3.1), so you should investigate re: security. Mods listed here may not work with these versions.
|
|
|
|
DISABLE HTML IN POSTS TO PREVENT YOUR GUESTBOOK BEING DEFACED!
Advanced Guestbook 2.2 login exploit fix (also needed if you put your 2.2. session.class.php file in to 2.3.1)
Open your lib/session.class.php and locate
and replace it with
You can also download this file pre patched from www.carbonize.co.uk/AG/
Possible useragent cross site scripting exploit
Open up lib/add.class.php. Find oth occurences ofand replace them with
URI Cross Site Scripting Exploit
Open up index.php and fineadd under itThis occurs twice in the file so edit both. I don't believe this is the best fix and I also believe a better fix was implemented silently into 2.3.1 recently but I need to check on that one.
|
|
|
|
|
The forum is occasionally visited by the webmaster but he has trusted both Auron and myself to now moderate it for him to keep it clean.
|
|
|
|
1 - Edit templates/body.php
2 - Simply change the width in the Style section of the Admin.
I'd personally suggest using a dedicated text editor such as PS Pad for editing PHP files as they are specifically designed for the purpose. I'm not to sure if Dreamweaver would add it's own bits to files edited in it.
|
|
|
|
|
No it would still put the field into the backup even if just to say it's empty. Yes 2.2 has a security exploit but I have released information on how to fix the exploit as well as a fixed file to make it easy for people.
|
|
|
|
|
Lloyd what ET means, and this is something I once did, is that spammers use Google to find sites using advanced guestbook to add to their list of sites to send the spam to and so stopping it listing your guestbook may help prevent spam. To be honest I see no reason why you would want your guestbook listed as it does not contain information relevant to your site but ratehr just peoples comments about your site.
|
|
|
|
|
Your problem hilights why people shoul not upgrade from 2.2 to 2.3.1. 2.2 and 2.3.1 use different methods for storing information about any uploaded images. I see no reason to upgrade from 2.2 to 2.3.1 unless you are planning a fresh start.
|
|
|
|
Ah the joys of editing posts. I modded my version of phpBB so that you cannot edit a post if it has been replied to  . God I would love access to this server. I'd mod this forum with the image verification from 2.0.11 and the no edit after reply. I would also delete all the bloody spam from the forum membership and guestbook.
ps. The webmaster must still work on this site as the guestbook has had a recent change (no longer does email encrypting and email links are messed up) and the Advanced Guestbook script has been altered as I redownloaded it and a file compare with my own version showed the addition of some lines to prevent the recent uri exploit.
|
|
|
|
|
If you mean rel="nofollow" then it is something to be added to the guestbooks code. If you mean for controlling search engine robots access to your site do a search on google for robot.txt.
|
|
|
|
|
Most people with 2.2 don't seem to understand backups. Anyway as we discussed the problem lies in the fact that your backup starts from post #1 and you already have some entries in your guestbook and so post #1 is already filled. You would need to change the first numbers in all the entries of your backup to fit them in.
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login