Messages posted by: amber222

Anonymous wrote:You know..I just hate it when people give smart remarks to peoples efforts to try and help them, especially when they don't have to.

Auron, that was very big of you.

Yea, Auron. I'm sure most people here really appreciate your help.

Thanks.

Are you sure you are not vulnerable to the exploit? If you are, anyone can get into your guestbook and delete entries.

Okay, I got rid of the hack, but they will most likely be back to hack you again.

Here's the post with the instructions to fix the vulnerability:

http://proxy2.de/forum/viewtopic.php?t=3650

Barry, I don't think you are supposed to put all those files in the cgi-bin. I think the only file that goes there is the one named guestbook.pl (or guestbook.cgi). The rest of them go in the "book" directory, and the "book" directory is in the root (public). So, all the other files would be located somewhere like this:

Public_html

book

(all the other guestbook directories and files)

The files you downloaded show the structure or the way they should be on your server, so that just means:

On your computer, go to the directory under "guestbook" that says "cgi", find the file that says guestbook.pl and upload it to the cgi directory on your server.

Then, on your computer, go to the directory under "guestbook" that says "book" and load that entire directory to the root (public) directory of your server.

When you are done loading all the files, the only thing for the guestbook that will be in your cgi bin is the "guestbook.pl" file. You should not have any other guestbook directories there.

In your public directory will be the "book" directory with all of the other files in it. It will not have a "cgi-bin".

Make sense?

Maybe try the forum on Carbonize's website. They have a forum for help with scripts and other stuff.

Yea? It appeared to work. So you know for sure that your host uses .pl?

Well, now your file ends in .pl but the codes inside end in .cgi. They must match. So if .pl is correct, you have to change the entries back to .pl also.

Are you understanding what I meant earlier? Some web servers don't recognize the .pl extension. That's why you have to find out from your host which is the correct extension and use it. For example, my server won't recognize .pl so anytime a file has that extension, I have to change every instance of .pl to .cgi. If your server does recognize .pl, you don't have to go through that step.

If you don't mind giving up FTP access or CPanel access if you have it, we could get this going for you. You can always change your passwords later.

I was able to see your actual cgi file online., and it is .cgi. So make the changes using the .cgi extension:

http://www.1waytraffic.co.uk/cgi-bin/guestbook.cgi?admin=enter

Change your base directory:

$base_dir = "/home/your username/public_html/book";

(where "your username" is your actual username and "book" is the name of your guestbook directory.)

Also change the code to disallow html; otherwise someone could send some malicious code. (below you are just changing the 2 to a zero):

change:

To:

Change the link to the guestbook that is on your home page. Right now it shows this:

Change it to this:

or just using book/guestbook.html should work

Interesting... clicking on your guestbook forwards me to NASA! Far out. The moon... Mars... and beyond!

Did you find out if you can use the .pl extension on your server or if it has to be .cgi? The guestbook.pl file (or guestbook.cgi if you need to change it) must go in the directory called cgi-bin.

Try making some changes:

# Administration: #
# http://www.host.com/cgi-bin/guestbook.pl?admin=enter # Do I need to change this?
# #

Change the above to: http://www.1waytraffic.co.uk/cgi-bin/guestbook.pl?admin=enter or,

if your server does not recognize .pl extensions, you need to change it to:

http://www.1waytraffic.co.uk/cgi-bin/guestbook.cgi?admin=enter

----

On all the others you listed that begin with: "http://localhost/, change localhost to www.1waytraffic.co.uk. Leave the other stuff in those lines as it is.

# base directory to all guestbook files from the server root without trailing "/"
$base_dir = "/home/usr/you/book";

Your host should have given you (or allowed you to set up) a unique user name. This is probably the same username used to log into your CPanel or FTP. In the above, replace "usr" with that actual username.

This usually includes the /public_html/ directory... Is that the directory you go to when you want to see the list of directories and documents for your site? If so, include public_html in the above line, so you should end up with something like this:

$base_dir = "/home/your username/public_html/book";

where "your username" is your actual username and "book" is the name of your guestbook directory.

# name of guestbook files
$book_file = "guestbook.html"; Do I need to change this?
$id_count = "guest_id.txt";
$page_count = "page_id.txt";
$sample = "template.html";

You should not have to change any of this information.

I think the php version is a lot easier. Do you have CPanel?

Can you post your url, or if you don't want it to show on this forum, email it to me?

http://proxy2.de/forum/viewtopic.php?t=3796

See the last post from Carbonize.

You are using the cgi version, while most of us are using the php version, which requires Php and databases.

I have not actually seen the version you are using, but will try to help.

1. Set the correct paths and required urls. (Where do you do this, In the .pl ? and what do you change ? )

Yes in the guestbook.pl file. The Perl path is the first line that looks something like this:

#!/usr/bin/perl

Don't change anything there except the path, if necessary. If you have CPanel, the Perl path should be shown there. Also look through the file to see if the path to your guestbook is required anywhere else. If so, add it.

2. Upload guestbook.pl in ASCII-mode to your cgi-bin directory
and change mode it to 755 (-rwxr-xr-x). (I have done this but do not understand why)

This is changing the file permissions. The following post explains how the file permissions work: http://proxy2.de/forum/viewtopic.php?t=3520

3.Open addentry..html with a text editor.
Change the line
<form method="post" action="/cgi-bin/guestbook.pl"> ( Don’t understand this either,
but I changed it to this as this was the path given by Hosting site.)
http://home/domains/mywebsite.co.uk it said without the www./user/htdocs/cgi-bin/Guestbook.pl"
to the correct location of guestbook.pl
Then nothing happens when I click on my guestbook url

Hopefully you changed the stuff like mywebsite to the real names and didn't put the user info. Some servers, like the one I am on, do not recognize the .pl extension, and it must be changed to .cgi. So maybe that is the problem. I don't know. If this is necessary for your server, it looks like you will not only have to change the name of the guestbook.pl file to guestbook.cgi, but you would also have to open addentry.html and change any reference to guestbook.pl to guestbook.cgi.

Sorry but you must think I am a complete beginner, but I would appreciate any help

We were all beginners once. We only learned what we know now by trial and error and asking a lot of questions.

If you get any error messages, copy them so you can post them here to get help.

Not knowing exactly how you did it or much about server side includes, I don't know if this helps, but...

In looking at your source code, it is looking for the file named "menu.php" to display the results on, but the error message says it can't find any file named "menu.php" on your server.

HTML code is enabled

:o

It may be the only way to include a link is to edit the templates/poll result/result_foot in Admin, which you probably would not want to do because it would affect all polls.

Would suggest you go into the Admin Panel, go to the poll list and click on the poll question. Then in "Edit this poll," add the results from the old poll to the figures shown for each option.

If you do decide to edit the result_foot in Admin, you could probably place the link just below the "Total Votes" code, making it look something like this:

I tested this on my poll and it worked. The Template directory and files in it must have permissions set to 777. Do not copy the entire code from this post, otherwise you may lose your color settings. Only add the code referring to the link:

Replace previouspoll.php with the actual file name for the old poll.