Messages posted by: amber222

Maybe this will help.

http://proxy2.de/forum/viewtopic.php?t=3584

Are you sure you didn't customize and accidentally delete something? A link would help...

No problem logging in. I think passwords should only be numbers and letters anyway.

The exploit no longer works!

Invalid username or password. Please try again.

Okay. I'll try this now.

You can have access if you want it. This page is under construction, and nothing is critical there. It's one of my subdomains.

So, unless you ask me for access, I will go ahead. Just follow the instructions in your earlier post in this thread?

I was just thinking... (that could prove hazardous :lol

You are saying fixing the exploit has to do with the lib/session.class.php file. In the post noted below, some users with the admin loop after upgrading, reverted back to the old lib/session.class.php file. Does this mean they are now vulnerable to the exploit?

http://proxy2.de/forum/viewtopic.php?t=1711&postdays=0&postorder=asc&start=15

Okay. Do you want to do this yourself, or do you want me to do it?

I think I have someplace for you to test it. Let me check, and I'll get back to you shortly.

Carbonize, the same thing happened on another site I visited today. I put in the image code, but it got changed to something else.

The code it gave me here was: 63B28A9B But when I previewed my post, I got the following error message:

The Image Verication code you supplied is incorrect.
Please enter the 8 characters that appear in the image.

I noticed that the above code had been changed to: 94168331 in the text box.

I was wondering if this error might have something to do with where the guestbook is located on the server or other codes they are using. The site I mentioned uses frames. When I got the error I was outside of the frames. A few hours later I went back to that site and had no problem when the frames were loaded. I noticed Phil's guestbook is not in the usual place.

You need to add your info to the admin/config.inc.php file. Fill in the missing information between the quotes (" ")

Example:

Around line 4:

Change databasename to the actual name of your database (including host prefix if any).

Change databaseusername to the actual user name for your database (including host prefix if any).

Change databasepassword to the actual password for your database user.

Around line 59:

Change "yoursite.com" to your actual site address. Replace "guestbook" with the actual name of the directory you put your guestbook in.

Change email@yoursite.com to your actual email address.

Problem with the db info. Here is a link to information about this error:

http://us4.php.net/mysql_select_db

If you need more help, you can email me.

The posts are stored in the database. If there were pics, they may be stored in a directory?

You upgrade the database, don't delete it. Do a search on this forum for upgrade. Jam'n has written some good instructions.

Trevor wrote:Talking about the Googlebot...

It's supposed to be denied from my guestbook by a robots.txt file and also noindex nofollow meta-tags but it's still indexing the pages. I thought Googlebot was supposed to be well behaved and follow orders. Any suggestions for blocking it and other bots.

Trevor

Found some more interesting information, so I made a separate topic for this:

http://proxy2.de/forum/viewtopic.php?t=3643

Got to do something. These bots are eating up my bandwidth.

Some info I found on the Internet to help stop bad bots from indexing the Guestbook, as well as harvesting emails and using up bandwidth.

On this forum, someone has posted their code for a "php spider trap". lt Uses robots.txt, .htaccess and getout.php:
http://www.webmasterworld.com/forum88/3104.htm

The Perl version of the above script, named "trap.cgi":
http://www.webmasterworld.com/forum13/1823.htm

This is a slick article with instructions for using mod_rewrite. I don't understand the concept or know if it's possible under most hosts, but maybe some of the experts here can translate it for us:
http://diveintomark.org/archives/2003/02/26/how_to_block_spambots_ban_spybots_and_tell_
unwanted_robots_to_go_to_hell
(split this address to allow line ending. After clicking on the link, you must paste the last part in the address window at the end)

Sample .htaccess spider-blocking script (using mod_rewrite) has a long list of bots added:
http://techpatterns.com/downloads/scripts/sample_wbmw.txt

A robots.txt Tutorial with lists of spambots, harvesters and bots searching for plagerism:
http://www.clockwatchers.com/robots_list.html

A ready-made robots.txt file to be downloaded from phpbbhacks.com. Use for any site, not just phpbb:
http://www.phpbbhacks.com/download/3182

Trevor wrote:Talking about the Googlebot...

It's supposed to be denied from my guestbook by a robots.txt file and also noindex nofollow meta-tags but it's still indexing the pages. I thought Googlebot was supposed to be well behaved and follow orders. Any suggestions for blocking it and other bots.

benwalsh wrote:a robots.txt file must be in the root directory to work, i can not see http://proxy2.de/robots.txt and i can not see a robots meta tag in this doc?

benwalsh, we aren't speaking of the proxy2.de site. We are just here sharing what we learned while setting up Advanced Guestbook and Advanced Poll on our own sites.

benwalsh wrote:I have got my guestbook working on new site except for thumbs, how do I get Image Magick or PHP's GD extension happening

If it really is a GD extension issue, maybe you need to ask your host about. But first you might want to make sure you didn't overwrite something. Did you customize the guestbook? Maybe post a link here so someone can look at the code.