| Author |
Message |
|
|
Anonymous wrote:Yes, the problem is from the comments (replys to guestbook posts).
I noticed when you have lots of comments it slows the guestbook down.
When i purged the comments, the guestbook became fast. When i added the comments back again, it slowed down.
I did have 20 per page and now i changed to 10. still having the same problem
GSSO
Oh - okay - that is probably something that should be looked into. How many comments do you have and at what point (number) did you notice that it was slogging everything down? Carbonize has been working on a rewrite of the script.
|
 |
|
|
Auron wrote:
one of the exploits of gb 2.3.1 was that they could access other files on the server, for example change some of the gb files like config.php etc.
Thanks for helping me understand better. Appreciated 
|
|
|
|
Torsten wrote:
By some reason I had to remove the message (the previous record number 102), written by myself, to get back the normal look of the guestbook. But since they could changed so the puke smily appeared by the letter "e" maybe they can mess with the last input/record as well.
Now that is interesting!!! Maybe chmod your templates files/dir back to 644 (rw-r--r--) for added security? I haven't seen them actually mess up other entries like that before.
Anyways, glad you were able to fix the problem.
|
|
|
|
Auron wrote:
reuploading files doesn't matter since all the entries are stored in the db.
its just a case of fixing the smilie tags/whatever, and removing the offending entry/ies.
Auron - help me with the thinking here - how does loading the templates, etc, change the smilie tags and remove the offending entry? If I don't understand the thinking behind this, others may not understand it either....
|
|
|
|
|
My thinks are the same as Carbonize in that you are talking about the comments added to the guestbook entries, as opposed to the actual number of guestbook entries (posts) - how many guestbook entries do you have per page? (Maximum Records Displayed Per Page ) is it more than 20?
|
|
|
|
Auron and I posted about the same time - I would hold off actually uploading the gb again until you try the following
Okay - the only other way to delete the post then is to go into your MySQL tables thru your Website's control panel (most use CPanel) -
You will need to open the SQL tables for the guestbook - Some call it "MySQL Databases" or "MySQL Tools" while others call it "phpMyAdmin" -
Look for the AGBook's tables to open then look inside that for "book_data"
Once you open up book_data, you may need to click on "Browse" to find the list of table entries for your guestbook - you should be able to delete that one particular entry from there.
Some hackers have found a workaround within 2.3.1 that allows them to insert javascript codes, meta tags and redirects... I won't explain how it is done, but suffice it to say, I've found that making certain words "forbidden" helps. for example, they used the smilies to enforce a redirect on your guestbook
Good luck - and let us know if you need more help.
|
|
|
|
Torsten wrote:Hi, I cant find any solution to my problem so here it goes:
My guestbook at:
http://www.farbrortorsten.com/gastbok/
is hacked. 
I still have my password and I can login to admin, but I cannot use the easy admin-page. When I try a black page with stupid text is shown for a while, then I get sent/redirected to www.cia.gov
HTML was and still is disabled.
Smilys were and are still on. All letters "e" is now shown as a vometing smily, and if change that in general settings a visit to my guestbook page will show the black page (mentioned above) instead of my brown page.
After the attack I upgraded to version 2.3.1 but these problems remains. HELP PLEASE!
Immediately after you open up your easy admin page to remove their post, press the "ESC" key you may need to do it several times to stop any sequences that they have coaded in. Once you are sure that the redirect is stalled by the Esc key, then delete normally. Keep HTML Disabled first and foremost - and do a search on this forum for other spam protective measures. For example, I ended up including the words meta and script in my forbidden word section.
Good luck and let us know how it goes.
|
|
|
|
I'm having difficulty following your thought process....
I think you may be trying to over analyze.
This is what I boiled it down to....
ikbin9 wrote:
I have a new script error--Method Not Allowed
The request method is not allowed for URL/links/cgi-bin/links.pl
.....
<form action="cgi-bin/--.pl">
<form action="mysite/cgi-bin/links.pl" & mysite/links/cgi-bin/links.pl>
....
You do not need to keep starting a whole new thread for each of your problems - you are still having problems with the same FFA Links Program - Please keep the threads to a minimum even if the problems seem different....
I am assuming you have your ffa links add-site page inside the directory /links i.e. http://www.mysite.com/links
and that the url for the addlink page is http://www.mysite.com/links/addlink.html
If so, then you need to tell it to "back" out the form's current url path with something like
In the alternative it should be
I pulled up the readme and it recommends:
Is there a reason you don't want to follow the instructions given by the author?
Plus, I seriously doubt that your webserver setup will allow you to actually create a functional cgi-bin within the path of http://www.mysite.com/links/cgi-bin/
|
|
|
|
I think this additional php script will help people who want to be able to see their PNGCounter results without having to visit their database directly.
NOTE!!! This will only work for people using the MySQL database with PNG Counter - I don't use the flat files in the "pages" directory to store my data - this is not written for flat file data retrieval
1) create an empty file and name it something like getmysqldata.php (you can name it anything you want as long as it has the .php extention and it is NOT "counter", "demo", "config.inc", or "phpinfo" .php)
2) copy and paste the following code into the file you just created.
3) save the file and upload your new file to the same directory that has the PNG counter's config.inc.php file.
4) type the url of the new getmysqldata.php file into your browser and you should be able to see a table from the counter in your database.
One more time - this is only for PNG Counter using MySQL for data collection.
Enjoy
|
|
|
|
trey wrote: I have a feeling that this could go on forever, and in the meantime the hackers will have complete control over my guestbook! What should I do?
Don't beat yourself up over something that you have no real control over. Her website = her responsibility. That's probably not what you want to hear.... 
PS - I just visited the guestbook you have been talking about and it is updated to 2.3.1 - so take heart - someone did listen to you.
|
|
|
|
Carbonize wrote:Personally tempted to just go in and patch his damn guestbook myself.
Oh No!!! - that would be too damned EASY! - Besides, Trey had a surprise for the Turkeys... I want to hear about that surprise they found 
|
|
|
|
Carbonize wrote:If they are getting a PHP error then the path to th document would be included in the report.
FFA Links is a perl script - not sure how a perl script would become a php error???? Let's not confuse the poor bloke more....
ikbin9 wrote:I'll check with my server administrator for the command
string $base_dir="". ET confirmed the problem.
Sounds like a good idea. They should know what it is. Be certain to tell them that you are looking for "document root" and not "Base Directory" - since they will really get confused.... And I wish you all the best.
|
|
|
|
trey wrote:
Hey, these same "Turkish" guys hacked my guestbook once before. and one of you mods fixed the problem. Well, they got to it again before I could find time to patch the exploit problem. Could you tell me how to delete the message, but don't do it actually do it. I wont to know step by step. Ill have a little surprise for the hackers next time.
Here's the link.
http://www.mariettafirst.org/guest
Thanks
trey wrote:Right now I'm at school, so I dont have access to the server of my website. But now, a different Turkish hacking team hacked my guestbook. I will install the patch as soon as I get home today, but for now, tell me how to get rid of their post through the cpanel. BUT DONT DELETE IT, I NEED IT AS EVIDENCE. You told me before, but I'm kind of confused. Please help me out once more guys.
I think I see a pattern here 
Carbonize wrote:the fact that you keep getting hadcked seems to prove that they share a list of vulnerable sites.
LOL - Oh really? LOL
|
|
|
|
Peter wrote:Gibt es vielleicht eine Möglichkeit, in der Mail die Kategorie und die URL des neuen Eintrages anzuzeigen?
Is there a chance to show the category and the URL in the mail?
Yes, the category and URL data would be possible with a little more tweeking of the script. If I get some spare time thrown at me in the next few weeks, I'll see what I can come up with.
Glad the script works for you.
|
|
|
|
Check to make certain that your admin/config.inc.php database settings are correctly formed.
Did you run a search on here for mysql and Query Error? There's a lot of information already available that should help.
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login