Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Tired of being hacked? Here is the fix  XML
Forum Index » Support Forum
Author Message
[Post New]19/01/2005 01:37:12
    Subject:
[Up]
hawkeye
Beginner

Joined: 19/01/2005 01:15:19
Messages: 21
Offline
I am new here and my guestbook was just hacked...I did this that carbonize mentioned and now I am getting this error when trying to access the admin

Fatal error: Call to undefined function: phprequire() in /home/mikespe/public_html/huesped/admin.php on line 1

any ideas?

Thx
[Post New]19/01/2005 04:17:57
    Subject:
[Up]
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline
Password Lock? - This didn't work for me because I am using Phpnuke. I have not tried it in my non-nuke guestbooks.

Once the 2.2 exploit is fixed or the book is upgraded to 2.3, and html code is always disabled, there is no evidence of the guestbook being hacked. The only exception I can think of would be those guestbooks where the admin got caught in the admin loop after upgrading and mistakenly reverted back to the version 2.2 session.class.php. That's where the exploit is.
[Post New]19/01/2005 13:44:58
    Subject: Followed instructions but will not let me in
[Up]
tcjay
Beginner
[Avatar]

Joined: 13/02/2002 19:26:25
Messages: 6
Offline
Which directory does the passwordlock.php file belong. The enter network password box appears but will not let me in when using the default test 123 user/passwords. TIA TOm
[WWW]
[Post New]19/01/2005 20:21:58
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Fatal error: Call to undefined function: phprequire() in /home/mikespe/public_html/huesped/admin.php on line 1
Lost me. Where did this phprequire call coem from? It's not in my admin.php and I don't remember anything in the image verification mod that involved the admin.php file.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]19/01/2005 23:31:05
    Subject:
[Up]
hawkeye
Beginner

Joined: 19/01/2005 01:15:19
Messages: 21
Offline
I pasted this in the admin.php like you mentioned in the above posts...and as a result this is the error I got...

This is not the image verication mod..this is the fix to stop from getting hacked...





You did say to put this in the admin.php correct?

Thx
[Post New]20/01/2005 09:56:50
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Try removing the ()'s so it's just require "passwordlock.php";.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]20/01/2005 14:21:46
    Subject:
[Up]
hawkeye
Beginner

Joined: 19/01/2005 01:15:19
Messages: 21
Offline
Thank you Carbonize...I will try it when I get home from work and post back here the results...

On a side note...I sent you an email via your MSN address...I waswondering if you got it?

Thx

hawkeye
[Post New]20/01/2005 16:22:53
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
No as my hotmail account only exists to let me use MSN messenger. My email address is on my website and at the bottom of every post I make in the forum.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]22/05/2005 10:36:09
    Subject: Not able to login
[Up]
Anonymous



I put the passwordlock on thew geustbook.
But now i have the following problem.
I have put in the password lock the right password and username.
but when i want to login thru the password box, it keeps hanging in a loop.
When i remove the passwordlock.php and adjust admin.php then i can just login normal with the password i have appleid.

How can i solve this
[Post New]22/05/2005 10:55:36
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
If you are using Advanced Guestbook 2.3.1 or 2.3.2 there is no need to go to this extreme.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]22/05/2005 11:26:53
    Subject:
[Up]
Anonymous



Thx i'm using 2.3.2
And i'm really happy with it.
[Post New]04/06/2005 04:57:18
    Subject:
[Up]
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline
Hi,

I am using 2.3.2 now and the admin login is from browser instead of a pop-up password window.

Should I make a change in accoding to the modification posted here? Are the changes work for 2.3.2?

Please advice and thanks in advance.
[Post New]04/06/2005 07:25:41
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
2.3.2 is secure so I'd just leave it as it is.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]04/06/2005 07:32:27
    Subject:
[Up]
akira
Beginner

Joined: 04/06/2005 04:53:41
Messages: 28
Offline
Thanks Carbonize.
[Post New]26/02/2012 06:37:15
    Subject: Tired of being hacked? Here is the fix
[Up]
Severynin322
Newbie

Joined: 26/02/2012 06:33:48
Messages: 1
Offline
It,s problem!
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum