Is it to late to fix?

If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics

Search

[Hottest Topics]

Hottest Topics [Members]

[Members]

Member Listing [FAQ]

[FAQ]

FAQ

[Register]

Register /

Is it to late to fix?

XML

Forum Index » Support Forum

◄ 1 2 3 ► Go

Go to page...

Author

Message

[Post New]

02/03/2005 04:21:26

Subject:

JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

I hav'nt edited mine and it is true version2.3.1. With the exception of some of your fix's.

LINK-> Use Lazarus Guestbook

[WWW]

[Yahoo!]

[MSN]

[Post New]

02/03/2005 04:23:18

Subject:

RCRacer
Beginner

Joined: 01/03/2005 06:41:46
Messages: 12
Location: Stanton, Ca.
Offline

This is the whole file.

<?php
/**
 * ----------------------------------------------
 * Advanced Guestbook 2.2 (PHP/MySQL)
 * Copyright (c)2001 Chi Kien Uong
 * URL: http://www.proxy2.de
 * ----------------------------------------------
 */

class guestbook {
    
    var $total;
    var $db;    
    var $template;
    
    function guestbook($path='') {
        $this->db = new guestbook_vars($path);
        $this->db->getVars();
        $this->total = 0;
        $this->template =& $this->db->template;
    }

function get_nav($entry=0) {
        global $HTTP_SERVER_VARS;
        $self = basename($HTTP_SERVER_VARS['PHP_SELF']);
        $next_page = $entry+$this->db->VARS['entries_per_page'];
        $prev_page = $entry-$this->db->VARS['entries_per_page'];
        $navigation = '';
        if ($prev_page >= 0) {
            $navigation = "   <img src=\"img/back.gif\" width=\"16\" height=\"14\"><a href=\"$self?entry=$prev_page\">".$this->db->LANG["NavPrev"]."</a>\n";
        }
        if ($next_page < $this->total) {
            $navigation = $navigation."   &nbsp;&nbsp;<a href=\"$self?entry=$next_page\">".$this->db->LANG["NavNext"]."</a><img src=\"img/next.gif\" width=\"16\" height=\"14\">\n";
        }
        return $navigation;
    }
    
    function show_entries($entry=0) {
        $LANG =& $this->db->LANG;
        $VARS =& $this->db->VARS;
        $this->db->fetch_array($this->db->query("select count(*) total from ".$this->db->table['data']));
        $this->total = $this->db->record["total"];      
        $TPL = $this->get_entries($entry,$this->db->VARS["entries_per_page"]);
        $TPL['GB_TOTAL'] = $this->total;
        $TPL['GB_JUMPMENU'] = implode("\n",$this->generate_JumpMenu());
        $TPL['GB_TIME'] = $this->db->DateFormat(time());
        $TPL['GB_NAVIGATION'] = $this->get_nav($entry);         
        $TPL['GB_HTML_CODE'] = ($this->db->VARS["allow_html"] == 1) ? $this->db->LANG["BookMess2"] : $this->db->LANG["BookMess1"];
        eval("\$guestbook_html = \"".$this->template->get_template($this->db->GB_TPL['header'])."\";");
        eval("\$guestbook_html .= \"".$this->template->get_template($this->db->GB_TPL['body'])."\";");
        eval("\$guestbook_html .= \"".$this->template->get_template($this->db->GB_TPL['footer'])."\";");        
        return $guestbook_html;
    }
    
    function generate_JumpMenu() {
        $menu_array[] = "<select name=\"entry\" class=\"select\">";
        $menu_array[] = "<option value=\"0\" selected>".$this->db->LANG["FormSelect"]."</option>";
        if ($this->db->VARS["entries_per_page"] < $this->total) {
            $remain = $this->total % $this->db->VARS["entries_per_page"];
            $i = $this->total-$remain;
            while ($i > 0) {
                $num_max = $i;
                $num_min = $num_max-$this->db->VARS["entries_per_page"];
                $num_min++;
                $menu_array[] = "<option value=\"$remain\">$num_min-$num_max</option>";
                $i = $num_min-1;
                $remain += $this->db->VARS["entries_per_page"];
           }
        }
        $menu_array[] = "</select>";
        $menu_array[] = "<input type=\"submit\" value=\"".$this->db->LANG["FormButton"]."\" class=\"input\">";
        return $menu_array;
    }
    
    function get_entries($entry,$last_entry) {
        $LANG =& $this->db->LANG;
        $id = $this->total-$entry;
        $HOST = '';
        $COMMENT = '';
        $GB_ENTRIES = '';
        $i=0;
        $template['entry'] = $this->template->get_template($this->db->GB_TPL['entry']);
        $template['com'] = $this->template->get_template($this->db->GB_TPL['com']);
        $template['url'] = $this->template->get_template($this->db->GB_TPL['url']);
        $template['icq'] = $this->template->get_template($this->db->GB_TPL['icq']);
        $template['aim'] = $this->template->get_template($this->db->GB_TPL['aim']);
        $template['email'] = $this->template->get_template($this->db->GB_TPL['email']);
        $result = $this->db->query("select * from ".$this->db->table['data']." order by id desc limit $entry, $last_entry");
        while ($row = $this->db->fetch_array($result)) {
            $DATE = $this->db->DateFormat($row['date']);
            $MESSAGE = nl2br($row['comment']);
            if ($this->db->VARS["smilies"] == 1) {
                $MESSAGE = $this->db->emotion($MESSAGE);
            }
            if (!$row['location']) {
                $row['location'] = "-";
            }
            $bgcolor = ($i % 2) ? $this->db->VARS["tb_color_2"] : $this->db->VARS["tb_color_1"];
            $i++;
            if ($row['url']) {
                eval("\$URL = \"".$template['url']."\";");
            } else {
                $URL = '';
            }
            if ($row['icq'] && $this->db->VARS["allow_icq"]==1) {
                eval("\$ICQ = \"".$template['icq']."\";");
            } else {
                $ICQ = '';
            }
            if ($row['aim'] && $this->db->VARS["allow_aim"]==1) {
                eval("\$AIM = \"".$template['aim']."\";");
            } else {
                $AIM = '';
            }
            if ($row['email']) {
                eval("\$EMAIL = \"".$template['email']."\";");
            } else {
                $EMAIL = '';
            }
            if ($this->db->VARS["allow_gender"]==1) {
                $GENDER = ($row['gender']=="f") ? "&nbsp;<img src=\"img/female.gif\" width=\"12\" height=\"12\">" : "&nbsp;<img src=\"img/male.gif\" width=\"12\" height=\"12\">";
            }            
            if ($this->db->VARS["show_ip"] == 1) {
                $hostname = ( eregi("^[-a-z_]+", $row['host']) ) ? "Host" : "IP";
                $HOST = "$hostname: $row[host]\n";
            }
            $this->db->query("select * from ".$this->db->table['com']." where id='$row[id]' order by com_id asc");
            while ($com = $this->db->fetch_array($this->db->result)) {
                $com['comments'] = nl2br($com['comments']);
                eval("\$COMMENT .= \"".$template['com']."\";");
            }            
            eval("\$GB_ENTRIES .= \"".$template['entry']."\";");    
            $COMMENT = "";
            $id--;
        }
        $TPL['GB_ENTRIES'] = $GB_ENTRIES;
        return $TPL;
    }

}

?>

[WWW]

[Post New]

02/03/2005 04:29:41

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

ok it was nothing to do with smileys. I'm going through someone elses guestbook who has the same problem. I admit they don't know I am going through their guestbook but they should patch it. It's worrying that a search on google shows a lot of guestbook 2.2's with the same error.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

02/03/2005 04:32:32

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

I wonder if you are all on the same host

anyway for a quick test (need to narrow down the problem) put // at the start of line 91 like so

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

02/03/2005 04:33:19

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

http://www.google.com/search?hl=en&lr=&q=XXXXXXXXXXXXXXXXXXXXXXX scary

<carbonize has edited to obscure the url to prevent it being abused>

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

02/03/2005 04:37:22

Subject:

RCRacer
Beginner

Joined: 01/03/2005 06:41:46
Messages: 12
Location: Stanton, Ca.
Offline

Carbonize wrote:I wonder if you are all on the same host anyway for a quick test (need to narrow down the problem) put // at the start of line 91 like so//$MESSAGE = nl2br($row['comment']);

Same error I guess

[WWW]

[Post New]

02/03/2005 04:49:25

Subject:

RCRacer
Beginner

Joined: 01/03/2005 06:41:46
Messages: 12
Location: Stanton, Ca.
Offline

Carbonize wrote:http://www.google.com/search?hl=en&lr=&q=XXXXXXXXXXXXXXXXXXXXXX scary

I have alot of domain names on this server and don't' reconize any of them.

<carbonize has edited to obscure the url to prevent it being abused>

[WWW]

[Post New]

02/03/2005 04:54:39

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Thats because I'm starting to think the error is on line 101 and not 91. In fact I'm damn sure it is.

WELL BUGGER ME

Yes you have been hacked at some point. It's your url.php file thats been altered to a file that allows them to view all the files on your server. Open it and replace it's contents with and voila, problem gone.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

02/03/2005 05:03:05

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

http://madminis.com/sign/templates/url.php VERY SCARY

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

02/03/2005 05:09:58

Subject:

RCRacer
Beginner

Joined: 01/03/2005 06:41:46
Messages: 12
Location: Stanton, Ca.
Offline

Ok, the problem is gone, but every image is also.

[WWW]

[Post New]

02/03/2005 05:15:31

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

All you changed was the url.php yes?

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

02/03/2005 05:15:57

Subject:

RCRacer
Beginner

Joined: 01/03/2005 06:41:46
Messages: 12
Location: Stanton, Ca.
Offline

Carbonize wrote:All you changed was the url.php yes?

Yes

[WWW]

[Post New]

02/03/2005 06:28:20

Subject:

ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline

Carbonize wrote:

http://www.google.com/search?hl=en&lr=&q=XXXXXXXXXXXXXXXXX

scary

That is!!! Probably is due to a hack attack....

<carbonize has edited to obscure the url to prevent it being abused>

---------------

[Post New]

02/03/2005 06:48:31

Subject:

Carbonize
Master

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

it was. they had installed a file manager script and then used it to make files. On one they had made a fake bank login for phishing, on others email sending forms to send the emails from to hide their IP. It's a phishing expedition that we hopefully managed to catch and stop before it got to far.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus

[Email]

[WWW]

[Yahoo!]

[MSN]

[ICQ]

[Post New]

03/03/2005 03:44:27

Subject:

RCRacer
Beginner

Joined: 01/03/2005 06:41:46
Messages: 12
Location: Stanton, Ca.
Offline

RCRacer wrote:OK, the problem is gone, but every image is also.

After changing that file, tlhe guestbook is not working correctly as the posts are not showing up, just the comments.
Is there a fix for this?

[WWW]

Forum Index » Support Forum

◄ 1 2 3 ► Go

Go to page...

Based on the open source JForum