Advanced Guestbook spam - Page 2

**wap3** · January 22nd, 2006, 5:30 PM

More of the same here - rockfoodtable.com
My set this up for may parents, my parents hobby....running around the country spending my inheritence :-(...joke.
Since I moved the to Advance Guest Book on 26 Dec 2005, there have been near 70 entries, with maybe 2-3 being *real* entries.
Dad called my Thur night before they left Fri for the weekend that it is maybe worse than it was before the change [that was for security].
I this all just *junk advertising* or is there possibly a security risk with ABG ?

Most of the are some-site/#######.html where # is a 7-8 digit random number.
[WARNING TO 'Dohze USERS-----these sites and files are VIRAL]
Since I'm on SimplyMEPIS I did some research and IT IT BAD NEWS.......

I've looked for GB's but I think that what is in CPanel is *Approved for Public Use* and don't want to risk installing something I found on the net.

Below is the last 2 -- bewarned they may be viral links
qakapo xamija

tisy.us http://qakapo.fcpages.com/63251916.html Great web site! I find it very useful and informative! Lots of hits every time! This is an awesome web site. Thank you!
22.01.06 14:13 58.239.227.253
cakyzi faziga

jaro.po http://cakyzi.usafreespace.com/75411718.html Hello! Great web site! We just wanted to give a quick greeting and tell you we enjoyed reading your material.
22.01.06 15:42 70.181.177.66

Hey, Kayla, support and the other guru's
Any ideas on what to use for a GB or to do [how about a patch for AGB that does approval]

Going off to clean up the mess, at least a deliminted text file in AGB, is easier than some of the DB based ones to delete the entries.
May see if I can mod AGB and kill the *write file* but still email it, the will have to write a so my dad [non-geek] can paste the emial to a local copy of GB and they have it FTP'd up to the site.

--WAP3

**wap3** · January 22nd, 2006, 6:10 PM

wholly jumpin'g-bejebus........

did a google on "guest book" "image verification"
went to the first one
Preventing guest book problem
www.webmasterworld.com/forum48/2527.htm

from the second entry:

Quote:

As a "former" user of FrontPage guest books, I learned just how insecure they really are. The sad fact is that anyone (or any webbot) can easily spam FP guest books since MS never provided for any security provisions in it. The reality is that anyone can spam any FP guest book just by knowing the name of your guestlog file and it's location, and they can get that through a Google search and looking at your page's source code. No amount of Javascript or image verification scripts will stop it either. I'm afraid the only real solution you have is to find another guest book script with built-in security.

So that got me to thinking on the "...name of your guestlog file...."

No wonder they are *thanking us* for the *wonderful information*

So I called up website/GB-location/logfile [thats just the default GB] and BAM...the entire file came up in Firefox.

Ok, boyz and gurlz, CAN YOU SPELL

#$%^ INSECURE?.............

Going NOW to revamp the page to a *custom named* AGB name with a different log file name also.

I'll bet a month's shared hosting that the current page and links, not to mention using the default names is all over *scum-net* posting. This has happened to quick and is escalating by the day for it not to be.

**wap3** · January 22nd, 2006, 6:34 PM

sorry for the link above in my last post for WebMasterWorld not working.
Look like it will not work on a direct link but it does from Google.

Also from the WebMasterWorld posting I have added the following to the start of the GB php file......

$UA=getenv("HTTP_USER_AGENT"); if ($UA==""){header("HTTP/1.0 403");die();}

I added it as the first like of the code.
This will give any *bad-bots* a blank page back.

I'm starting to feel like the poor folks up in Siberia this winter, more and more layers [them clothes, me security] and it still ain't enough.

Question: what to put in .htaccess in the AGB folder so *they* can just open it?

**wap3** · January 22nd, 2006, 8:33 PM

Here is some changes you might want to do

1) put INDEX.HTM or HTML in the GB Folder
this will keep anyone from getting a FTP listing
All I put in the <body> was YOUR TRYING TO HACK THIS SITE.....
ACTUALLY do this for any folder in your site that does not have INDEX and
build the a page for them to get the content not just *blindly* download it
yes it's a pain but work it.....

2) rename gbook.php to a random name

3) rename gb [data file] to some random name

4) change using *guest book* [guestbook] it is all over google
I did *Visitor Comments* [google hits 1.9meg on that]

5) in PHP > ADD as first line
$UA=getenv("HTTP_USER_AGENT"); if ($UA==""){header("HTTP/1.0 403");die();}

6) in PHP > about line #20 change $Title to work with #3 above

7) in PHP > about line #167 >::: first html line :::<
change my *first html line* from what you currently have to match #3 above

8) in PHP > search for fopen and add before that line
chmod($dataFile, 0776);
[this allows read/write for the world/others]

9) in PHP > search for fclose and add after that line
chmod($dataFile, 0770);
[this stops read/write from the world/others]

NOTE: after uploading a new copy of the $dataFile, after major edits, like I had to do, be sure to reset the permissions with world/other for no access [uncheck read/write/execute] this should not [#8/#9] effect any FTP transfers you do but the transfer may reset the permissions based on what they were on your local copy you edited and make them available again

That's all I got for now......................

I am going to work on a email notification that will not immediately add the comments until you run a *append* php program after getting the notification email.
I'm not a PHP programmer, Delphi/VB/Assembly, so this may be more of a hack but I like AGB.
Call this time #10 or changes to AGB version #2 and I'll put a link to download it from my site [wap3.com] when it works....nice way and not what I planned to spend this Sunday night.

January 22nd, 2006, 5:30 PM	#10 (permalink)
wap3 Surpass Fan Comfy Contributor Joined in Apr 2004 Lives in South Texas USA Hosted on ChopChop 182 posts Gave thanks: 10 Thanked 7 times	More of the same here - rockfoodtable.com My set this up for may parents, my parents hobby....running around the country spending my inheritence :-(...joke. Since I moved the to Advance Guest Book on 26 Dec 2005, there have been near 70 entries, with maybe 2-3 being real entries. Dad called my Thur night before they left Fri for the weekend that it is maybe worse than it was before the change [that was for security]. I this all just junk advertising or is there possibly a security risk with ABG ? Most of the are some-site/#######.html where # is a 7-8 digit random number. [WARNING TO 'Dohze USERS-----these sites and files are VIRAL] Since I'm on SimplyMEPIS I did some research and IT IT BAD NEWS....... I've looked for GB's but I think that what is in CPanel is Approved for Public Use and don't want to risk installing something I found on the net. Below is the last 2 -- bewarned they may be viral links qakapo xamijatisy.us http://qakapo.fcpages.com/63251916.html Great web site! I find it very useful and informative! Lots of hits every time! This is an awesome web site. Thank you! 22.01.06 14:13 58.239.227.253 cakyzi fazigajaro.po http://cakyzi.usafreespace.com/75411718.html Hello! Great web site! We just wanted to give a quick greeting and tell you we enjoyed reading your material. 22.01.06 15:42 70.181.177.66 Hey, Kayla, support and the other guru's Any ideas on what to use for a GB or to do [how about a patch for AGB that does approval] Going off to clean up the mess, at least a deliminted text file in AGB, is easier than some of the DB based ones to delete the entries. May see if I can mod AGB and kill the write file but still email it, the will have to write a so my dad [non-geek] can paste the emial to a local copy of GB and they have it FTP'd up to the site. --WAP3 __________________ --wap3 If we removed all of the "Oxygen Thiefs" [tm] from politics, maybe the earth would not have a Greenhouse Gas problem. wap3.com on ChopChop

January 22nd, 2006, 6:34 PM	#12 (permalink)
wap3 Surpass Fan Comfy Contributor Joined in Apr 2004 Lives in South Texas USA Hosted on ChopChop 182 posts Gave thanks: 10 Thanked 7 times	More sorry for the link above in my last post for WebMasterWorld not working. Look like it will not work on a direct link but it does from Google. Also from the WebMasterWorld posting I have added the following to the start of the GB php file...... $UA=getenv("HTTP_USER_AGENT"); if ($UA==""){header("HTTP/1.0 403");die();} I added it as the first like of the code. This will give any bad-bots a blank page back. I'm starting to feel like the poor folks up in Siberia this winter, more and more layers [them clothes, me security] and it still ain't enough. Question: what to put in .htaccess in the AGB folder so they can just open it? __________________ --wap3 If we removed all of the "Oxygen Thiefs" [tm] from politics, maybe the earth would not have a Greenhouse Gas problem. wap3.com on ChopChop

January 22nd, 2006, 8:33 PM	#13 (permalink)
wap3 Surpass Fan Comfy Contributor Joined in Apr 2004 Lives in South Texas USA Hosted on ChopChop 182 posts Gave thanks: 10 Thanked 7 times	Changes to AGB version #1 Here is some changes you might want to do 1) put INDEX.HTM or HTML in the GB Folder this will keep anyone from getting a FTP listing All I put in the <body> was YOUR TRYING TO HACK THIS SITE..... ACTUALLY do this for any folder in your site that does not have INDEX and build the a page for them to get the content not just blindly download it yes it's a pain but work it..... 2) rename gbook.php to a random name 3) rename gb [data file] to some random name 4) change using guest book [guestbook] it is all over google I did Visitor Comments [google hits 1.9meg on that] 5) in PHP > ADD as first line $UA=getenv("HTTP_USER_AGENT"); if ($UA==""){header("HTTP/1.0 403");die();} 6) in PHP > about line #20 change $Title to work with #3 above 7) in PHP > about line #167 >::: first html line :::< change my first html line from what you currently have to match #3 above 8) in PHP > search for fopen and add before that line chmod($dataFile, 0776); [this allows read/write for the world/others] 9) in PHP > search for fclose and add after that line chmod($dataFile, 0770); [this stops read/write from the world/others] NOTE: after uploading a new copy of the $dataFile, after major edits, like I had to do, be sure to reset the permissions with world/other for no access [uncheck read/write/execute] this should not [#8/#9] effect any FTP transfers you do but the transfer may reset the permissions based on what they were on your local copy you edited and make them available again That's all I got for now...................... I am going to work on a email notification that will not immediately add the comments until you run a append php program after getting the notification email. I'm not a PHP programmer, Delphi/VB/Assembly, so this may be more of a hack but I like AGB. Call this time #10 or changes to AGB version #2 and I'll put a link to download it from my site [wap3.com] when it works....nice way and not what I planned to spend this Sunday night. __________________ --wap3 If we removed all of the "Oxygen Thiefs" [tm] from politics, maybe the earth would not have a Greenhouse Gas problem. wap3.com on ChopChop

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)