Welcome to Geeklog, Anonymous Tuesday, March 19 2024 @ 05:27 am EDT

Geeklog Forums

Possible Hackers

Page navigation


Status: offline

1000ideen

Forum User
Full Member
Registered: 08/04/03
Posts: 1298
Where did you upload that? Would you mind giving instructions? As I said many people have been interested in that.
 Quote

Status: offline

ronack

Forum User
Full Member
Registered: 05/27/03
Posts: 612
I uploaded it to the Hacks section but I don't see it there yet. It's called Simple GL Captcha

You can download it here until Dirk approves it on the site. Instructions included.

Image
 Quote

Status: offline

Dirk

Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
Quote by ronack: You can download it here until Dirk approves it on the site. Instructions included.

I was slightly irritated that it's 3 MB. Approved now.

bye, Dirk
 Quote

Status: offline

Benta

Forum User
Regular Poster
Registered: 03/11/05
Posts: 80
Quote by ronack:Instructions included.



Wow, that was *easy*! Nice job!

Maybe the instructions should say to put the .js files in the public_html dir instead of the root of GL...?
 Quote

Status: offline

ronack

Forum User
Full Member
Registered: 05/27/03
Posts: 612
Yeah your right, Public_html would have been the right choice of words. Not the root of GL but the Root of your site. I'll put that in comments.

Sorry about the 3mb Dirk I gues those JS files are bigger than I thought.
 Quote

Status: offline

Benta

Forum User
Regular Poster
Registered: 03/11/05
Posts: 80
Quote by ronack:

Sorry about the 3mb Dirk I gues those JS files are bigger than I thought.


No, the MBs come from the pictures.

I don't see it said anywhere in the CATCHPA files (but I am not a great reader), but I think that in order for the script to provide security against someone that has access to that (public) set of pictures and associated MD5s, one needs to remake the pictures and put in the new associated MD5s in the script.
 Quote

Status: offline

Benta

Forum User
Regular Poster
Registered: 03/11/05
Posts: 80
Hmmm...There is a nicer PHP script for CATCHPA called QuickCAPCHTPA. It uses GDlib to generate the image dynamically. Would be a better implementation. Will take a look at it next weekend.
 Quote

Status: offline

eyecravedvd

Forum User
Full Member
Registered: 06/09/03
Posts: 152
I was recently hacked by those folks. At least I believe so they logged in using an r57shell script that hides under common file names in your directory most of them however start with a . which most FTP programs can't see.

I found them using SmartFTP.

I removed those two accts as well and banned the IP via my cPanel at my host.
Shane | www.EyeCraveDVD.com
 Quote

Status: offline

samstone

Forum User
Full Member
Registered: 09/29/02
Posts: 820
I am getting this error after installing the Captcha:

document.xfrm.uword' is null or not an object


Any idea?

Sam
 Quote

Status: offline

andyofne

Forum User
Chatty
Registered: 08/31/02
Posts: 69
killerbee80@mail.ru added to the list. I think this person is simply signing up at various web sites and forums and posting a link back to another site with adult content with hopes of earning refferal credit. Not sure if that's really setting up for spamming or hacking but it's annoying just the same.

(I deleted the same account from two unrelated geeklog sites I run)
 Quote

Status: offline

RichardTowler

Forum User
Chatty
Registered: 03/10/05
Posts: 49
Location:UK
Quote by samstone: I am getting this error after installing the Captcha:

document.xfrm.uword' is null or not an object


Any idea?

Sam


I'd like to bump this, as I get the same problem, but as I said in the comments, it works on the sign up page, no error , but not any other page on the website where the sign up page isn't on.
GameFaction - For All Your Gaming Needs
 Quote

ironmax

Anonymous
I have been getting the same problem and finally dove into the problem with a bit of luck. Okay first remove the body onload statement line from the index.thtml file and save it off.
Text Formatted Code

Current code used in Professional theme
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>{page_title}</title>
<!-- link rel="SHORTCUT ICON" href="{site_url}/favicon.ico" -->
<!--
<meta http-equiv="Pragma" content="no-cache">
-->
<link rel="stylesheet" type="text/css" href="{css_url}" title="{theme}">
</head>
<body onload="document.xfrm.uword.focus();">

{feed_url}
{plg_headercode}
{advanced_editor}

<script type="text/javascript">
    function delconfirm()
    {
 

 


Then goto your /layout/theme/custom directory where your memberdetail.thtml file is located and change it to whats list below. Notice the change for the body onload statement and placement of it.

Text Formatted Code

<!-- This is an example template file for the Custom User Registration Feature -->
<!-- To be located under theme/custom directory - Example XSilver/custom/memberdetail.thtml -->
<body onload="document.xfrm.uword.focus();">
{startblock}
{message}

<div align="center">
<form action="{post_url}" method="post" name="xfrm" onsubmit="return jcap();">
  <table width=500 border=0 cellspacing=0 cellpadding=0>
        <tr>


 


This change will work and got rid of the script error messages on the bottom of the IE web browser or other browsers that display such messages.
 Quote

Joanna Glass

Anonymous
I was hacked and don't know how to fix it. I am sure it is a simple fix, but with my 11 month old son teething I just can't seem to get a quiet moment to get my head around it.
How can I fix it?

Jo

http://youpayless.com/

 Quote

ironmax

Anonymous
Quote by Joanna Glass: I was hacked and don't know how to fix it. I am sure it is a simple fix, but with my 11 month old son teething I just can't seem to get a quiet moment to get my head around it.
How can I fix it?

Jo

http://youpayless.com/



Well Jo...would you enlighten us as to what your problem is and what makes you think that you got hacked? Please elaborate as to what happened and include any log portions that maybe relevent to this. We can't help if we don't know what happened.

I went to your site and it looked normal. The only thing I noticed was the script error message that I had previously had a fix for on my last posting. Follow that and your error script message should go away.

 Quote

Status: offline

RichardTowler

Forum User
Chatty
Registered: 03/10/05
Posts: 49
Location:UK
is anyone else still getting these spammers sign up after installing this?
GameFaction - For All Your Gaming Needs
 Quote

ironmax

Anonymous
I'm not getting them anymore, but then again, I've only had a few spammers, attempt to create an account on my site. But since captcha was installed, there's been no false signups at all.
 Quote

Status: offline

chiloso

Forum User
Junior
Registered: 04/18/05
Posts: 24
me threee... when i see new members w/the .ru extension, i delete them from my site. also on my geeklog profile i've removed my site. who do you think is doing this?
 Quote

Status: offline

RichardTowler

Forum User
Chatty
Registered: 03/10/05
Posts: 49
Location:UK
I'm getting like 1 every 2 days ish now, and some other random emails that I'm not sure about it, strange.
GameFaction - For All Your Gaming Needs
 Quote

Status: offline

RichardTowler

Forum User
Chatty
Registered: 03/10/05
Posts: 49
Location:UK
unfortuatly they are increasing in numbers again, and using a more varied range of email addresses.
GameFaction - For All Your Gaming Needs
 Quote

Status: offline

asmaloney

Forum User
Full Member
Registered: 02/08/04
Posts: 214
Quote by chiloso: me threee... when i see new members w/the .ru extension, i delete them from my site. also on my geeklog profile i've removed my site. who do you think is doing this?


chilso:

An easier way to do this is to simply block any signups from mail.ru. Go to system/lib-custom.php and add [or modify] the function custom_usercheck().

Something like this does the trick:

Text Formatted Code
function custom_usercheck ($username, $email)
{
    $msg = '';

        if ( stristr( $email, '@mail.ru' ) )
        {
                $msg = 'Due to the number of spam accounts created using this domain, we don't accept registration from <b>mail.ru</b>.  If you would still like to sign up, either use a different email address or contact us.  We apologise for any inconvenience.';
        }

    return $msg;
}

 


- Andy
 Quote

Page navigation

All times are EDT. The time is now 05:27 am.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content