PHPFusion.co.hu HACKED!?: The Chill Out Zone

Home
Search

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site, or upgrade to a Web browser that does support JavaScript.

Somebody wrote a message to the Hungarian Support Site's guestbook (v2.1)...
(2006. nov 22. 21:14:46) you can see here:
http://www.php-fusion.co.hu/images/ba...87.224.png
the picture was a link to: http://isthe.sitemynet.com/index.html
the picture is in the imageshack.us: http://img97.imageshack.us/img97/7126...nr2yh7.jpg
his e-mail adress (maybe): bjkibrahim1903@hotmail.com
IP: 88.230.187.224 (Tukish)
We baned his IP... He wasn't registrated user...

Is it a joke, or it's real? Is he dangerous? We didn't see anything else...

0 replies

The "hacker" had this two ip:
88.230.115.164 - in Norwegian site
88.230.187.224 - in Hungarian site
This two IP are Turkish, and used by Turk Telekom.
Turk Telekom's IPs: 88.224.0.0 - 88.255.255.255
If he a real hacker, we shoud ban 88.224, 88.225, ..., 88.255
But, he only lniked an image, so i think it didn't a real hack.
If you mod the gyuestbook, you shoudn' ban any user...

0 replies

Ok so which ip's should I ban and unban?

0 replies

I have made a little mod that maybe will help a little bit. Feel free to use it if you want.

What it does is simply only show the [img] and [url] tags like text instead of showing the picture and link.

The guestbook infusion /infusions/guestbook/guestbook.php use maincore.php to get the bbcode formatting to work. Maincore.php located in root contains the [img] og [url] tags and it is needed to get bbcode to work in the forum, shoutbox, etc. Because of this I didn't edit maincore.php located in root.

1) Instead I made a copy of maincore.php and put the copy in the /infusions/guestbook/ folder where also guestbook.php is located.

In the maincore.php copy I commented out (//) the [img] and [url] tags. I usually do comment out instead of deleting code for easier to remember what I have changed.

Edit /infusions/guestbook/maincore.php like this:

Code Download source

[color=red]//[/color]$text = preg_replace('#\[url\]([\r\n]*)(http://|ftp://|https://|ftps://)([^\s\'\";\+]*?)([\r\n]*)\[/url\]#si', '<a href=\'\2\3\' target=\'_blank\'>\2\3</a>', $text);
   [color=red]//[/color]$text = preg_replace('#\[url\]([\r\n]*)([^\s\'\";\+]*?)([\r\n]*)\[/url\]#si', '<a href=\'http://\2\' target=\'_blank\'>\2</a>', $text);
   [color=red]//[/color]$text = preg_replace('#\[url=([\r\n]*)(http://|ftp://|https://|ftps://)([^\s\'\";\+]*?)\](.*?)([\r\n]*)\[/url\]#si', '<a href=\'\2\3\' target=\'_blank\'>\4</a>', $text);
   [color=red]//[/color]$text = preg_replace('#\[url=([\r\n]*)([^\s\'\";\+]*?)\](.*?)([\r\n]*)\[/url\]#si', '<a href=\'http://\2\' target=\'_blank\'>\3</a>', $text);

Code Download source

[color=red]//[/color]$text = preg_replace("#\[img\]((http|ftp|https|ftps)://)(.*?)(\.(jpg|jpeg|gif|png|JPG|JPEG|GIF|PNG))\[/img\]#sie","'<img src=\'\\1'.str_replace(array('.php','?','&','='),'','\\3').'\\4\' style=\'border:0px\'>'",$text);

2) Now we just need to tell /infusions/guestbook/guestbook.php to not use maincore.php from root but from /infusions/guestbook/ folder.

Change /infusions/guestbook/guestbook.php like this:

Comment out:

Code Download source

[color=red]//[/color]require_once "../../maincore.php";

and right after add the following:

Code Download source

require_once "maincore.php";

You can ofcourse just delete the ../../ from the first code too, but as told before I like to comment out (//) too easier see what I have done :)

I hope my explanation is good enough :)

0 replies

"Hacker" picture removed from Imageshack :p
img97.imageshack.us/img97/7126/safgc3nr2yh7.jpg

http://img97.imageshack.us/img97/7126...nr2yh7.jpg

0 replies

Hi Allz!

Settled our differences.

The Hungarian support site is not banned all turkish users.
Only the lamer "hacker" IP's.

Guestbook is deleted and created another technical guestbook.

All turkish users henceforward and welcomed in Hungarian support site.

Best Regards.

0 replies

Well, as I see it; it is not a hack. The noob only placed a [img] tag with a [url] on. That's all. I think it's not hard to add/remove a little code to not allow these two tags.

0 replies

I am a Turkish, really it's so bad...

0 replies

now we too... sorry turkish users... thanks to this "hacker"...

0 replies

rofl. I banned all the ips posted in this thread :D

Edited by Saint Jimmy on 23-11-2006 22:28, 18 y

0 replies

Turkey seems to be a hotbed of losers with nothing better to do, so shut them out and don't worry about it. Stupid people. What is wrong with these guys? Most are basic FTP attacks though, not FUSION related.

What do you expect with a 9.3% unemployment rate.... (add 4% for under-employment).

Edited by czechmate on 23-11-2006 21:28, 18 y

0 replies

Ephyx deleted the guestbook, so we dont't ban every Turkish user..
maybe it's enough..

edit: now all turkish user has benn baned...

Edited by Korcsii on 23-11-2006 21:55, 18 y

0 replies

Yes, maybe, but that will also shut all other Turkish users out.

0 replies

Turk telecom: 88.224.0.0 - 88.255.255.25
so we may ban all?

0 replies

Same ****ER at the Norwegian site too:

This was his message:

HACKED BY Isthe_Rap
HACKED BY Isthe_Rap
HACKED BY Isthe_Rap
[url*=http://isthe.sitemynet.com/index.html]
[img*]http://img97.imageshack.us/img97/7126/safgc3nr2yh7.jpg[/img][/url]
(remove the two *)

Edit1:
On our site he had this IP: 88.230.115.164

I dont think he is very dangerous though, because it's not really a hack. He just added a image with a link on.

Edit2: I have reported the image for deletion at Imageshack.

Edited by Ken on 24-11-2006 13:47, 18 y

0 replies

Category Forum

General Discussion

Labels

None yet

Statistics

Views 0 views
Posts 14 posts
Votes 0 votes
Topic users 6 members

6 participants

Notifications

Track thread

You are not receiving notifications from this thread.

PHPFusion.co.hu HACKED!?

14 posts

PHPFusion

Resources

Community

Development