 |
boardom
b2 message board
|
| View previous topic :: View next topic |
| Author |
Message |
prolific
Joined: 28 Sep 2004
Posts: 29
|
 Posted: Mon Nov 29, 2004 3:38 pm Post subject: |
 |
|
| My CHMOD permissions were 644 but I changed them to 766 and tried the code once again and it still didn't work. I contacted my host, but she had no clue how to help me either. |
|
| Back to top |
|
 |
Sigg3
Joined: 03 Jul 2003
Posts: 896
Location: Oslo, Norway
|
| Posted: Mon Nov 29, 2004 3:43 pm Post subject: |
|
|
Ok. Let's take it from the top.
Someone is defacing your site. You've deleted the gm-b2.php and blogger-b2.php files, hence the executable shouldn't work... Hmm..
BUT you can't find the _require_ lines...
Heh. Have you tried changing your password?
And: What's your index.php code?
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
prolific
Joined: 28 Sep 2004
Posts: 29
|
| Posted: Mon Nov 29, 2004 11:12 pm Post subject: |
|
|
| Sigg3 wrote: | Ok. Let's take it from the top.
Someone is defacing your site. You've deleted the gm-b2.php and blogger-b2.php files, hence the executable shouldn't work... Hmm..
BUT you can't find the _require_ lines...
Heh. Have you tried changing your password?
And: What's your index.php code? |
He defaces my site hmm maybe four times in one week, if not more. I deleted gm-b2.php and blogger-b2.php, after doing a search on here and finding the security holes post.
I searched the b2functions.php file and couldn't find the require lines, so that I could do the security update.
I've changed my password for EVERYTHING and even had my host set my cpanel up under a different user name with a new password. I've blocked his IP address and last night he was still able to access my site from the blocked IP address, and left a comment on my blog.
I was having spam issues also, so that's why I thought to try the b2blacklist hack and that didn't work. I changed the CHMOD files permissions and tried the blacklist hack again, but it still didn't work.
It's a bit confusing, but I hope that's a little better lol.
Last edited by prolific on Mon Nov 29, 2004 11:15 pm; edited 1 time in total |
|
| Back to top |
|
|
prolific
Joined: 28 Sep 2004
Posts: 29
|
| Posted: Mon Nov 29, 2004 11:14 pm Post subject: |
|
|
index.php
Last edited by prolific on Thu Dec 02, 2004 11:30 pm; edited 1 time in total |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 896
Location: Oslo, Norway
|
| Posted: Tue Nov 30, 2004 9:36 pm Post subject: |
|
|
Since he doesn't have the same IP (signing on and off) blacklisting him will do little. If he didn't, I'd go .htaccess on his ass.
It isn't that strange that you haven't found it, since I'm looking at my original files, and it isn't showing.
Hmm.. It actually isn't in the original files. But, luckily for you, it is in my presently used files.
after
| Code: | # b2 fix for the bug with HTML comments
$newtext = str_replace("< !--","<!--",$newtext);
$newtext = str_replace("< !--","< !--",$newtext);
return $newtext;
}
|
add | Code: |
require_once("b2config.php");
require_once($b2inc."/lj_update.php");
?> |
At the very bottom of it all.
...I'm really sorry for the delay. I'll update the txt file right away.
CSS goes in-between <head>, btw.
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
prolific
Joined: 28 Sep 2004
Posts: 29
|
| Posted: Wed Dec 01, 2004 3:24 am Post subject: |
|
|
| Sigg3 wrote: | Since he doesn't have the same IP (signing on and off) blacklisting him will do little. If he didn't, I'd go .htaccess on his ass.
It isn't that strange that you haven't found it, since I'm looking at my original files, and it isn't showing.
Hmm.. It actually isn't in the original files. But, luckily for you, it is in my presently used files.
after
| Code: | # b2 fix for the bug with HTML comments
$newtext = str_replace("< !--","<!--",$newtext);
$newtext = str_replace("< !--","< !--",$newtext);
return $newtext;
}
|
add | Code: |
require_once("b2config.php");
require_once($b2inc."/lj_update.php");
?> |
At the very bottom of it all.
...I'm really sorry for the delay. I'll update the txt file right away.
CSS goes in-between <head>, btw. |
Alright I'll try it. 
I'll see if I can C75's new hack to work too. |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 896
Location: Oslo, Norway
|
| Posted: Wed Dec 01, 2004 9:12 am Post subject: |
|
|
The "Verify 1st word" hack does have a 'bug' or difficulty which might confuse the users, which has to do with the first letter being an image or a special character (ø for instance)...
I think it's best I wait until there has been some work-around done, before I upload it, because we don't want masses of users e-mailing their desperate cries for help and techniccal refuge.
_________________
Sigg3.net - You know you're worth it! | b2 Cafelog Resource Center | Fight my BattleImp! |
|
| Back to top |
|
|
prolific
Joined: 28 Sep 2004
Posts: 29
|
| Posted: Thu Dec 02, 2004 11:31 pm Post subject: |
|
|
I added it, but it's still showing up as that white screen. With this as the source code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD>
<BODY></BODY></HTML> |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 896
Location: Oslo, Norway
|
|
| Back to top |
|
|
prolific
Joined: 28 Sep 2004
Posts: 29
|
| Posted: Fri Dec 03, 2004 12:31 pm Post subject: |
|
|
| Code: | <?php
/* *
* b2's config file *
* */
# Reminder: everything that starts with #, /* or // is a comment
/* Start editing */
# $siteurl is your blog's URL: for example, 'http://mydomain.com' (no trailing slash !)
# $blogfilename is the name of the default file for your blog
# $blogname is the name of your blog
$siteurl = 'http://addickt3d.net/b2';
$blogfilename = 'index.php';
$blogname = "my weblog";
$blogdescription = "babblings !";
# fill these only if you have a Cafelog ID,
# this enables your blog to be in the Recently Updated b2 blogs list.
# to obtain this ID, e-mail [email protected] with these details:
# name of the weblog, weblog's URL, your e-mail address, and a password
# in the future, the password will allow you to change these details online
$cafelogID = '';
$use_cafelogping = 0; # set this to 1 if you do have a Cafelog ID
# $pathserver is where you have uploaded b2: for example, 'http://mydomain.com' (no ending slash !)
# by default b2 is set to run in the folder your blog resides, same as $siteurl
$pathserver = 'http://addickt3d.net/b2';
# your email (obvious uh ?)
$admin_email = '[email protected]';
# set this to 0 or 1, whether you want new users to be able to post entries once they registered
$new_users_can_blog = 1;
# set this to 0 or 1, whether you want to allow users to register on your blog.
$users_can_register = 1;
# day at the start of the week: 0 for Sunday, 1 for Monday, 2 for Tuesday, etc
$start_of_week = 1;
// ** MySQL settings **
# fill with your database details
$dbname = '**********';
$dbhost = 'localhost';
$dbusername = '**********';
$dbpassword = '***********';
# database tables' names (change them if you want to have multiple b2's in a single database)
$tableposts = 'b2posts';
$tableusers = 'b2users';
$tablesettings = 'b2settings';
$tablecategories = 'b2categories';
$tablecomments = 'b2comments';
// ** Post preview function **
# set this to 1 if you want to use the 'preview' function
$use_preview = 1;
// ** Spell Checker functions **
# set this to 0 to disable the spell checker, or 1 to enable it
$use_spellchecker = 1;
// ** Text formatting options **
# these options can help you format your text without using too much html
$use_bbcode = 0; // use BBCode, like [b]bold[/b]
$use_gmcode = 0; // use GreyMatter-styles: **bold** \italic\ __underline__
$use_quicktags = 1; // buttons for HTML tags (they won't work on IE Mac yet)
# IMPORTANT! set this to 0 if you are using Chinese, Japanese, Korean,
# or other double-bytes languages
$use_htmltrans = 1;
# this could help balance your HTML code. if it gives bad results, set it to 0
$use_balanceTags = 1;
# this would convert quotes into smart/curly quotes, set it to 1 to enable it
$use_smartquotes = 0;
// ** Image upload **
# set this to 0 to disable file upload, or 1 to enable it
$use_fileupload = 0;
# enter the real path of the directory where you'll upload the pictures
# if you're unsure about what your real path is, please ask your host's support staff
# note that the directory must be writable by the webserver (ChMod 766)
# note for windows-servers users: use forwardslashes instead of backslashes
$fileupload_realpath = '/home/addickt3/public_html/b2/images';
$fileupload_realpath = '/home/addickt3/public_html/b2/images';
# enter the URL of that directory (it's used to generate the links to the pictures)
$fileupload_url = 'http://addickt3d.net/b2/images';
# accepted file types, you can add to that list if you want
# note: add a space before and after each file type
# example: $fileupload_allowedtypes = ' jpg gif png ';
$fileupload_allowedtypes = ' jpg gif png ';
# by default, most servers limit the size of uploads to 2048 KB
# if you want to set it to a lower value, here it is (you cannot set a higher value)
$fileupload_maxk = '96';
# you may not want all users to upload pictures/files, so you can set a minimum level for this
$fileupload_minlevel = '1';
# ...or you may authorize only some users. enter their logins here, separated by spaces
# if you leave that variable blank, all users who have the minimum level are authorized to upload
# note: add a space before and after each login name
# example: $fileupload_allowedusers = ' barbara anne ';
$fileupload_allowedusers = '';
// ** LiveJournal Integration settings **
// enable livejournal integration
$use_ljupdate = 1;
// database tables' names (change them if you want to have multiple b2's with ljupdate in a single database)
$tableljusers = 'ljusers';
$tableljposts = 'ljposts';
// post default settings
// lju_post: 0/1 - post to LiveJournal
// lju_disablecomments: 0/1 - disable commentting on the post at LiveJournal
// lju_sourcefooter: 0/1 - include a link back to the b2 post
$lju_post = 1;
$lju_disablecomments = 1;
$lju_sourcefooter = 1;
// ** end LiveJournal Integration settings **
// ** RSS syndication options **
# these options are used by b2rdf.php (1.0), b2rss.php (0.92), and b2rss2.php (2.0)
# note: if you don't want to syndicate your news, you can delete these files
# number of last posts to syndicate
$posts_per_rss = 10;
# the language of your blog ( see this: http://backend.userland.com/stories/storyReader$16 )
$rss_language = 'en';
# for b2rss.php: allow encoded HTML in <description> tag? 1=yes, 0=no
$rss_encoded_html = 0;
# length (in words) of excerpts in the RSS feed? 0=unlimited
# note: in b2rss.php, this will be set to 0 if you use encoded HTML
$rss_excerpt_length = 50;
// ** Weblogs.com ping **
# set this to 1 if you want your site to be listed on http://weblogs.com when you add a new post
$use_weblogsping = 0;
// ** Blo.gs ping **
# set this to 1 if you want your site to be listed on http://blo.gs when you add a new post
$use_blodotgsping = 0;
# if you ping blo.gs, this is the URL that will be sent to it (enter your blog's URL):
$blodotgsping_url = 'http://addickt3d.net/b2';
// ** Trackback / PingBack **
# set this to 0 or 1, whether you want to allow your posts to be trackback'able or not
# note: setting it to zero would also disable sending trackbacks
$use_trackback = 0;
# set this to 0 or 1, whether you want to allow your posts to be pingback'able or not
# note: setting it to zero would also disable sending pingbacks
$use_pingback = 0;
// ** Comments options **
# set this to 1 to require e-mail and name, or 0 to allow comments without e-mail/name
$require_name_email = 0;
# here is a list of the tags that are allowed in the comments.
# you can add tags to the list, just add them in the string,
# add only the opening tag: for example, only '<a>' instead of '<a href=""></a>'
$comment_allowed_tags = '<b><i><u><strong><em><code><blockquote><p><br><strike><a>';
# set this to 1 to let every author be notified about comments on their posts
$comments_notify = 0;
// ** Smilies options **
# set this to 1 to enable smiley conversion in posts
# (note: this makes smiley conversion in ALL posts)
$use_smilies = 0;
# the directory where your smilies are (no trailing slash)
$smilies_directory = 'http://addickt3d.net/b2/b2-img/smilies';
# here's the conversion table, you can modify it if you know what you're doing
$b2smiliestrans = array(
':)' => 'icon_smile.gif',
':D' => 'icon_biggrin.gif',
':-D' => 'icon_biggrin.gif',
':grin:' => 'icon_biggrin.gif',
':)' => 'icon_smile.gif',
':-)' => 'icon_smile.gif',
':smile:' => 'icon_smile.gif',
':(' => 'icon_sad.gif',
':-(' => 'icon_sad.gif',
':sad:' => 'icon_sad.gif',
':o' => 'icon_surprised.gif',
':-o' => 'icon_surprised.gif',
':eek:' => 'icon_surprised.gif',
'' => 'icon_eek.gif',
'' => 'icon_eek.gif',
':shock:' => 'icon_eek.gif',
':?' => 'icon_confused.gif',
':-?' => 'icon_confused.gif',
':???:' => 'icon_confused.gif',
'8)' => 'icon_cool.gif',
'8-)' => 'icon_cool.gif',
':cool:' => 'icon_cool.gif',
':lol:' => 'icon_lol.gif',
':x' => 'icon_mad.gif',
':-x' => 'icon_mad.gif',
':mad:' => 'icon_mad.gif',
':P' => 'icon_razz.gif',
':-P' => 'icon_razz.gif',
':razz:' => 'icon_razz.gif',
':oops:' => 'icon_redface.gif',
':cry:' => 'icon_cry.gif',
':evil:' => 'icon_evil.gif',
':twisted:' => 'icon_twisted.gif',
':roll:' => 'icon_rolleyes.gif',
':wink:' => 'icon_wink.gif',
';)' => 'icon_wink.gif',
';-)' => 'icon_wink.gif',
':!:' => 'icon_exclaim.gif',
':?:' => 'icon_question.gif',
':idea:' => 'icon_idea.gif',
':arrow:' => 'icon_arrow.gif',
':|' => 'icon_neutral.gif',
':-|' => 'icon_neutral.gif',
':neutral:' => 'icon_neutral.gif',
':mrgreen:' => 'icon_mrgreen.gif',
);
# the weekdays and the months.. translate them if necessary
$weekday[0]='Sunday';
$weekday[1]='Monday';
$weekday[2]='Tuesday';
$weekday[3]='Wednesday';
$weekday[4]='Thursday';
$weekday[5]='Friday';
$weekday[6]='Saturday';
# the months, translate them if necessary - note: this isn't active everywhere yet
$month['01']='January';
$month['02']='February';
$month['03']='March';
$month['04']='April';
$month['05']='May';
$month['06']='June';
$month['07']='July';
$month['08']='August';
$month['09']='September';
$month['10']='October';
$month['11']='November';
$month['12']='December';
# $b2inc is where the included b2 files are: that's generally the directory b2-include,
# so you shouldn't have to change that setting
$b2inc = './b2-include';
// ** Querystring Configuration ** (don't change if you don't know what you're doing)
$querystring_start = '?';
$querystring_equal = '=';
$querystring_separator = '&';
// ** Configuration for b2mail.php ** (skip this if you don't intend to blog via email)
# mailserver settings
$mailserver_url = 'mail.example.com';
$mailserver_login = '[email protected]';
$mailserver_pass = 'password';
$mailserver_port = 110;
# by default posts will have this category
$default_category = 1;
# subject prefix
$subjectprefix = 'blog:';
# body terminator string (starting from this string, everything will be ignored, including this string)
$bodyterminator = "___";
# set this to 1 to run in test mode
$thisisforfunonly = 0;
### Special Configuration for some phone email services
# some mobile phone email services will send identical subject & content on the same line
# if you use such a service, set $use_phoneemail to 1, and indicate a separator string
# when you compose your message, you'll type your subject then the separator string
# then you type your login:password, then the separator, then content
$use_phoneemail = 0;
$phoneemail_separator = ':::';
/* Stop editing */
$HTTP_HOST=getenv('HTTP_HOST'); /* domain name */
$REMOTE_ADDR=getenv('REMOTE_ADDR'); /* visitor's IP */
$HTTP_USER_AGENT=getenv('HTTP_USER_AGENT'); /* visitor's browser */
$server = $dbhost;
$loginsql = $dbusername;
$passsql = $dbpassword;
$path = $pathserver;
$base = $dbname;
?> |
|
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 896
Location: Oslo, Norway
|
|
| Back to top |
|
|
prolific
Joined: 28 Sep 2004
Posts: 29
|
| Posted: Fri Dec 03, 2004 5:05 pm Post subject: |
|
|
| Sigg3 wrote: | If he/she's registering:
| Quote: | # set this to 0 or 1, whether you want new users to be able to post entries once they registered
$new_users_can_blog = 1; |
Set to 0 and upgrade users once they're registered.
but I need to see your index.php *again* :p |
Nope he hasn't registered. But he hasn't bothered me in a fews days so I'm guessing he either can't do it..since I deleted the blogger-b2.php and gm-b2.php files.
But if I do that will users have to register on my blog to comment?
| Code: | <?php /* Don't remove this line, it calls the b2 function files ! */ $blog=1; include ("blog.header.php"); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<!-- layout credits goto http://bluerobot.com/web/layouts/layout2.html -->
<head>
<LINK REL=stylesheet HREF="http://addickt3d.net/b2/style.css" TYPE="text/css">
<style type="text/css">
html {
scrollbar-track-color: #282D4A;
scrollbar-face-color: #282D4A;
scrollbar-highlight-color: #FFFFFF;
scrollbar-3dlight-color: #282D4A;
scrollbar-darkshadow-color: #694501;
scrollbar-shadow-color: #FFFFFF;
scrollbar-arrow-color: #D6DCF6;
}
<!--
A:link {color:#FFFFFF};}
A:visited {color:#FFFFFF;}
A:active {color:#FFFFFF;}
A:hover{color:#282D4A;
background color:#D6DCF6}
}
-->
<!-- body{background color:#282D4A}
//--></style>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="reply-to" content="<?php bloginfo('admin_email'); ?>" />
<meta http-equiv="imagetoolbar" content="no" />
<meta content="TRUE" name="MSSmartTagsPreventParsing" />
<style type="text/css" media="screen">
@import url( style.css );
</style>
<link rel="stylesheet" type="text/css" media="print" href="print.css" />
<link rel="alternate" type="application/rdf+xml" title="RDF" href="<?php bloginfo('rdf_url'); ?>" />
<link rel="alternate" type="application/rss+xml" title="RSS" href="<?php bloginfo('rss2_url'); ?>" />
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
<?php comments_popup_script() ?>
</head>
<div id="content">
<!-- // b2 loop start -->
<?php while($row = mysql_fetch_object($result)) { start_b2(); ?>
<table width="300" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
</tr>
<tr>
<td bgcolor="DDE2FF"><div align="right"><?php the_date("","<b>","</b>"); ?> <b>@</b>
<?php the_time(); ?>
</div></td>
</tr>
<tr>
<td bgcolor="DDE2FF"><div align="justify">
<br><?php the_content(); ?></tr></td><br><tr>
</div></td>
</td>
<td bgcolor="DDE2FF"><div align="right"><br><b>Jheanelle</b> [ <a href="http://www.livejournal.com/~x___dulce/" target="newwindow">lj</a>
<b>♥</b> <a href="http://couture.addickt3d.net" target="newwindow">couture</a>
<b>♥</b><?php comments_popup_link("get hooked? (0)", " fiends(1)", " can't get enough(%)") ?>]<?php include ("b2comments.php"); ?></font></td>
</tr> </td> </table>
<!-- // this is just the end of the motor - don't touch that line either :) -->
<?php } ?>
</div>
<br>
<br>
<div align="right">[powered by <a href="http://cafelog.com" target="_blank"><b>b2</b></a>.]<br />
</body>
</html |
> |
|
| Back to top |
|
|
Sigg3
Joined: 03 Jul 2003
Posts: 896
Location: Oslo, Norway
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB 2 © 2001, 2002 phpBB Group
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
