- Posts: 56
- Thank you received: 0
A Guestbook User seen as a Hacker
17 years 3 months ago - 11 years 1 month ago #794
by Norman
A Guestbook User seen as a Hacker was created by Norman
Hi, I have a bona fide user who can access the Guestbook (1.7.2) and read messages. When he attempts to post a message, he gets the message,
But he is accessing the Guestbook from the correct Domain as far as I can tell. No-one else to my knowledge is seeing this problem.
Thanks,
Norman
Code:
You are attempting to submit this entry from an
UNAUTHORIZED LOCATION. Your IP Number and Address has been logged.
Please be warned that continuing your attempt to flood this guestbook may result
in legal action against you and your organization.
But he is accessing the Guestbook from the correct Domain as far as I can tell. No-one else to my knowledge is seeing this problem.
Thanks,
Norman
Last edit: 11 years 1 month ago by Pete.
Please Log in or Create an account to join the conversation.
17 years 3 months ago #795
by Pete
DigiOz Webmaster
www.digioz.com
Replied by Pete on topic A Guestbook User seen as a Hacker
Check to make sure his IP is not on the banned IP List. Or better yet, send me the guestbook config file, url and the user's IP address and browser type to
webmaster@digioz.com
.
DigiOz Webmaster
www.digioz.com
Please Log in or Create an account to join the conversation.
17 years 3 months ago #797
by Norman
Replied by Norman on topic A Guestbook User seen as a Hacker
Hi Pete,
I will take a look at the banned list first but I do not believe I have this user's IP address.
I thought that if the person was on the Banned IP List, then they would get a 'Banned' message.
The Internet Browser is IE7 and the O/S is XP.
Thanks,
Norman
I will take a look at the banned list first but I do not believe I have this user's IP address.
I thought that if the person was on the Banned IP List, then they would get a 'Banned' message.
The Internet Browser is IE7 and the O/S is XP.
Thanks,
Norman
Please Log in or Create an account to join the conversation.
17 years 3 months ago #798
by Norman
Replied by Norman on topic A Guestbook User seen as a Hacker
Not on the Banned IP List.
I forgot to mention that the Guestbook is being used more as a Message Board and requires a Username and Password to gain access. Don't see how that will make any difference though. As I said, it is not stopping others from posting.
Norman
I forgot to mention that the Guestbook is being used more as a Message Board and requires a Username and Password to gain access. Don't see how that will make any difference though. As I said, it is not stopping others from posting.
Norman
Please Log in or Create an account to join the conversation.
17 years 3 months ago #799
by Pete
DigiOz Webmaster
www.digioz.com
Replied by Pete on topic A Guestbook User seen as a Hacker
Here is a function that checks for that:
Can you get the browsers referrer header by having the visitor go to a new PHP script page containing the following code:
And then also get the server's referer by putting this code in a PHP file:
And post both those outputs here?
Thanks,
Code:
function check_referer($referers)
{
// If there are any referrers in the list ...
if (count($referers))
{
$found = false;
// Use the browsers referrer header.
$temp = explode("/",getenv("HTTP_REFERER"));
$referer = $temp[2];
if ($referer=="")
{
$referer = $_SERVER['HTTP_REFERER'];
list($remove,$stuff)=split('//',$referer,2);
list($home,$stuff)=split('/',$stuff,2);
$referer = $home;
}
// Check agains list.
for ($x=0; $x < count($referers); $x++)
{
if (eregi ($referers[$x], $referer))
{
$found = true;
}
}
// Refererer is blank.
if ($referer =="")
$found = false;
if (!$found)
{
// You might alter this to print some sort of error of your own.
echo "<b>You are submitting entry from an <b>unauthorized domain.</b><br><br>";
}
return $found;
}
else
{
return true;
}
}
Can you get the browsers referrer header by having the visitor go to a new PHP script page containing the following code:
Code:
<? echo getenv("HTTP_REFERER"); ?>
And then also get the server's referer by putting this code in a PHP file:
Code:
<? echo $_SERVER['HTTP_REFERER']; ?>
And post both those outputs here?
Thanks,
DigiOz Webmaster
www.digioz.com
Please Log in or Create an account to join the conversation.
17 years 3 months ago #800
by Norman
Replied by Norman on topic A Guestbook User seen as a Hacker
Pete, I tried both of those files and neither of them produce any output !!!!
Norman
Norman
Please Log in or Create an account to join the conversation.
Time to create page: 0.123 seconds