zpry

Aww. I use to have a guinea pig named "Piggie" too, she was our families first Guinea Pig. She only lived four years. Then we got another one, because we loved Piggie so much. I am sure Piggie had a good life, six years is exceptional for a Guinea Pig. Did yours have any funny little habits? Both of ours use to squeak if we snapped scissors, because they knew that sound meant we were going to go outside and possibly bring in a handful of grass! (the green backyard kind people!) zoey

My family and I have been using Mac's since 1997. We've never had a Mac die on us, although we put the original Mac we purchased in 97 to sleep. I have to say - the Mac ads with the PC and Mac guy are hilarious though - aren't they?

I have one more update on this issue - cripes! I discovered today that in my new updated Lazarus Guestbooks - the Admin passwords had been reset! I knew I hadn't forgotten them so I was pretty confused. So, when I looked at my new guestbook files, in the TEMP and PUBLIC directories, there were files added there at the exact same time of the hack earlier in the week (see above posts) I deleted those files.. (I did download them and looked at them - but have no clue what they are or were trying to do - if anyone wants to see them I will save them) but my password still didnt work, so I went to the Lazarus Guestbook site and downloaded the little fix he made that resets your password. I did that fix, and all is well. My new guestbooks were never hacked into or spammed, but somehow my admin password did get reset. I am even more certain than ever that the way the site was hacked was through those OLD guestbooks.. that I should have deleted. Ok.. hopefully this will be my last post to this thread and nothing else turned up damaged. z

Thanks everyone, I feel the need to update this thread, because for the last few days I have been keeping a close eye on everything to see if I could see where the problem was. I had also been googling to see if I could find any one else having problems with phpmychat. At this point, I don't think it was the chatroom script that was the vunerable script.. and I'll explain why.. This morning I was looking around in my cpanel and realized that I did have some old scripts still installed - two very old advanced guestbooks (yes, the advice above was weighing on my mind about uninstalling old scripts) - I had kept them installed, because they had been very large with lots of signatures from friends and I wanted to keep them as records, though I had no links to them on my website, so I didn't think they would get visitors. I went to look at those guestbooks, and immediately the same message came up that a Mime file was downloading. I also noticed that the guestbook signatures had been corrupted and I saw a lot of links that had the word Russia in them (reminded me of the localization directory name) I forced quit my browser, and then went all through my site making sure nothing had been damaged, and then I went into cpanel and removed those old guestbooks and deleted their databases. So, now I am thinking that was the entry point. At least I hope so. I also deleted all the languages from my phpmychat localization directory except English, just because I worried that was the vunerable entry point after reading some stuff I found on the net about hacks into Phpmychat. The stuff I found wasn't in english, but from what I saw, they were using those language files to access. I alsp found this article, but I really dont understand it and it didn't really seem to apply to what happened at my site. http://www.securityfocus.com/bid/13627/discuss So, that is all I am going to do for now unless something else happens. .. hopefully not! Thanks for the advice about removing old unused scripts, as I think that was the bit that is going to save me in the long run. Thanks for the friendly replies too. z

I recently updated my Advanced Guestbooks to Lazarus(sp) guestbooks.. and the spamming to them was stopped. I also have kept my message boards. Other than that I don't have any scripts - except the chatroom. That program does seem very old and their website on sourceforge hasn't added anything new for a few years. If anyone can recommend a chatroom that is more up to date and secure.. simple is fine - I would appreciate that. I did that, and since I knew the approximate time that the site was hacked I was able to focus in on that hour. I didn't see anything unusual. I also constantly check my recent visitors. I keep a close eye on my error log too and I do notice things fairly quickly that are unusual. In recent months I have found hotlinking from myspace which I stopped and guestbook visitors going directly to the forms.. and I stopped them too. I tried to see my ftp logs, but couldn't figure out how to do that, when I clicked on those links in the cpanel (FTP/Account Maintenance) "You can download your raw access logs at the following URLs using the loginsmiling_logs and your account password: " the error came up.. "You dont have permission to open this page" .. I could see my password in the link that was in the address bar, so I know that wasn't the issue. I tried all the links that were in there. Can I get to these logs using FTP? Where are they among all the directories? Thanks, I don't like red buttons flashing - they make me nervous! zoey

Yesterday at 3:55 PM EST the chatroom at my site stopped working. This was noticed almost immediately by my site visitors, the chat has been very popular with them for the past six months and has been up and operational for the past year or so. I didn't notice until later in the evening that four of my main index.html files had also been affected. The main www.****/index.html file had been updated at 3:55 pm, and the other three files www.****/section1/index.html etc... Each of those index pages contained a link to someplace and the main index page contained a link to a mime file - when you would visit the main site page, a mime file would try to load and an error message would scroll down from the browser saying I didn't have the right program to run the mime. I then investigated my chat files. Inside the chat directory, under public_html /chatmaindirectory/chat/localization/ The entire localization directory and all the language files inside, had been updated at 3:55 PM. I also noticed that my server status link (I am on server 20) was showing one red button and one yellow button all the rest were green. Disk hda1 (/boot) 95 % (RED BUTTON) Disk hda7 (/home) 84 % (yellow botton) So, I wrote a help ticket up and explained all this. Unfortunately, the only responses I got were very standard. I was told not to share my password with anyone, to check the recent visitors and to check IPs that access my cpanel. They did ask if I wanted to restore to a backup... but I have my own backed up files. I uploaded them with FTP and my site is working just fine again. I guess I was hoping that support might be interested in helping me find what caused this, where my site is vunerable, and help me prevent it from happening again. any input would be appreciated. ~zpry

I had a similiar problem with a sound file on my site. I noticed "lone" hits to this sound file in my recent visitors link in cpanel. I was able to visit the myspace.com pages that had the link, and viewing the source, I noticed some sort of work around in the link that got past my hotlink protection. I think the link gets past it opening a new window or something like that. I think the quickest solution is to change the name of the image - sound file that they are linking too. You will get tons of error messages, but at least they aren't taking your bandwidth. What I did in my situation, was I removed the sound file and then I investigated the guy who was posting my sound file in each and every one of his myspace.com replies. He had a photobucket account, and I emailed him through that. I wrote him a friendly email explaining how I had to play extra for my bandwidth (telling a small white lie since I actually caught the problem early) and he actually wrote me back and apologized and said he would stop posting links to my sound file. ha! Turns out he was just a clueless teen and not a scary hacker teen. So my problem is solved. Bandwidth saved! Still, I have to wonder how myspace is getting past my hotlink protection. Perhaps they even instruct their users how to link to images, since this guy didn't appear to be particularly web savvy. I wish there was some way to just totally block links coming in from that particular blogger service. I don't like myspace.com - I think this is a bigger problem than most of us realize.

Thanks - I just reopened my ticket. I think the problem is that I had so many problems a few day ago - that the guestbooks seemed like the least of them at the time. I kept checking the forums over the last few days to see if anyone else had a problem with their guestbooks!

The other day my server (20) was updated and there were problems with the php pages. That is all working fine now after I sent in my help ticket. The only residual problems I have left are my guestbooks. I can go into a lot more detail about the series of events that led up to my current problem.. but I will save that only for those interested, or if you think it will help correct the problem. Basically - the problem is this now. My current two guestbooks do not work. I had updated them from within Cpanel to a newer version, and after doing so, when I try to visit them now I get this error. Fatal error: Call to undefined function: session_pagestart() in /home/smiling/public_html/guestbook_candy/index.php on line 31 I then tried to install a brand new Advanced Guestbook from the Cpanel. I just clicked the link to install a brand new guestbook- and that guestbook gives me the same error when I try to visit it. What I REALLY would like is to have my two old guestbooks back working, but at this point I would even be happy with starting fresh with two new guestbooks - but I can't get a new one to work either. I am pretty sure that when I installed the first guestbooks a year or so ago that all I had done was click the button in Cpanel and it did all the work for me. Is anyone else having problems with their Advanced Guestbooks? I really like to keep things simple, and using the programs that are inside Cpanel is what I prefer to do. I do know how to use my sabEthaedit to change my text files. I am not that confident with most of this stuff though - so, any clear simple advice would be appreciated.

This post certainly caught my attention! I also have hotlinking blocked at my website - and noticed this past month one sound file being loaded over and over from - guess where? myspace.com There was one user there who commented to all his friends blogs with a link to my sound file. The sound file just said "ewwweee" - but after thousands and thousands of loads it really was eating up my bandwidth! I think I discovered it pretty quickly though, because I saw links to a sound file in the recent visitor part of cpanel, without any page referral. I removed the sound file to stop the hotlinking. Now I am getting thousands of 404 error notices. Somehow I was able to find a link to a myspace.com page with a link to my file on it. I viewed the source of the page and studied the link that the guy used to see how he was getting around my hotlink protection. The link had a beginning to it that said something like script=no, then it apparently opened a new window. I am no expert, but here is my guess. I think the no script thing is why I cant see a referrer for most of these hits. I also think the opening of a new window is how they get around the hotlink, because I do allow pasting of the link into a new browser window, and letting visitors access my content that way. I am IRKed about it, but - I don't want to actually do anything, like exchange the sound file with something mean-since that would only bring attention to me out there, and would cause retribution. The guy and all his pals would then link to my other sound files. LOL So, now I am just keeping an eye out for this happening again. I don;t think he realizes yet that the sound file isn't loading. I guess if this happens again, I may have to _Not Allow_ the pasting of the link into a new browser window thing. I wonder if myspace is actually encouraging this sort of thing someplace on their site. The guy that was hotlinking to my sound file didn't seem to have the sophistication (just looking at his blog) to have figured this out on his own. I wonder if there is some way to block links from myspace.com specifically. I certainly have no use for them.

Hi Jim, As I was preparing to write up the trouble ticket, I tried experimenting by making another web protected folder so I could write down the steps I had taken. At first I wasn't even able to do that, which seemed odd to me since I was able to do this originally. This is when I started to really suspect a browser problem, as I am using Safari, (Mac OSX) and it sometimes refuses to let me type in the end of addresses - it can be pretty stubborn if it "thinks" it knows where I want to go. Overall though, it's my favorite browser to use for lots of other reasons. So I opened up Internet Exlorer, and was able to create a new web protected folder. Then - without closing Internet Explorer, I tried to remove the web protection, and Intenet Explore wouldn't let me. It wouldn't let me access the webprotect menu page! It acted just like Safari had acted at this point. After I completely closed Internet Explorer and restarted it - THEN I was able to access the page where the web protect menu was. Safari on the other hand, continues to be stubborn even after closing and restarting it. So - this all seems like just a bunch of browser issues to me and the way they handle already visited pages. No need for a trouble ticket at this point, - but thank you very much for listening to me whine! warmly, z

newbie here - so forgive me if this is posted in the wrong place Recently I "web protected" a folder and created two users with their own passwords. That all worked fine, and one person has downloaded the private content, and another one is planning to on Monday. Today I wanted to delete one of the users. I went to the cpanel, and back to the choice for web protect, and then I saw the locked folder. I clicked on that, but when I went to choose the folder again (to get to the menu I remember seeing in side when I first protected the folder) , the browser acts like its going to load something, but it doesnt. I tried clicking both the folder, and the name of the folder, but once it's web protected, I can't get back in to that menu. I tried using another browser, thinking that might work - it didnt. Even if I can't figure this out - I plan to just remove the entire folder in a week or so anyway, but I figured I would ask about this, just incase I was doing something wrong. thanks in advance, z

I looked from my laptop - running Mac OS 9.2 and IE - and it looked fine, and then I instant messaged my hubby across the room, and he looked from a Mac OSX on the Safari browser, and it looked perfect too. z