Reo Posted June 1, 2017 Share Posted June 1, 2017 The guestbook is at: http://moonrock.000webhostapp.com/battersea/gbook/guestbook.php?i=6 When a post is done I receive an e-mail with the opportunity to delete the message entered in guestbook. When I click that particular link an error occurs saying: Fatal error: Uncaught Error: Call to undefined function ereg_replace() in /storage/ssd4/157/1580157/public_html/battersea/gbook/guestbook.php:39 Stack trace: #0 {main} thrown in /storage/ssd4/157/1580157/public_html/battersea/gbook/guestbook.php on line 39 The guestbook is downloaded at: http://www.inverudio.com/guestbook/ Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/ Share on other sites More sharing options...
benanamen Posted June 1, 2017 Share Posted June 1, 2017 Your code is outdated. ereg_replace has been removed from Php. http://php.net/manual/en/function.ereg-replace.php Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547013 Share on other sites More sharing options...
Reo Posted June 1, 2017 Author Share Posted June 1, 2017 So, the solution is to manually remove the actual post from file gbcontentfile.php which is generated upon posting? Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547016 Share on other sites More sharing options...
benanamen Posted June 1, 2017 Share Posted June 1, 2017 You obviously did not even look at the link I posted or you would have seen the solution in the big red box. Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547020 Share on other sites More sharing options...
Jacques1 Posted June 1, 2017 Share Posted June 1, 2017 (edited) The guestbook application has a full-blown code injection vulnerability in the gbcontentfile.php script: So what you need to do is get rid of the application and scan the server for signs of attacks. Even better: Nuke the server from orbit and start fresh, this time without the guestbook. If you want the entries back, scrape them from the gbcontentfile.php script, manually check them and then put them into a database where they belong. I cannot stress this enough: Do not use dubious PHP scripts from random websites. You have no idea what the intentions of the authors are, you have no idea if they're competent. Actually, those code-for-free websites are usually crap. The fact that they want write access to your server is deeply worrying and something you should not accept. I'm sure you wouldn't download random executables from the Internet and run them on your PC. So don't download random PHP scripts and run them on your server. This is just as bad, if not worse. If you need a feature and cannot or don't want to implement it yourself, then use a professional solution which is actively maintained on a platform like GitHub, preferrably by more than one person. Update it regularly. Don't just type "guestbook" into Google, download the first result and then let it rot. Edited June 1, 2017 by Jacques1 Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547021 Share on other sites More sharing options...
Reo Posted June 1, 2017 Author Share Posted June 1, 2017 Yes, It is a bit shady that the only way to contact the author is by a donate button. I might try something else. Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547023 Share on other sites More sharing options...
benanamen Posted June 2, 2017 Share Posted June 2, 2017 I can confirm this is a very dangerous script. You need to remove it from your server immediately! Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547029 Share on other sites More sharing options...
Reo Posted June 5, 2017 Author Share Posted June 5, 2017 Here is another one, if it is dubious or not I cant tell. http://ricargbook.adrielmedia.com/download.php I got stuck at: Point your browser to http://yoursite.com/ricargbook/install.php. Where ricargbook is the directory where you uploaded the script.The error is: Parse error: syntax error, unexpected end of file in /storage/ssd4/157/1580157/public_html/battersea/ricargbook/install.php on line 246 Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547076 Share on other sites More sharing options...
benanamen Posted June 5, 2017 Share Posted June 5, 2017 (edited) You might want to consider actually learning how to write a guestbook properly instead of just grabbing stuff off the net. We are not going to continually debug and search for vulnerabilities in random third party scripts. If you just grab a script, assume it is vulnerable and insecure because it probably is. Did you happen to notice the 2007 script date? That is your first clue you should not be using it. Edited June 5, 2017 by benanamen Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547078 Share on other sites More sharing options...
Jacques1 Posted June 5, 2017 Share Posted June 5, 2017 (edited) if it is dubious or not I cant tell. How about listening and applying common sense? I've already explained what you need to look out for. Even if you missed that entirely, I'm sure you're old enough to think for yourself. For example, what does it tell you that the software hasn't been updated since 2007? Do you think that's a sign of quality? Or could that be a problem? Here's your personal checklist: Is the code hosted on a private homepage rather than a proper platform like GitHub? bad Has the project not been updated for a long time? bad Is there only one person working on the project? bad The thing is that guestbooks are somewhat old-fashioned and not very interesting for competent programmers, so if you know anything about PHP, probably the easiest way is to just write it yourself. Or use a more modern form of user interaction like comments (see Disqus, for example). Edited June 5, 2017 by Jacques1 Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547079 Share on other sites More sharing options...
Reo Posted June 5, 2017 Author Share Posted June 5, 2017 No, I dont know much about Php, but I have learnt HTML by trail and error. And again, a guestbook is not that overly important, so lets leave it at that. Quote Link to comment https://forums.phpfreaks.com/topic/304060-problem-with-guestbook/#findComment-1547080 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.