PDA

View Full Version : Spyware Homepage Spam thingy


Zach
05-13-2004, 10:00 PM
I read a few posts about url spamming and spyware screwing with members homepages -

Just threw this together - just copying my post from over at .com -


Ok this should at least screw with em and slow em down (very simple)





find





// ############################### start dst autodetect switch ###############################



in profile.php (html|php3|etc)







add this right above that line





$homepage=$$bbuserinfo[username];













Then in templates - find the modifyprofile template



find

<td>$vbphrase[home_page_url]:<br /><input type="text" class="bginput" name="homepage" id="tb_homepage" value="$bbuserinfo[homepage]" size="50" maxlength="200" /></td>







make it this


<td>$vbphrase[home_page_url]:<br /><input type="text" class="bginput" name="$bbuserinfo[username]" id="tb_homepage" value="$bbuserinfo[homepage]" size="50" maxlength="200" /></td>












Let me know if this works - I am not sure if it will get past init.php or not - some of my files are not very vBulletinish anymore



Also, if anyone that is getting this, do me a favor - pm me the sites, urls - I personally have not had this at all that I have noticed - which makes me wonder if the spyware garbage is keying in on either urls that have forum in it, or its looking for profile.php, or if it is just looking for formfields name hompage. (I use .html so if its looking for profile.php, it would never hit me)



Gonna go see if I can get infected now - then I can see exactly what this garbage is doing - but this fix I am pretty sure will fix it from happening anymore.

Zach
05-14-2004, 02:30 PM
And I meant to post this in 3 oops - someone move it?

Boofo
05-14-2004, 02:48 PM
Moved. ;)

Zach
05-14-2004, 03:08 PM
Thanks

Zach
05-14-2004, 03:14 PM
Will explain what this is doing real quick

Since I have heard about users homepages getting changed to porn sites and such, with out them knowing it - the only way I can think of this to happen is some spyware on their system.

The spyware would have to key in on the form field with the name "homepage"

So we just change the name of that formfield to the usersname - which means that the spyware jerks are going to have to be more clever as every single user now has a differently named homepage formfield.

Then when its submitted, we just give the variable $homepage its value on top, so we dont have to mess with anything else and let the programming that works already work :) - that is what this is doing

$homepage=$$bbuserinfo[username];


So if I submitted a new profile change, my homepage variable would now be like

Zach="http://FantasySportsWire.com"


so to get $hompage = to that

we need $homepage = $Zach - but since we are not gonna hard code in a million different user names, we use $homepage = $$bbuserinfo[username] - which if I am submiitting it, is exactly the same as $homepage=$Zach

Zach
05-14-2004, 03:17 PM
Ref this for exactly what the heck I am talking about :)

http://www.vbulletin.com/forum/showthread.php?t=96331

ap0c
05-14-2004, 06:30 PM
Ref this for exactly what the heck I am talking about :)

http://www.vbulletin.com/forum/showthread.php?t=96331
thanks for the above link. I was having some trouble following what your trying to do

Zach
05-14-2004, 06:46 PM
thanks for the above link. I was having some trouble following what your trying to do


I am a sports idiot that learned how to do the Hello World demo, didnt graduate to the explain what the heck you are talking about part yet :)

But, if you want to know who to be looking at and ultimatly decide on taking at 3.6 - I can explain that fully :)

teksigns
06-29-2004, 02:54 PM
does not work .....

when i edited my profile to test and saved

then went back and homepage field was blank .....

700mb
07-02-2004, 05:09 PM
its working.....for a while......little while