|
Spyware Homepage Spam thingy
I read a few posts about url spamming and spyware screwing with members homepages -
Just threw this together - just copying my post from over at .com - Ok this should at least screw with em and slow em down (very simple) find Code:
// ############################### start dst autodetect switch ###############################in profile.php (html|php3|etc) add this right above that line Code:
Then in templates - find the modifyprofile template find Code:
<td>$vbphrase[home_page_url]:<br /><input type="text" class="bginput" name="homepage" id="tb_homepage" value="$bbuserinfo[homepage]" size="50" maxlength="200" /></td>make it this Code:
<td>$vbphrase[home_page_url]:<br /><input type="text" class="bginput" name="$bbuserinfo[username]" id="tb_homepage" value="$bbuserinfo[homepage]" size="50" maxlength="200" /></td>Let me know if this works - I am not sure if it will get past init.php or not - some of my files are not very vBulletinish anymore Also, if anyone that is getting this, do me a favor - pm me the sites, urls - I personally have not had this at all that I have noticed - which makes me wonder if the spyware garbage is keying in on either urls that have forum in it, or its looking for profile.php, or if it is just looking for formfields name hompage. (I use .html so if its looking for profile.php, it would never hit me) Gonna go see if I can get infected now - then I can see exactly what this garbage is doing - but this fix I am pretty sure will fix it from happening anymore. |
And I meant to post this in 3 oops - someone move it?
|
Moved. ;)
|
Thanks
|
Will explain what this is doing real quick
Since I have heard about users homepages getting changed to porn sites and such, with out them knowing it - the only way I can think of this to happen is some spyware on their system. The spyware would have to key in on the form field with the name "homepage" So we just change the name of that formfield to the usersname - which means that the spyware jerks are going to have to be more clever as every single user now has a differently named homepage formfield. Then when its submitted, we just give the variable $homepage its value on top, so we dont have to mess with anything else and let the programming that works already work :) - that is what this is doing $homepage=$$bbuserinfo[username]; So if I submitted a new profile change, my homepage variable would now be like Zach="http://FantasySportsWire.com" so to get $hompage = to that we need $homepage = $Zach - but since we are not gonna hard code in a million different user names, we use $homepage = $$bbuserinfo[username] - which if I am submiitting it, is exactly the same as $homepage=$Zach |
Ref this for exactly what the heck I am talking about :)
http://www.vbulletin.com/forum/showthread.php?t=96331 |
Quote:
|
Quote:
I am a sports idiot that learned how to do the Hello World demo, didnt graduate to the explain what the heck you are talking about part yet :) But, if you want to know who to be looking at and ultimatly decide on taking at 3.6 - I can explain that fully :) |
does not work .....
when i edited my profile to test and saved then went back and homepage field was blank ..... |
its working.....for a while......little while
|
| All times are GMT. The time now is 01:42 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|