Spyware Homepage Spam thingy

I read a few posts about url spamming and spyware screwing with members homepages -

Just threw this together - just copying my post from over at .com -


Ok this should at least screw with em and slow em down (very simple)





find

Code:

// ############################### start dst autodetect switch ###############################

in profile.php (html|php3|etc)







add this right above that line

Code:

$homepage=$$bbuserinfo[username];

Then in templates - find the modifyprofile template



find

Code:

 <td>$vbphrase[home_page_url]:<br /><input type="text" class="bginput" name="homepage" id="tb_homepage" value="$bbuserinfo[homepage]" size="50" maxlength="200" /></td>

make it this

Code:

 <td>$vbphrase[home_page_url]:<br /><input type="text" class="bginput" name="$bbuserinfo[username]" id="tb_homepage" value="$bbuserinfo[homepage]" size="50" maxlength="200" /></td>

Let me know if this works - I am not sure if it will get past init.php or not - some of my files are not very vBulletinish anymore



Also, if anyone that is getting this, do me a favor - pm me the sites, urls - I personally have not had this at all that I have noticed - which makes me wonder if the spyware garbage is keying in on either urls that have forum in it, or its looking for profile.php, or if it is just looking for formfields name hompage. (I use .html so if its looking for profile.php, it would never hit me)



Gonna go see if I can get infected now - then I can see exactly what this garbage is doing - but this fix I am pretty sure will fix it from happening anymore.

[Zach]

And I meant to post this in 3 oops - someone move it?

[Boofo]

Moved.

[Zach]

Thanks

[Zach]

Will explain what this is doing real quick

Since I have heard about users homepages getting changed to porn sites and such, with out them knowing it - the only way I can think of this to happen is some spyware on their system.

The spyware would have to key in on the form field with the name "homepage"

So we just change the name of that formfield to the usersname - which means that the spyware jerks are going to have to be more clever as every single user now has a differently named homepage formfield.

Then when its submitted, we just give the variable $homepage its value on top, so we dont have to mess with anything else and let the programming that works already work - that is what this is doing

$homepage=$$bbuserinfo[username];


So if I submitted a new profile change, my homepage variable would now be like

Zach="http://FantasySportsWire.com"


so to get $hompage = to that

we need $homepage = $Zach - but since we are not gonna hard code in a million different user names, we use $homepage = $$bbuserinfo[username] - which if I am submiitting it, is exactly the same as $homepage=$Zach

[Zach]

Ref this for exactly what the heck I am talking about

http://www.vbulletin.com/forum/showthread.php?t=96331

[ap0c]

Quote:

Originally Posted by Zach

Ref this for exactly what the heck I am talking about

http://www.vbulletin.com/forum/showthread.php?t=96331

thanks for the above link. I was having some trouble following what your trying to do

[Zach]

Quote:

Originally Posted by ap0c

thanks for the above link. I was having some trouble following what your trying to do

I am a sports idiot that learned how to do the Hello World demo, didnt graduate to the explain what the heck you are talking about part yet

But, if you want to know who to be looking at and ultimatly decide on taking at 3.6 - I can explain that fully

[teksigns]

does not work .....

when i edited my profile to test and saved

then went back and homepage field was blank .....

[700mb]

its working.....for a while......little while