PHPJunkyard support forum

Script URL:
Version of script:1.43
.....
Write your message below:

it would be a good idea if we could rename the guestbook.php to any name wanted and it would work. currently u have to search & replace (file name) inside the php file once u rename the gbook.php

if we could have just another var in settings.php for the guestbook's file name things would be much easier.

why my idea? - I had to block a range of IPs to get rid of a nasty hacker.
giving people the choice to name their guestbook file whatever they want would make tracing (hacker) much harder.


good idea?

This could be useful for some people, but from my experience any extra (optional) settings (especially option to rename files) just confuse a lot of people who are not as experienced with HTML/PHP/Web sites as others.

All it takes to rename gbook.php is to rename the file itself and a simple "Edit > Replace > Replace all" command in your text editor (even Notepad has this option). Not that hard, eh?

Klemen Stirn wrote:This could be useful for some people, but from my experience any extra (optional) settings (especially option to rename files) just confuse a lot of people who are not as experienced with HTML/PHP/Web sites as others.

if this option is confusing for people...

Klemen Stirn wrote: All it takes to rename gbook.php is to rename the file itself and a simple "Edit > Replace > Replace all" command in your text editor (even Notepad has this option). Not that hard, eh?

...then this will will be an even more difficult task for them to do

to replace all gbook.php occurences in the script with an var and placing that var in settings.php isn't hard either, right?

What I meant was giving people too many (advanced?) options seems to confuse them. I used to have a rename option for the Links manager script and you wouldn't believe how many e-mails I got because people set the new name in the settings file but didn't rename the actual file to the new name and of course it all stopped working...

The thing is you are maybe the 5th or 6th person I heard of (out of several ten thousands who downloaded the script) who wants to rename gbook.php to something else. In my scripts I try to add features which would benefit a great deal of users and keep the extra options (for less than 1% users) here on the forum. If I were to include every wish and setting the settings file could be 100kb large

I want my scripts to be useful for a large number of people and to do that I have to keep to the KISS state of mind (Keep It Simple, Stupid!) and this very much includes filtering out (unnecessary) settings.

Ok, I didn't expect I will write that much in a response Hope you get the idea!

Regards,

Klemen Stirn wrote:......

Ok, I didn't expect I will write that much in a response Hope you get the idea!

Regards,

yep, all fine with me!
however, I hope u know it's a very BIG security issue!
If a hacker knows your guestbook.php is always a guestbook.php (so to speak) a simple Goggle search will list him all Klemem Stirn guestbooks around the globe! it hardly can be more convenient for a hacker, right!?
on one hand you put all efforts into it making it spam proof, on the other hand u see no need to obfuscate the scripts by default - sounds logical?

Form mailer recognised this problem since long ago and is explicitly encouraging people to rename all script files to prevent targeted assaults.

OK, I hope I do not appear just picky but pointing you to a real security issue..however, whatever u want is fine with me

Steve

The name of the file is not a security issue, I think you are being a bit paranoid A simple Google search would really list many guestbooks, but not because of the file name, it's because of the same TEXT displayed on each guestbook. So even if you rename your gbook.php to "asfv9wztikshvfalrz.php" and have it publicly accessible via internet it can be found using Google (or other search engines).

"Formmail" is a completely different issue that was abused for sending out SPAM many times in the past and has nothing to do with GBook or the way GBook works, the reason why it is renamed is a completely different philosophy. Details about it are beyond the scope of my reply...

Klemen Stirn wrote:The name of the file is not a security issue, I think you are being a bit paranoid ....

yeah, u definitely get paranoid when having at least daily two "access denied by rule" (my IP ban) in the website's error log trying to direct access the guestbook page - your guestbook!

have a great weekend..

Well I get over 300 denied accesses to my demo GBook daily but no SPAM comming through The point is your guestbook isn't found merely because of "gbook.php" name, it is found on Google using other searches. And with the current anti-SPAM protection GBook has you have nothing to worry about.

Oh, and those aren't "hackers", those are scripts/programs that automatically try to spam guestbooks on the net.

Klemen Stirn wrote:Well I get over 300 denied accesses to my demo GBook daily but no SPAM comming through .....

ouch, looks like I am lucky then..and the spam world is testing their scripts on your personal guestbook

Klemen Stirn wrote: Oh, and those aren't "hackers", those are scripts/programs that automatically try to spam guestbooks on the net.

ok, then robotic "hackers" even those merely try to spam my website - not really a relief to know

Well it's something you need to accept and live with. There are more and more people/programs trying to SPAM everything on your website, from guestbook, forums, contact forms, ... I have over 100 IPs and IP ranges blocked from PHPJunkyard but new ones keep coming daily. And instead of blocking half of the world from my website I rather keep improving my SPAM filters when necessary and it does the job.

If I worried about everyone who wants to SPAM or abuse my website I could have gone crazy long ago

Just one more note

spaming in Australia is illegal and high fines are imposed on offenders..
in Australia this works well, we're pretty spam free.

it's time the world follows us

In the Netherlands (Holland) it is also illegal to send spam.
This is also a European Guideline which means the countrys that are part of the European Union should make laws which according to that guideline make sending spam illegal.
I don't know what the fines are for offending the law, just read about a lawsuit in which a spammer should pay 500 euro per e-mail with a maximum of 5.000.000 euro should he continue to send spam during the trials.

Greetings,
Henrie

Henrie wrote:In the Netherlands (Holland) it is also illegal to send spam.
This is also a European Guideline which means the countrys that are part of the European Union should make laws ....
Greetings,
Henrie

hello Henrie,
making it law is doing the trick!
the fines here depends on the level of spamming but do hurt even for small individuals - up to $44k a DAY!

here a link for more info:

Government:
http://www.dcita.gov.au/Article/0,,0_4- ... 08,00.html


Steve

The problem is most of the SPAM is sent from countries like Russia, North Korea, China, Morocco, Malaysia, ... (these are also the most common IPs that try to SPAM GBook, hiding behind proxies from around the world). Now I don't know if they have any laws against SPAM in these countries, but if they do their law enforcement agencies are not doing their job successfully.

Klemen Stirn wrote:The problem is most of the SPAM is sent from countries like Russia, North Korea, .....

yeah, I was waiting for this
this legislation has its tools - the ISPs are instrumented to tar/filter all international spam and trace the sources. Countries with similar spam laws like US/UK usually cooperate to nail the international offender on a court bench.

In the US a very big international spam king has been convicted an he paid bloody $millions.

Here locally, no one even thinks about spamming in Australia - national spam traffic is about zero. The ISPs here monitor and are obligued by law to reporting offenders for conviction. Sofar it's not perfect but works very well. I've got no spam in years...and we have no spam problem with those countries mentioned by you