Hi.

I have i linkdirectory i have bought and it has been hacked. Somebody have been and put some links to serialz sites in my header. Anybody know how i can remove them. To see what i mean go to google.com and search for norlinks. Look at the cach file to the Norwegian linkdirectory link and you will see that i have several hidden links in my header. I have looked at several of the files to find the sinner, but i can't find it. Please help me before google throw me out...

Start by looking at the "Last Modified" date for all your files via FTP and see which ones were recently modified.

^ do that

but checking norlinks site now they dont show
so you bought this directory already setup?
i think google just has an old cached file of your site
meaning the previous owner had those links up

Seems clean to me...

Thank you for all the support, the links have popped up after a bought the site, and they are still there. It is important to see the cach file of google to see the links at the top. Ill check thge ftp server for last mods.

Content visible to registered users only.

Di you see the links im talking about? it is a hell of a job to look at "last modified" files because of my useless skills within computers. Isn't there i file these links should be put in?

That looks very much like User Agent cloaking which would be embedded into your rewrite ruleset. Please post your .htaccess file contents here for inspection.

Content visible to registered users only.

Hi.

This is the content of my .htaccess filein the main root

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [QSA,L]

In that case, need to see the index file contents.

<?php
/**
* Project: PHPLinkDirectory: Link exchange directory
*
* License: GNU GPL (http://www.opensource.org/licenses/gpl-license.html)
*
* This program is free software;
*
* you can redistribute it and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License,
* or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program;
* if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* For questions, help, comments, discussion, etc., please join the
* PHP Link Directory Forum http://www.phplinkdirectory.com/forum/
*
* @link http://www.phplinkdirectory.com/
* @copyright 2004-2005 NetCreated, Inc. (http://www.netcreated.com/)
* @projectManager David DuVal <david@david-duval.com>
* @author Bogdan Dumitru <dcb@insomniacsoft.com>
* @mod developers and support
* Casey Wilson / Ap0s7le <at@ap0s7le.com>
* York Kie Tan / yktan <yktan@hotmail.com>
* @package PHPLinkDirectory
* @version 2.0.0 RC5.2
**/

require_once 'init.php';
define('DIR_LPP', 20);
$sort_cols = array ( 'P' => 'PAGERANK', 'H' => 'HITS', 'A' => 'TITLE');
$sort_ord = array ( 'P' => 'DESC', 'H' => 'DESC', 'A' => 'ASC');
// Paging 1
$page = preg_match('`\d+`', $_REQUEST['p']) ? $_REQUEST['p'] : 1;
if ($page != 1)
{
$min = PAGER_LPP * $page - (PAGER_LPP);
$max = PAGER_LPP * $page;
}
else
{
$min = 0;
$max = PAGER_LPP;
}
$limit = " LIMIT {$min}," . PAGER_LPP;
// End Paging 1
if(array_key_exists($_REQUEST['s'], $sort_cols)){
$sort = $_REQUEST['s'];
}else{
$sort = DEFAULT_SORT;
}
if(!ENABLE_PAGERANK || !SHOW_PAGERANK && $sort == 'P')
$sort = 'H';
$tpl->assign('sort', $sort);
$path = array();
$path[] = array ('ID' => '0', 'TITLE' => _L(SITE_NAME), 'TITLE_URL' => DOC_ROOT, 'DESCRIPTION' => SITE_DESC);
if(FTR_ENABLE){
$feat_where = 'AND (FEATURED = 0)';
}
$expire_where = "AND (EXPIRY_DATE>=".$db->DBDate(time())." OR EXPIRY_DATE IS NULL)";
if (isset($_REQUEST['p'])){
switch($_REQUEST['p']){
case 'd':
$links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 $expire_where ORDER BY DATE_ADDED desc limit 0, ".LINKS_TOP);
$path[] = array ('ID' => '0', 'TITLE' => _L('Latest Links'), 'TITLE_URL' => '', 'DESCRIPTION' => '');
break;
case 'h':
$links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 $expire_where ORDER BY hits desc limit 0, ".LINKS_TOP);
$path[] = array ('ID' => '0', 'TITLE' => _L('Top Hits'), 'TITLE_URL' => '', 'DESCRIPTION' => '');
break;
// Paging 2
default:
$id = get_category();
if (!$tpl->is_cached('main.tpl', $id)) {
$path = get_path($id);
if(FTR_ENABLE){
$feat_links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = $id AND FEATURED=1 $expire_where ORDER BY EXPIRY_DATE DESC");
$tpl->assign('feat_links', $feat_links);
}

$count = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = $id $feat_where $expire_where ORDER BY {$sort_cols[$sort]} {$sort_ord[$sort]}");
$links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = $id $feat_where $expire_where ORDER BY {$sort_cols[$sort]} {$sort_ord[$sort]}{$limit}");
$rs = $db->Execute("SELECT * FROM {$tables['category']['name']} WHERE STATUS=2 AND PARENT_ID = $id ORDER BY TITLE");
while (!$rs->EOF) {
$row = $rs->FetchRow();
if ($id == 0 && CATS_PREVIEW > 0) {
$rs2 = $db->SelectLimit("SELECT * FROM {$tables['category']['name']} WHERE STATUS=2 AND SYMBOLIC <> 1 AND PARENT_ID = ".$row['ID']." ORDER BY HITS DESC, TITLE", CATS_PREVIEW);
$row['SUBCATS'] = $rs2->GetRows();
$rs2->Close();
}
if (ENABLE_REWRITE && empty ($row['TITLE_URL'])) {
$row['TITLE_URL'] = preg_replace('`[^\w_-]`', '_', $row['TITLE']);
$row['TITLE_URL'] = str_replace('__', '_', $row['TITLE_URL']);
}
$row['COUNT'] = $db->GetOne("SELECT COUNT(*) FROM {$tables['category']['name']} WHERE STATUS=2 AND PARENT_ID = ".$row['ID']);
$row['COUNT'] += $db->GetOne("SELECT COUNT(*) FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = ".$row['ID']);
if ($row['SYMBOLIC'] == 1) {
$row['ID'] = $row['SYMBOLIC_ID'];
$tempcat = $db->GetRow("SELECT * FROM ".$tables['category']['name']." WHERE ID = ".$db->qstr($row['SYMBOLIC_ID']));
if (empty($row['TITLE'])) {
$row['TITLE'] = $tempcat['TITLE'];
}
$row['TITLE'] = "@" . $row['TITLE'];
}
$categs[] = $row;
}
$rs->Close();
}
// $count = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = {$id}");
$links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = {$id} $feat_where $expire_where ORDER BY {$sort_cols[$sort]} {$sort_ord[$sort]}{$limit}");
$path = get_path($id);
$path[] = array ('ID' => $id, 'TITLE' => _L('Page ' . $page), 'TITLE_URL' => '', 'DESCRIPTION' => '');
break;
// End Paging 2
}
$tpl->assign('p', $_REQUEST['p']);
}elseif (isset ($_REQUEST['q'])) {
$q = $db->qstr('%'.preg_replace('`\s+`','%', $_REQUEST['q']).'%');
if(FTR_ENABLE){
$feat_links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND (URL LIKE $q OR TITLE LIKE $q OR DESCRIPTION LIKE $q) AND FEATURED=1 $expire_where ORDER BY EXPIRY_DATE DESC");
$tpl->assign('feat_links', $feat_links);
}
$links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND (URL LIKE $q OR TITLE LIKE $q OR DESCRIPTION LIKE $q) $feat_where $expire_where ORDER BY {$sort_cols[$sort]} {$sort_ord[$sort]}");
$categs = array();
$path[] = array ('ID' => '0', 'TITLE' => _L('Search Results'), 'TITLE_URL' => '', 'DESCRIPTION' => _L('Search results for: ').$_REQUEST['q']);
$tpl->assign('qu', rawurlencode($_REQUEST['q']));

} else {
$id = get_category();
if (!$tpl->is_cached('main.tpl', $id)) {
$path = get_path($id);
if(FTR_ENABLE){
$feat_links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = $id AND FEATURED=1 $expire_where ORDER BY EXPIRY_DATE DESC");
$tpl->assign('feat_links', $feat_links);
}

// Paging 3
$count = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = $id $feat_where $expire_where ORDER BY {$sort_cols[$sort]} {$sort_ord[$sort]}");
// End Paging 3
$links = $db->GetAll("SELECT * FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = $id $feat_where $expire_where ORDER BY {$sort_cols[$sort]} {$sort_ord[$sort]}{$limit}");
$rs = $db->Execute("SELECT * FROM {$tables['category']['name']} WHERE STATUS=2 AND PARENT_ID = $id ORDER BY TITLE");
while (!$rs->EOF) {
$row = $rs->FetchRow();
if ($id == 0 && CATS_PREVIEW > 0) {
$rs2 = $db->SelectLimit("SELECT * FROM {$tables['category']['name']} WHERE STATUS=2 AND SYMBOLIC <> 1 AND PARENT_ID = ".$row['ID']." ORDER BY HITS DESC, TITLE", CATS_PREVIEW);
$row['SUBCATS'] = $rs2->GetRows();
$rs2->Close();
}
if (ENABLE_REWRITE && empty ($row['TITLE_URL'])) {
$row['TITLE_URL'] = preg_replace('`[^\w_-]`', '_', $row['TITLE']);
$row['TITLE_URL'] = str_replace('__', '_', $row['TITLE_URL']);
}
$row['COUNT'] = $db->GetOne("SELECT COUNT(*) FROM {$tables['category']['name']} WHERE STATUS=2 AND PARENT_ID = ".$row['ID']);
$row['COUNT'] += $db->GetOne("SELECT COUNT(*) FROM {$tables['link']['name']} WHERE STATUS=2 AND CATEGORY_ID = ".$row['ID']);
if ($row['SYMBOLIC'] == 1) {
$row['ID'] = $row['SYMBOLIC_ID'];
$tempcat = $db->GetRow("SELECT * FROM ".$tables['category']['name']." WHERE ID = ".$db->qstr($row['SYMBOLIC_ID']));
if (empty($row['TITLE'])) {
$row['TITLE'] = $tempcat['TITLE'];
}
$row['TITLE'] = "@" . $row['TITLE'];
}
$categs[] = $row;
}

$rs->Close();
}
if ($id > 0)
$db->Execute("UPDATE {$tables['category']['name']} SET HITS=HITS+1 WHERE ID=$id");
}
// Paging 4
$tpl->assign('list_total', count($count));
// End Paging 4
$tpl->assign('category', $path[count($path) - 1]);
$tpl->assign('path', $path);
$tpl->assign('links', $links);
$tpl->assign('categs', $categs);
echo $tpl->fetch('main.tpl', $id);
?>

At first glance, I don't see anything unusual. Might be good to post your url, so we can see what you are talking about.

Hi David.

As i have explained to problem earlier in this thread i'll past in the first post.

Hi.

I have i linkdirectory i have bought and it has been hacked. Somebody have been and put some links to serialz sites in my header. Anybody know how i can remove them. To see what i mean go to google.com and search for norlinks. Look at the cach file to the Norwegian linkdirectory link and you will see that i have several hidden links in my header. I have looked at several of the files to find the sinner, but i can't find it. Please help me before google throw me out...

When you look at the site it looks ok, but in googles cache file you can see the problem.

The site is www.norlinks.com (http://www.norlinks.com)

I have looked over most of the files to see if i can find the links to delet them, but i cant find them

I understand now.
If they are not there now, I don't think there is a way to determine the previous issue.

One thing you might want to do is limit access to your templates folder files.
For example, I can view [removed]
Also, stick a blank index.html file in this folder so we can't see the contents of this:
[removed]

the problems are still there. Search for norlinks.com on google.com, click the cache link to see the site in theyr cache directory. There you will se the link at the top of the header.

Content visible to registered users only.

I didn't know that this file was open to the public

The public cannot view or write to those files, but we don't want to make it easy to find holes either.

phpLD 3.0 is much more secure, though to this date, there are still no known exploits in 2.0. ;)

A file that is writeable by anyone can be edited by anyone. So for example if your header.tpl is writeable by anyone (for example permissions are 777 or 666) I can write my own stuff from my local PC ;)

Make sure all files (even include/config.php) except the temp/ folder are not writeable.

Boby

i have tried to upload a blank index page to several directories that i feel they should be, but they do not have any affect. The files show up. If i buy the last version is this problem eliminated? and how will the new install affect my current template?

The new version is much better from a security standpoint, and those files are not viewable. You will likely have to do some html work on your template. I don't think the user Kickass is supporting the template anymore.

phpLD 3.05 comes with a pretty nice free template. You can see it running on www.sherlockdirectory.com (http://www.sherlockdirectory.com)

Hey David.

Do newstopica include a linkdirectory?

when is 1.305 coming?

I had a client that had a very similar problem to this. We did a lot of looking and finally determined that it was in fact a virus that was actually on his PC. It infected his phpld before he uploaded it to his server. After he cleaned his PC, we installed a clean copy of phpLD for him, and all was good.

Newstopica is in version 3.0.1, and allows both links and RSS.
phpLD is in version 3.0.5 and has been released for about 2 weeks now.

IM SOLD. I'll buy it now...