Scenery profile powered by punbb. Shoppinggid: how to remove annoying spam? Registry and location

21.04.2021

PunBB is a free CMS for the forum, the main difference of which is the built-in capabilities for internal SEO-optimization, which are absent even in a number of paid forum engines.

Examples of forums on PunBB can be found by entering in the search bar of Yandex or Google, queries Powered by PunBB or Forum powered by PunBB... You can download PunBB from the official site http://punbb.informer.com/, where you can also punbb extensions, themes and templates.

Installing PunBB: how to install a forum

Installing PunBB is very simple, so even an inexperienced webmaster can handle it.

Download the archive with the installation files from the official website, unpack it and upload it to your hosting.

You can use any FTP manager for this, such as FileZilla.

If you need the Russification of PunBB, download the archive with the Russian-language localization files from the official website and copy the Russian folder to the lang directory.

Open the link http: //mydomain/myforums/install.php in your browser and follow the instructions of the installer.

You need to enter in the appropriate fields the name of the database, as well as the username and password. You can find out all this data from your hoster. If you don't have a database, create one.

In the penultimate window, enter the administrator's login, password and email.

Select Russian in the forum settings.

Installation is complete. You can enter your forum using your administrator username and password.

PunBB Settings: Forum SEO Optimization

Go to the Administration item, Administration, where you can add new categories and forums, as well as configure basic settings.

For better forum ranking, go to Administration - Management - Settings and select the File-based (fancy) URL scheme. This will allow you to configure the CNC-url in PunBB, which will have a beneficial effect on further progress.

In its original form, PunBB has very little functionality that can be easily extended using plugins. Installing extensions on PunBB is very simple: you just need to copy them to the Extensions directory, and then activate them in the "Extensions" section of the admin panel.

The official PunBB extensions can be downloaded from https://github.com/punbb/extensions.

The list of official extensions is given below:

pun_admin_add_user (adding users through a special form)
pun_admin_clear_cache (clearing the forum cache) pun_admin_manage_extensions_improved (working with extensions)
pun_approval (approval of all new users and posts)
pun_attachment (attaching files to messages)
pun_bbcode (BB codes)
pun_colored_usergroups (different colors for each user group)
pun_forum_news (using topics and messages as news)
pun_jquery (jQuery lib)
pun_move_posts (moving a message from one topic to another)
pun_pm (private messages)
pun_poll (polls)
pun_stop_bots (a few questions during registration to prevent bots from appearing on the forum
pun_tags (tags)
pun_repository (fetching extensions directly from the repository)

To change the appearance of the forum, you need to download the PunBB styles and choose the one that suits you best. You can also order a style from professionals or make changes to the finished style yourself by editing the CSS files.

We are using HTML5 APIs. Always. Plupload is based on multi-runtime pollyfills for XMLHttpRequest L2, File and Image APIs. So when there "s no HTML5 available in the browser, we emulate it ourselves.

mOxie (combined code-name for pollyfills) is completely standalone and available separately.

Drag "n" Drop Files from Desktop

Files not only can be picked from browse dialog, but also can be dropped directly from the desktop. In some browsers, mostly in those based on WebKit, it is possible to drag and drop whole folders.

Notice: feature will not work in some legacy browsers.

Access Raw File Data

Since we emulate as much of HTML5 as possible, we are able (among other things) to provide access to raw file data, even in such environments that do not normally support it. One of the biggest benefits of this is that we can display the thumbnails instantly, right as you select the images in the dialog or drag & drop them from the desktop.

Shrink Images on Client-Side

In some cases you would want to upload the image only to turn it into a tiny thumbnail or avatar (like 90x90). Then why waste the bandwidth? Wouldn "t it be great if you could do it right there, on client-side, just before the actual upload? That" s exactly what we can do. This feature can be applied in a broader scope than just avatars, but that "s where it is at its best.

Upload in Chunks

Files that have to be uploaded can be small or huge - about several gigabytes in size. In such cases standard upload may fail, since browsers still cannot handle it properly. We slice the files in chunks and send them out one by one. You can then safely collect them on the server and combine into original file.

As a bonus this way you can overcome a server "s constraints on uploaded file sizes, if any.

Translated to 30+ Languages

It started with just several, and now we already have tens. In order to manage them better and avoid common mistakes and typos as much as possible, we moved our internatianalization (i18n) facilities to Transifex... If you think that translation for your language can be better or your language is not in our database at all, you are welcome to contribute. We will include the translation in all consequent releases.

Several vulnerabilities were recently found in PunBB - PHP inclusion and SQL injection.
Vulnerability allows a remote user to execute arbitrary SQL
commands in the application database. A remote authorized user can
execute arbitrary PHP script on the target system. Vulnerability exists due to insufficient processing of input data in the script
"profile.php". With the "register_globals" option enabled, the remote
user can execute arbitrary SQL commands in the database
applications. A vulnerability exists in the processing of pun_include tags. Remote user
can download and execute arbitrary PHP script on the target system.

Forum developers never cease to delight ordinary people with new versions
their products, and ordinary people, in turn, have simple server resources
scriptkiddy. Just the other day, 2 new critical bugs were discovered in
the popular punbb forum by a man named Stefan Esser.
And now I will try to explain how it all works.

First, you need to raise the rights to the administrator using sql-injection.
Open the page in the browser

http://site.ru/punbb/profile.php?id=*

save it to the screw, change the line through notepad:

Those. change url to an absolute path and add
temp = group_id = 1. You can see from the code in the profile.php file that the $ temp array is not checked:

while (list ($ key, $ input) = @each ($ form))
{
$ value = ($ input! == "")? "\" ". $ db-> escape ($ input)." \ "": "NULL";
$ temp = $ key. "=". $ value;
print " ". $ key." \ n ". $ value." \ n
";
}
$ db-> query ("UPDATE". $ db-> prefix. "users SET" .implode (",", $ temp). "WHERE
id = ". $ id) or error (" Unable to update profile ", __FILE__, __LINE__,
$ db-> error ());

Open the saved html file in the browser
and click submit, as a result, we change the value of the group_id column in the users table and become
administrator. Next, we will use the second bug
- php-injection.

This bug lies in the include / function.php file

// START SUBST -
while (preg_match (" ", $ tpl_maint, $ cur_include))
{
ob_start ();
include PUN_ROOT. $ cur_include;
$ tpl_temp = ob_get_contents ();
$ tpl_maint = str_replace ("<".$cur_include.">", $ tpl_temp, $ tpl_maint);
ob_end_clean ();
}
// END SUBST -

The script looks for a tag For loading scripts, but since in line
include PUN_ROOT. $ cur_include; there is a variable PUN_ROOT, then only local files can be connected. For
this we create a picture with a comment in
php code and upload it as an avatar. Next, we edit, for example, the description of the forum through the admin panel, i.e. add:

We open the main page of the forum and voila
- the script will include the picture and execute the code
from the comment.

Let's try to understand the question: "Shoppinggid - how to remove it?" The fact is that quite often this application clings to your computer, and you are not even aware of its existence. For the time being. However, such spam must be removed. Let's figure out what to do.

First try

What is the first thing that comes to mind when you just discover some malicious software or unfamiliar program? Delete it, of course. But how to do that?

Let's try the familiar method. To do this, you need to go to and select "Install and then in the list that opens, look for" powered by shoppinggid ". Found? Feel free to uninstall the program by right-clicking. After that, try restarting your computer and see if this application is still on your computer. No ? Launch your browser and check. And the ad, most likely, remained in its place. But then let's come back to the question: "Shoppinggid - how to remove?" the start of action is rather small, so let's see more possible scenarios.

Antivirus

So, if you are thinking about how to remove Powered by shoppinggid, then you should resort to looking for malicious files on your computer. You shouldn't do this manually - it can be difficult to find such files, and it's almost impossible on your own. After all, a virus is called a "disease" for that - it invisibly infects "healthy" files and folders, is encrypted and hidden. Therefore, as soon as you suspect that spam or a Trojan horse is running on your PC, turn on your antivirus program and check your computer.

It is best to use DR.Web antivirus. It is the most effective program to help you detect even the most tricky viruses. Start scanning your computer, and then wait for the process to complete. If you see the words "powered by shoppinggid" or something like that in the viruses, you should know that the antivirus coped with the task and found your spam. Now all that remains is to cure the computer and reboot. After that, check the operation of the browser and the computer as a whole. Happened? Good. No? Then let's see where else shoppinggid can "register", how to remove this spam from your computer and whether its presence can lead to bad consequences.

Shortcuts

The program was removed, the computer was cured, and you still get bored with ads? This means that not everywhere and not everything is deleted. Conclusion - you need to look better. Since the antivirus program turned out to be powerless, you will have to thoroughly study the device of your operating system, and then proceed to independent actions.

You won't have to search long. It is enough to look into your browser. More precisely, in the settings of its shortcut. What for? If you right-click on it and then select "Properties", you can work with the place where spam is registered. Pay attention to the "Object" field. If you see "powered by shoppinggid" or something like that - quickly erase this inscription. The point is that even if your computer is crystal clear, our today's type of spam will be tightly written into a shortcut. Each time you start it, it will "crawl out", and when you close the browser, it will hide again. So the question is "How to remove Shoppinggid?" stays open unless you clear the properties of the browser shortcut. Now just confirm your actions. Reboot. Are advertising still showing up? Hence, it is necessary to look more carefully. Let's see where else this virus might be hiding.

Registry and location

Well, let's take a closer look, maybe we missed our spam? In fact, yes. It is possible that it is already tightly registered in your operating system. So you have to look into the registry and the location where your browser is installed. Let's start with the second point.

First of all, go to the properties of the shortcut of the program being launched to access the Internet. Now take a closer look at the opened window. There will be a "File Location" button. Click on it. A window will pop up in front of you, in which the browser files will be displayed. Look for a document with a bat extension. Open it with a notepad and see if there are extraneous inscriptions in it. If you wondered "How to remove Powered by shoppinggid from computer?" - then the search words must be present there. Delete them and then save the file. Try starting your browser again. Useless? Then you need to go to the registry.

Press Win + R, then in the line that appears, type regedit and click "Run". A window will open in front of you. Go to edit click on search. Now it remains to set the parameter for the implementation of the process. Hammer in "powered by shoppinggid". Wait while the computer checks for similarities. If nothing is found, then you need to think about how to proceed further. Otherwise, delete any data that appears.

We put it again

But what if all the previous methods have already been done, and the spam has not gone away? The answer to the question "Shoppinggid pops up - how to remove ads?" not found yet. There are still a few options left. Let's start with the most obvious.

You have to donate the data saved in the browser, that is, delete it completely from the system, and then reinstall it. Before that, you will need to erase all files that the program creates, passwords, links, bookmarks and logins. Clean up the computer's registry from temporarily created files. When the system does not have the slightest trace of the browser, just reinstall it. Run it and see what happens. Advertising hasn't gone away? Then let's try another method that often helps many users.

Supplements

So, what can you do if nothing helps you in the fight against annoying Shoppinggid ads? How do I remove it? If you can't get rid of it, you will have to block.

Go to your browser. After that, go to the settings. There you should find "Add-ons" or "Applications". All that remains is to download and install the so-called AdBlock blocker program. This is a free add-on to help you fight pop-up ads. After you install it, restart your browser. Now you can work in peace.