Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

PHP Intrusion Detection System for osCommerce


celextel

Recommended Posts

  • 3 weeks later...

There is a hack to the PHPIDS

 

A hacker has written a script directly to hit this add-on.

 

Here is the story...

The PHPIDS sends me a mail about any attempt to hack the site. Today I received this:

The following attack has been detected by PHPIDS

IP: 78.177.107.5 
Date: 2011-01-15T21:29:58+00:00 
Impact: 138 
Affected tags: xss csrf id rfe lfi sqli 
Affected parameters: REQUEST.file_contents=%3CHTML%3E+%0D%0A%3CHEAD%3E+%0D%0A+++%3CTITLE%3EHacked+By+SaMuRa%21%3C%2FTITLE%3E+%0D%0A+%3Ccenter%3E%3Cimg+src%3Dhttp%3A%2F%2Fwww.turkhackteam.net%2Fimages%2Fthtson.jpg%3E+%0D%0A+%3Cstyle%3E+%0D%0A%23legend%7Bwidth%3A+100%25%3B+position%3A+fixed%3B+background-color%3A222%3B+bottom%3A+0%3B+font-size%3A+13px%3B+left%3A+0%3B+border-top%3A%0D%0A1px+solid+white%3B+height%3A+20px%3B+padding%3A+5px%3Bcolor%3A%23gold%3Bfont-family%3Aarial%3B%7D%0D%0Aa%7Bcolor%3Awgite%3Btext-decoration%3Anone%3B%7D%0D%0Aa%3Ahover%7Bcolor%3A%23ccc%3B%7D%0D%0A%3C%2Fstyle%3E+%0D%0A+++%3Cdiv+id%3D%27legend%27%3E%3Ccenter%3E%3Cb%3ESaMuRa%21+-+Egoist+Group+-+TurkHackTeam.OrG%2FNet%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fdiv%3E+%0D%0A%3CBODY+TEXT%3D%22%239C9C9C%22+BGCOLOR%3D%22%23000000%22+LINK%3D%22%238B51FF%22+ALINK%3D%22%23FFF8FF%22%0D%0A+%3Cbody+bgcolor%3D%22%23000000%22%3E+%0D%0A++++++%3C%2Fspan%3E%3Cfont+color%3D%22White%22+size%3D%225%22%3E+%3C%2Fspan%3E%3Cfont+%0D%0A
%3E%3CFONT+FACE%3D%22tahoma%22+color%3D%22%23999999%22%3E++++%0D%0A%3Ccenter%3E%3Cbr%3E%3C%2Fspan%3E%3Cspan+style%3D%22font-weight%3Abold%3B+text-shadow%3Awhite+0px+0px+8px%3B+color%3Awhite%22%3E%3Cfont+color%3Dred%3EHacked+By+SaMuRa%21+-+Black-Box+-+Dejavue+-+CaLLouS%3Cbr%3E%3C%2Ffont%3E%3C%2Fspan+%0D%0A%3E%0D%0A%3CP%3E%3CTABLE+BORDER%3D0+WIDTH%3D%22100%25%22+HEIGHT%3D%22100%25%22%3E+%0D%0A+%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22red%22+size%3D%222%22%3E%3Cb%3E%22+Biz+eskimeyenlerdeniz%2C+Hayatta+oldugumuz+surece+her+donem+bizim+donemimiz%21+%22%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3E%3Cb%3E%3C+www.facebook.com%2Fhackingplatform+%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3E%3Cb%3E-------------------------------------------+%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3
E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A++++++++%3C%2Fb%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Fp%3E+%0D%0A%3Cbr%3E%3C%2Fspan%3E%3Cfont+color%3D%22white%22+size%3D%222%22%3C%2Ffont%3E%3Cbr%3E+, POST.file_contents=%3CHTML%3E+%0D%0A%3CHEAD%3E+%0D%0A+++%3CTITLE%3EHacked+By+SaMuRa%21%3C%2FTITLE%3E+%0D%0A+%3Ccenter%3E%3Cimg+src%3Dhttp%3A%2F%2Fwww.turkhackteam.net%2Fimages%2Fthtson.jpg%3E+%0D%0A+%3Cstyle%3E+%0D%0A%23legend%7Bwidth%3A+100%25%3B+position%3A+fixed%3B+background-color%3A222%3B+bottom%3A+0%3B+font-size%3A+13px%3B+left%3A+0%3B+border-top%3A%0D%0A1px+solid+white%3B+height%3A+20px%3B+padding%3A+5px%3Bcolor%3A%23gold%3Bfont-family%3Aarial%3B%7D%0D%0Aa%7Bcolor%3Awgite%3Btext-decoration%3Anone%3B%7D%0D%0Aa%3Ahover%7Bcolor%3A%23ccc%3B%7D%0D%0A%3C%2Fstyle%3E+%0D%0A+++%3Cdiv+id%3D%5C%27legend%5C%27%3E%3Ccenter%3E%3Cb%3ESaMuRa%21+-+Egoist+Group+-+TurkHackTeam.OrG%2FNet%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fdiv%3E+%0D%0A%3CBODY+TEXT%3D%5C%22%239C9C9C%
5C%22+BGCOLOR%3D%5C%22%23000000%5C%22+LINK%3D%5C%22%238B51FF%5C%22+ALINK%3D%5C%22%23FFF8FF%5C%22%0D%0A+%3Cbody+bgcolor%3D%5C%22%23000000%5C%22%3E+%0D%0A++++++%3C%2Fspan%3E%3Cfont+color%3D%5C%22White%5C%22+size%3D%5C%225%5C%22%3E+%3C%2Fspan%3E%3Cfont+%0D%0A%3E%3CFONT+FACE%3D%5C%22tahoma%5C%22+color%3D%5C%22%23999999%5C%22%3E++++%0D%0A%3Ccenter%3E%3Cbr%3E%3C%2Fspan%3E%3Cspan+style%3D%5C%22font-weight%3Abold%3B+text-shadow%3Awhite+0px+0px+8px%3B+color%3Awhite%5C%22%3E%3Cfont+color%3Dred%3EHacked+By+SaMuRa%21+-+Black-Box+-+Dejavue+-+CaLLouS%3Cbr%3E%3C%2Ffont%3E%3C%2Fspan+%0D%0A%3E%0D%0A%3CP%3E%3CTABLE+BORDER%3D0+WIDTH%3D%5C%22100%25%5C%22+HEIGHT%3D%5C%22100%25%5C%22%3E+%0D%0A+%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22red%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E%5C%22+Biz+eskimeyenlerdeniz%2C+Hayatta+oldugumuz+surece+her+donem+bizim+donemimiz%21+%5C%22%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A%3Cbr%3E%0D%0A%3Cbr%3E%0D%0A%3Cbr%3
E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E%3C+www.facebook.com%2Fhackingplatform+%3E%0D%0A%3Ccenter%3E%3Cb%3E%3Cb%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3E%3Cb%3E-------------------------------------------+%0D%0A+%3C%2Fb%3E%3C%2Ffont%3E%3C%2Fb%3E%3C%2Fb%3E%3C%2Fcenter%3E%3Cb%3E%3Cb%3E%3Cb%3E+%0D%0A++++++++%3C%2Fb%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Ffont%3E%3C%2Fp%3E+%0D%0A%3Cbr%3E%3C%2Fspan%3E%3Cfont+color%3D%5C%22white%5C%22+size%3D%5C%222%5C%22%3C%2Ffont%3E%3Cbr%3E+, 
Request URI: %2Fproduct_info.php%2Fadmin%2Ffile_manager.php%2Flogin.php%3Faction%3Dsave

 

I receive a lot of those mails. This is however a bit different, so I decided to take a look at it.

I started the Admin, and would see the PHPIDS Log.

Now something happened. The code that this hacker wrote, started to execute in my Admin !!!

So there is no execution-filter in viewing the Log. The hacker has used this exploit in the PHPIDS !!!!.

 

I have checked all my files, nothing has changed. This was a mild hack, it only displayed a message in my Admin.

 

Regards, Stig

Link to comment
Share on other sites

I've looked through this post and didn't find anything that related to our problem. We installed this mod two weeks ago on OS 2.2 and since that time, we have received a DELUGE of emails. No error codes, so I'm assuming the mod is installed correctly.

 

Here is a sample email.

The following attack has been detected by PHPIDS

 

IP: 74.179.238.17

Date: 2011-01-13T17:28:13-06:00

Impact: 14

Affected tags: xss csrf id rfe lfi

Affected parameters:

COOKIE.__gutp=entrystamp%3D1294961008%7Csid%3D744d342d840d08c84bd807750173d6

7f%7Cstamp%3D1294961281%7Creferrer%3Dhttp%3A%2F%2Finfo.bellperformance.com%2

Fx-tra-lube-oil-treatment%2F%7Contime%3D246,

Request URI: /index.php?cPath=23_28

Origin: 174.121.10.217

 

or this one.

 

The following attack has been detected by PHPIDS

 

IP: 208.87.234.180 (71.43.111.162)

Date: 2011-01-14T09:42:24-06:00

Impact: 14

Affected tags: xss csrf rfe dos

Affected parameters:

COOKIE.__gutp=entrystamp%3D1294949465%7Csid%3D61d87f99248116c748031e0728a30d

09%7Cstamp%3D1294949775%7Contime%3D99,

Request URI: /specials.php

Origin: 174.121.10.217

 

 

They just keep coming! Are these hacks? Honestly, I didn't expect that many. Or is there something else going on?

 

Thank you SO MUCH

Thank you in advance,

Michelle

Link to comment
Share on other sites

I've looked through this post and didn't find anything that related to our problem. We installed this mod two weeks ago on OS 2.2 and since that time, we have received a DELUGE of emails. No error codes, so I'm assuming the mod is installed correctly.

 

Here is a sample email.

The following attack has been detected by PHPIDS

 

IP: 74.179.238.17

Date: 2011-01-13T17:28:13-06:00

Impact: 14

Affected tags: xss csrf id rfe lfi

Affected parameters:

COOKIE.__gutp=entrystamp%3D1294961008%7Csid%3D744d342d840d08c84bd807750173d6

7f%7Cstamp%3D1294961281%7Creferrer%3Dhttp%3A%2F%2Finfo.bellperformance.com%2

Fx-tra-lube-oil-treatment%2F%7Contime%3D246,

Request URI: /index.php?cPath=23_28

Origin: 174.121.10.217

 

or this one.

 

The following attack has been detected by PHPIDS

 

IP: 208.87.234.180 (71.43.111.162)

Date: 2011-01-14T09:42:24-06:00

Impact: 14

Affected tags: xss csrf rfe dos

Affected parameters:

COOKIE.__gutp=entrystamp%3D1294949465%7Csid%3D61d87f99248116c748031e0728a30d

09%7Cstamp%3D1294949775%7Contime%3D99,

Request URI: /specials.php

Origin: 174.121.10.217

 

 

They just keep coming! Are these hacks? Honestly, I didn't expect that many. Or is there something else going on?

 

Thank you SO MUCH

 

These are not hacks. It seems to be generated by a module for tracking the referrer in your website. You could include these values [COOKIE.__gutp and so on] under exclusions in PHPIDS admin.

Link to comment
Share on other sites

  • 4 weeks later...

I was looking for the PHP IDS website at "http://php-ids.org/"

 

Got this message auf Deutsch:

 

Dieser Server ist nicht mehr in Betrieb.

Bitte teilen Sie dem Betreiber mit, dass er seinen DNS auf die neue IP 46.4.40.248 umstellt.

 

schokokeks.org

 

A little googling came up with the revised site it seems.

 

"http://phpids.org/" I hope that's a valid site.

Edited by altoid

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

I was looking for the PHP IDS website at "http://php-ids.org/"

 

Got this message auf Deutsch:

 

Dieser Server ist nicht mehr in Betrieb.

Bitte teilen Sie dem Betreiber mit, dass er seinen DNS auf die neue IP 46.4.40.248 umstellt.

 

schokokeks.org

 

A little googling came up with the revised site it seems.

 

"http://phpids.org/" I hope that's a valid site.

 

URL seems to have changed.

 

You could do the download of PHPIDS 0.6.5 (ZIP) at the following URL:

http://phpids.org/downloads/

Link to comment
Share on other sites

URL seems to have changed.

 

You could do the download of PHPIDS 0.6.5 (ZIP) at the following URL:

http://phpids.org/downloads/

 

I will check that out. It looks like they still need to update some links on their new site. Some links there take you to the inactive URL.

 

Thanks

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

  • 2 weeks later...

I will check that out. It looks like they still need to update some links on their new site. Some links there take you to the inactive URL.

 

Thanks

 

Hello, I downloaded and installed the latest version of PHPIDS 0.6.5. In the testing mode test 1 works as it should, showing the result at the tope but test 2 resulted in "http 406 not acceptable" error and not showing the results at the top.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

Hello, I downloaded and installed the latest version of PHPIDS 0.6.5. In the testing mode test 1 works as it should, showing the result at the tope but test 2 resulted in "http 406 not acceptable" error and not showing the results at the top.

 

Please refer to first page of this thread in regard to this.

Link to comment
Share on other sites

Please refer to first page of this thread in regard to this.

 

Thank you for the reference. I believe that means my hosts server is capturing this input and generating the 406 error page. Which, on the face of it, is a layer of protection I might want unless there are other factors involved.

Anyway, thanks again I do appreciate the help.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

Thank you for the reference. I believe that means my hosts server is capturing this input and generating the 406 error page. Which, on the face of it, is a layer of protection I might want unless there are other factors involved.

Anyway, thanks again I do appreciate the help.

 

It should show the test result even for 406. Please create a support request with your host in regard to this.

Link to comment
Share on other sites

It should show the test result even for 406. Please create a support request with your host in regard to this.

 

I will do that and post back here what the outcome is. Thanks for the follow up.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

First of all, thanks for this great contribution - it's scary to see the number of times a website is attacked per day!

 

It mostly seems to be working fine, just a couple of issues -

 

1. The auto-ban function doesn't seem to work. I have the config settings as follows -

 

PHPIDS Module 	true 	 
IP Ban Module 	true
Show Intrusion Result 	false 
E-mail Log Impact Score 	8 
DB Log Impact Score 	4 
IP Ban Impact Score 	15

 

However, despite attack impacts in excess of 38, none of the hacker's IPs have been automatically banned. I've added a "ban all" option to the log page to save doing them all individually, but obviously I'd rather the site did it automatically, as frequently the same IP will make several attempts and I'd prefer them blocked in the first instance. Has anyone else experienced this problem?

 

 

2. Frequently the IP address recorded is 127.0.0.1, which is no use to block obviously. However, sometimes the email report I get does log the actual IP address alongside the localhost address, for example -

 

IP: 87.111.138.205 (127.0.0.1) 
Date: 2011-03-01T14:42:58+00:00 
Impact: 38 
Affected tags: xss csrf id rfe sqli lfi 
Affected parameters: REQUEST.asc=eval%28base64_decode%28%5C%27ZXJyb3JfcmVwb3J0aW5nKDApO3NldF90aW1lX2xpbWl0KDApOw0KJH...etc etc (shortened for your viewing pleasure!)
Request URI: /index.php 
Origin: 92.48.117.50

 

But when I check the log, it's been recorded just as 127.0.0.1... if the email message sent to me can log the real IP address, can the script be modified to pick this up and write it to the log?

 

 

Just a couple of issues, but aside from that, this is great work and I'm very grateful!

Link to comment
Share on other sites

First of all, thanks for this great contribution - it's scary to see the number of times a website is attacked per day!

 

It mostly seems to be working fine, just a couple of issues -

 

1. Please refer to page 9 of this thread. We have mentioned as follows:

Changing the code in banned.php

$ip_2ban_address = $_SERVER['REMOTE_ADDR'];

to

$ip_2ban_address = tep_get_ip_address();

would be a better option. Most of the IPs should get banned automatically. We should not have this problem.

 

2. We have not done any code changes to PHPIDS core module. Please make a request in regard to this in that forum.

Edited by celextel
Link to comment
Share on other sites

Changing the code in banned.php

$ip_2ban_address = $_SERVER['REMOTE_ADDR'];

to

$ip_2ban_address = tep_get_ip_address();

would be a better option. Most of the IPs should get banned automatically. We should not have this problem.

 

 

 

Actually, it was the opposite which fixed it! The code was already using tep_get_ip_address, changing it to $_SERVER['REMOTE_ADDR'] did the trick - IPs are now automatically banned, thankyou!

Link to comment
Share on other sites

Actually, it was the opposite which fixed it! The code was already using tep_get_ip_address, changing it to $_SERVER['REMOTE_ADDR'] did the trick - IPs are now automatically banned, thankyou!

 

You are correct. It should be:

change

$ip_2ban_address = tep_get_ip_address();

to

$ip_2ban_address = $_SERVER['REMOTE_ADDR'];

Edited by celextel
Link to comment
Share on other sites

It should show the test result even for 406. Please create a support request with your host in regard to this.

 

This is a follow up to the 406 issue. I contacted my host support and didn't get much resolved. They said:

 

Ok Steve, I did check with Tier 2, unfortunately, since this addon isn't our product, we can't be sure what is stopping this certain function from working. If you could check back with the developer and show him that phpinfo page I shared with you earlier, he might have a better idea for what on our server is preventing this certain aspect of the addon from working.

 

Celextel, I am content to let this go as is and not dwell on the issue anymore. If a 406 is thrown for such attempts, then the intruder can't even make to my site with such parameters in the url. I would say that's a positive thing in it's own right.

 

I thank you for the great support for this add on.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

  • 2 weeks later...

Just a note to anyone who may follow this forum.

 

Last night there was an attempt on my site involving base64 coding that PHPIDS flagged out.

 

Affected parameters: REQUEST.author_name=%5Bphp%5Deval%28base64_decode%28%

....and then the base64 string, not included here.....

Request URI: /links.php/contact.php

 

The impact score was 74

 

This was the first such attempt on this site that I am aware of, so I ran Site Monitor and WinGrep just to be sure. All is OK.

I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.

I remember what it was like when I first started with osC. It can be overwhelming.

However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.

There are several good pros here on osCommerce. Look around, you'll figure out who they are.

Link to comment
Share on other sites

  • 7 months later...

NEW!!

 

PHPIDS for osCommerce 1.7

 

for osCommerce Online Merchant v2.3.1

 

1. admin/phpids_report.php, admin/banned_ip.php and banned.php files modified [for osCommerce Online Merchant v2.3.1 only]. Do not update these 3 files if you are using osCommerce Online Merchant v2.2.

 

2. Added one more column to the PHPIDS table. Run the installer file to add this column.

 

3. PHPIDS 0.7 is ready.

Link to comment
Share on other sites

Hi,

 

Just installed PHPIDS on 2.3.1 and can't seem to get it to work. As soon as I turn it on through the admin control panel my website front page just won't load. :(

 

I've followed the steps exactly as they are in the install guide, my "phpids" file was uploaded to website.com/includes/phpids without the catalog part. Could that be causing the problem? Otherwise I did everything as it said. Any help would be appreciated, cheers.

Link to comment
Share on other sites

  • 2 weeks later...

is there any way of having this send out emails to an alternate email address and not the owner of the store i.e. the store developer instead

 

and excuse me if i have missed the answer already

If it don't fit - Get a bigger hammer

Link to comment
Share on other sites

Hi all,

 

I've just installed this contribution and I've checked the installation twice, so that I've made no errors. But I still have a problem. Before entering the test URL's I set the following settings.

 

PHPIDS Module : true

IP Ban Module : true

Show Intrusion Result : true

E-mail Log Impact Score : 8

DB Log Impact Score : 4

IP Ban Impact Score : 70

 

 

After entering the test URL's nothing happens. No message at the top of the page, no entries into the database and no emails received. Also nothing is written into the log file (which has chmod 777). When I enter an IP address manually into de banned IP's (via tools) the blocking work as it should.

 

Can anyone help me out here?

 

Kind regards

Rene Guicherit (aka guicher)

Edited by guicher
Link to comment
Share on other sites

Hi all,

 

I've just installed this contribution and I've checked the installation twice, so that I've made no errors. But I still have a problem. Before entering the test URL's I set the following settings.

 

PHPIDS Module : true

IP Ban Module : true

Show Intrusion Result : true

E-mail Log Impact Score : 8

DB Log Impact Score : 4

IP Ban Impact Score : 70

 

 

After entering the test URL's nothing happens. No message at the top of the page, no entries into the database and no emails received. Also nothing is written into the log file (which has chmod 777). When I enter an IP address manually into de banned IP's (via tools) the blocking work as it should.

 

Can anyone help me out here?

 

Kind regards

Rene Guicherit (aka guicher)

 

Just tested the website with Kyplex security scan. And know what! All kinds of intrusions are detected and reported. So I think it's working. Only the test URL's which came with the installation manual don't work?

 

Kind regards

guicher

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...