Guestbook - almost extremely hacked

One you are in the admin section you can use the templates page to view any file on the server. You cannot edit them though unless they have been CHMOD'd to 777.

Carbonize wrote:One you are in the admin section you can use the templates page to view any file on the server. You cannot edit them though unless they have been CHMOD'd to 777.

hmmmmm.... maybe your server is set up a little differently than mine? Once I'm inside the admin section on the templates page, pages can be edited from admin if CHMOD is 777 OR 666 - so that was why I recommended to Torsten that the files CHMOD be 644 for his pages. But at this point, we don't know whether the hacker had access to his 2.3.1 version Admin or not.... Maybe we'll find out at a later time....

I have now installed some patches för agbook 2.3.1 found on this forum.

I looked in my file manager and all files in my guestbook drawer have the chmod 644, and the files have probably had that all the time. In easy admin I cannot change the templates (getting warnings), so I downloaded some of them to my computer with my ftp program so I could patch and redesign a little.

Wonder what, if anything, the hacker can do now?

If you have been hacked CHANGE your database password.
Edit your config.inc.php with your new password.
Put a .htaccess password protection file in the admin folder.

The Hackers are Editing the Database not the Guestbook.
If you have not yet been hacked then
Put a .htaccess password protection file in the admin folder

This stops the hackers reading the config.inc.php file to get your dbs username and password.
Just Deleting the entry and turning the smileys, html and other codes of will not stop the hackers.
I know I have had my guestbook hacked 7 times. (the same guestbook)
Also notice that when you remove the hacked entry you will lose your last valid guestbook entry as the hackers just overwrite the last entry in your guestbook.

To be honest they can't usually do anything with your username and password as the MySQL server will be set up to only allow only connections from the server it is installed on. This is only a problem on shared hosting where they are on the same server.

Normally mySQL is only avalable to "localhost" but WHM/cPanel systesm seem to do funny things.
I run myself (well I lost count) but a lot of sites and most of them use the Advanced Guestbook script.
Apart from the hakers it's the best guestbook script on the net.
but locking the admin folder with a .htaccess works a treat.
I am guessing that they are using something in there to send there stupid html to the databse or using some sort of script to fool the server.

Yes cPanel is a pile of pants but I cannot see it being responsible for the recent defacements. If you have HTML enabled then they can post ANY HTML they wish. Also if you run 2.2 or updated from 2.2 to 2.3.1 but kept the 2.2. session.class.php file then they can log in as admin and when an edmin edits a post it is saved exactly as it is sent, complete with html tags.

I dont know where it comes from, but I have a .htacess file in my gb:s admin drawer. Guess I'm safe.

Thanks for the help everybody!

Goodnight!

the .htaccess file in admin folder is just to prevent the files from being viewed by a web browser. Well it's supposed to anyway.