If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
What happens with the security?  XML
Forum Index » General Discussion
Author Message
rtvmodeler
Newbie

Joined: 08/07/2004 04:40:06
Messages: 1
Offline

Hello!:


I am using the Guestbook 2.3.1. I am very dissapointed of this service because during the last three weeks I have suffered twice the attack of an stupid man who has nothing to do but bother people!. So I wonder where is the protection you offer?.
The first attack he made was written in English and even I changed my passwords and codes, he entered again with a German attack!.
I urgently need to know what can I do to protect myself. I don`t want to suffer other attacks; it is not nice!. If not, I will have to change my guestbook to another server.
Hoping to hear from you.
Thanks,
Rodolfo
becki
Newbie
[Avatar]

Joined: 09/07/2004 20:07:12
Messages: 4
Offline

hello rudolfo

i exactly understand what you mean ! having a guestbook runing which is open for intruders is a very bad thing. and the internet is full with strange guys .. believe me

anyway ... i also discovered some possible security hack with the gusetbook version 2.3.1 ! but first i have to say the code is written fine and the error doesn't seem to be in there. guestbook code is okay !

but as far as i have studied there seems to be a problem with PHP and this get_magic_quotes_gpc() function !! i already posted a bug report on http://bugs.php.net but so far no answer ... the problem isn't solved yet

my 2.3.1 version guestbooks for my customers are also OPEN for intruders ! therefore i developed a SECURITY FIX PATCH for the 2.3.1 version and posted all the stuff at my website at http://www.beckspaced.com/gb_fix/index.php

why don't you go there and have a look at that stuff

all information is written there ..hope it helps a bit to fix your guestbook :o

also wrote an email to http://proxy2.de but so far haven't received any answer, yet

however ... hope this helps !

all the best
becki
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Hassle your hosts and tell them to
1 - Update the version of PHP they use
2 - Turn on Magic_quotes

I actually started going through the guestbook code to try and make a new version with the Yahoo/MSN mods as well as my image verification as options in the admin but it's not an easy script to follow. It jumps all over the pcae as it uses objects

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » General Discussion
Go to:   
Based on the open source JForum