If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
So called Arab hackers are all Americans  XML
Forum Index » General Discussion
Author Message
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

OK as most of you may be aware there is a major exploit in version 2.2 of the advanced guestbook. Because of this a lot of them have been defaced by people calling themselves sblack scorpion, red scorpion etc and claiming to be anti USA and the usual rubbish. Now I have been keeping a log of failed guestbook logins www.carbonize.co.uk/guestbooklogins.php and nearly every IP resolves to an American ISP apart from one which is polish. Just how stupid are these people?

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline

..extremely??

Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

I should improve the message I display upon a failed login to show their IP, what their IP resolves to and what ip2country shows for their ISP's country. Should scare the moronic idiots as none of them knows what they are doing.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline

lol, good plan.
Another way of doing it for an extreme solution is to only upload the admin stuff when you need it.

_ Auron

Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

I've hard coded my password into an actual file so even if there is a similar exploit in 2.3.1 it will never get that far. I have actually suggested that people with 2.2 rename their admin.php file to something totally different remembering to change the action="admin.php" part of the admin_enter.php template.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline

Yeah I saw that post - a very good idea - another idea is to remove the link
to the admin area from the templates because that's just stupid to start with.
I know its not as good as yours but it's simpler and stops them from even
getting to the admin panel unless they guess the URL to it.

_ Auron

Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

The url is always the guestbook directory/admin.php

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline

Carbonize wrote:The url is always the guestbook directory/admin.php


It is? I wouldn't know myself, never used it or even downloaded it.
You learn something new everyday ^^

Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline

Carbonize wrote:OK as most of you may be aware there is a major exploit in version 2.2 of the advanced guestbook. Because of this a lot of them have been defaced by people calling themselves sblack scorpion, red scorpion etc and claiming to be anti USA and the usual rubbish. Now I have been keeping a log of failed guestbook logins www.carbonize.co.uk/guestbooklogins.php and nearly every IP resolves to an American ISP apart from one which is polish. Just how stupid are these people?


Carbonize, I clicked on this link, but I have to say I don't know how to tell what is a good or bad login there. Is there any way you can share with us who the hackers are and their IPs so the rest of us don't get hacked by them. Maybe we can have a "known hackers" thread or something...?
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

All of them are bad amber222. Look at the password field part. They are trying to use the exploit.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

It would serve no purpose because even if we listed all the IP's used so far if they have a dynamically assigned IP it would not stop them. Most dial up ISP's used dynamically assigned IP's. This means that everytime you connect you get assigned a different IP. The best security is to make sure you are not exploitable.

As for the failed logins page it's format is simple and copied directly from my 404's log. First is the time of the attempt in GMT (or BST at present which is GMT+1), next is the password they tried to login with, then I have the link they came from but this is irrelevant, next is the useragent string their web browser sends out and finally is their IP.

If you really want a laugh have a look at my 404 log, http://www.carbonize.co.uk/404s.php. Starting at about 17:54 on August 2nd I had somebody trying a huge list of exploits against my site.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Your just popular is all.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline

Well, thanks, Carbonize, for your quick response. I guess I need to learn about hacking so I better understand how to defend myself. Right now I am clueless as to how or why people do this.

Thanks also for the great contributions you have made to this forum. You have helped a lot of people.

When I first saw the guestbook hacked by "Black Scorpion" I figured it was Americans in disguise. Unfortunately, there are a lot of angry people here since 911 - filled with hate. I guess some of us have forgotten that 2 wrongs don't make it right.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4291
Location: Bristol, UK
Offline

I don't think hate has anything to do with it. This will just be kids with no actual opinions of their own jumping on a bandwagon. I mean they claim to be defacing guestbooks as a show of defiance against the US and Israel and yet they deface guestbooks that are on UK sites that use the .co.uk domain. Me and JTD do on occasion do a google search to find hacked guestbooks and if possible fix them but a lot of them appear to have been abandoned by their webmasters/mistresses.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Just fixed 6 pages worth of guestbooks from google. Sheesh Why dont people take a hint and upgrade to GB 2.3.1

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
 
Forum Index » General Discussion
Go to:   
Based on the open source JForum