If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
My guestbook hacked (I know... I'm sorry)  XML
Forum Index » Advanced Guestbook Forum
Author Message
Lobster
Newbie

Joined: 25/06/2005 19:22:30
Messages: 2
Offline

The guestbook installed here:

http://duestrade.it/vale_guestbook

Has been hacked (sigh... what a shame!), so after reading
the stickies I tried to upgrade to the latest version of
Advanced Guestbook.

To avoid loosing data I created a new guestbook here

http://www.duestrade.it/guestbook

1) I uploaded the .zip with the latest Advanced Guestbook
version and unzipped it;

2) I uploaded the upgrade.zip by Carbonize in the same directory and unzipped it;

3) I modified the first 4 lines of admin/config.inc.php to have them
equals to my dear old guestbook.

4) I went with my browser (firefox) to

http://www.duestrade.it/guestbook/upgrade.php

Everything worked well but now if I go to

http://www.duestrade.it/guestbook

I see the same exploitation. It seems that Carbonize's
upgrade.zip not only restored the old data but also the
hacker's job.

If I go to

http://www.duestrade.it/guestbook/admin.php

and I enter the right user/password pair I get into the
administration page but when I click on "easy admin"
I still get the hacked page.

I really don't know what else to do. Any suggestion?

Bye,
Lobster
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

My script did not RESTORE anything. The post is still there because you never deleted it.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Also you ran the update script but you did not update your actual files. The point of the update script is to update the database ONCE you have updated your actual guestbook files.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
jimbo
Newbie

Joined: 26/06/2005 18:01:34
Messages: 1
Offline

Hi,
I was very frustrated like yourself, with unwanted comments added to the ends of peoples' proper guestbook entries.

Texas Holdem and 24-hour-money loan crap was relentessly populating my guestbook pages.

Here is my solution (I'm using 2.3.2 of Advanced Guest Book):

1.) I went to my stats package for the site I'm the webmaster for and I looked at the REFERRING URL REPORT, which shows how people access any part of the the site.
2.) I noticed http://www.MYSITENAME.com/guestbook/comment.php?gb_id=33 along with other similar ones. When I tested that link, it became clear that that's how they were doing it.
3.) I then went into ADMINISTRATION of the guestbook and I did the following:
3A: I turned ON PASSWORD PROTECTION FOR COMMENT - and put in a different PASSWORD (don't leave the password COMMENT!)
3B: I changed the maximum length of a comment/guestbook entry, from 1,500 to 150.
3C: I changed the FLOOD TIME to 180 seconds. Which I think means that someone has to wait 3 minutes in between each addition.

So far, no surprises with unwanted entries. Although, if they do it again, I will just go back to my URL SITE REFERRAL REPORT in my stat package and see what they used to access the program. (They don't go in the front door.) I had been under the delusion that it was some fancy SQL-injection trick. And it wasn't. They were simply using the program, albeit, through specific commands that I could control through ADMINISTRATION.

Doing these things, means I get to keep using the AGB 2.3.1, which I like.

I hope you get to keep using yours, too.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

jimbo you are confusing spam with defacing. Lobster's problem was that someone had accessed his admin using the SQL injection exploit and edited an existing post. Posts edited via the admin are not subject to having the HTML removed and so they can post what they like. As for your problem with spam you can try my Human Verification mod to try and stop it. It's been successful for me so far.

I'm also wondering if you are not talking about referal spam which is a different matter. Referal spam is where they make a request to your site and spoof the refer. They do this as a lot of sites and blogs show the top refers as links and so they get their links on other peoples sites.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Lobster
Newbie

Joined: 25/06/2005 19:22:30
Messages: 2
Offline

Carbonize wrote:My script did not RESTORE anything. The post is still there because you never deleted it.


I thought they could have put something in the DB, this is way
I went to the "Easy Admin" page. I wanted to remove that blasted post.

I think the problem can only be solved by removing the post.
What should I do? Should I act as a DB administrator, to search
and destroy the bad post?

By the way, could you better explain what you mean in your second
reply? For instance, can you tell me at which point I went wrong
(I put numbers to identify the actions I performed during the upgrade)?

Bye,
Lobster
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

You only ran my upgrade script but you did not do the actual upgrade of the guestbook but you have now. Give me your username and password (by email) and I will go in and delete the post for you.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
roediej
Beginner

Joined: 30/06/2005 09:28:31
Messages: 6
Offline

Carbonize wrote:You only ran my upgrade script but you did not do the actual upgrade of the guestbook but you have now. Give me your username and password (by email) and I will go in and delete the post for you.
Where is that update script??
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

www.carbonize.co.uk/update.zip but it will not let you keep your uploaded photos YET.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Advanced Guestbook Forum
Go to:   
Based on the open source JForum