Help, someone hacked into our guestbook

Hello,
I have the same problem with my guestbook where I cannot log in and there is a message in the main page that i cannot get rid of. Can anyone help me?

I am aware that I need to install the new AG and install some patches, but is there something else that needs to be done before I do this?

my guestbook: http://www.moenia.com/foro/indexno.php

Thank you!

Ok I deleted the post. You need to edit your lang/english.php file as there is a lot of space after the closing ?>. The only patch you really need to apply is http://www.carbonize.co.uk/Board/viewtopic.php?t=20

Hey Thanks!

One more thing, is there any way I can reset my password. The person that hacked in changed all my css.

Thanks again

www.carbonize.co.uk/reset.zip

Wow! That was fast! Thank you so much!

Hey,

I've tried to perform this fix for myself but I am just totally confused, I have a small site and the only scripting I've ever used is this one simple guestbook, which was recently hacked. Can someone perform the fix for me or give more detail exactly how it is fixed?

www.joshuareid.net/guestbook

I don't know where to look for the code that I have to replace..or something? Sorry to be so clueless...Thanks so much in advance, though!

-Josh

I deelted the post. You can find simple instructions on patching the exploit in my sites forum.

Carbonize,

Thanks so much for your help--It's very kind of you to take the time to help complete strangers!!

All my best,
Josh

Hi
We are using version 2.3.1 and we have HTML code disabled but in the last two days we've had about 20 spams/hacks posted on the guestbook.

I noticed that AGCodes were enabled and have now disabled these. (Will that help?)

Any other ideas about how to stop casinoa, drug sellers and the like putting up the pointless messages?

www.symidream.com/guestbook/index.php

THere are other posts on here about dealing with spam on the guestbook - run a search for those and the solutions offered.

My guestbook was hacked as well.

Here is the link to my guestbook

http://www.suite108.com/cuedup_guestbook/

I will upgrade to 2.3.1.

btw I dont recall having turned html on in the old version.

Hope you can help, thanks

Jakob
suite108

It looks like there is a lot of this going around, I have just been hijacked by these ****** too.

If somone could help me and get rid of the hijack code, it would be very much appreciated. The site is www.torbwine.com and there is a link to the guest book from there.

I get the message about not enabling html and the need to upgrade.

I also own a pet store so love animals. I have a Newfoundlander, a Golden Retriever, an obnoxious (tautology) Poodle, a Burmese, a Ragdoll and a Himalayan. Thats a full hose and i wont mention the large fish tank full of Discus.

Many thanks and cheers
Ric

TORB wrote:It looks like there is a lot of this going around, I have just been hijacked by these ****** too.

If somone could help me and get rid of the hijack code, it would be very much appreciated. The site is www.torbwine.com and there is a link to the guest book from there.

It is a basic redirect to gbytes.tk - can't you erase it by entering from the admin.php page? Or go into your MySQL tables and delete it from there.

ET,

Thanks for the quick response. The first thing I did was go into the Guest Book Admin page and delete the spam entry, that was when the script enabled and the hijacking started. As soon as I open the Easy Admin or Private Messages section, I am hijacked.

I am going to sound thick here, but where do I find the MYSQL Tables you refered to?

Many thanks
Ric

EDIT Woopie, thanks ET, I found it and fixed it using the method you suggested.

Surprised myself.

I have disabled the html code too. Now all I have to do is update the program.

TORB writes:

As soon as I open the Easy Admin or Private Messages section, I am hijacked.

Try this trick first - when you log into your admin page and click on the Easy Admin or the Private Messages - click on the "ESC" button a couple ot times - often times, this will disable the refresh feature and give you time to delete the actual entries.

If you still can't get it deleted from the admin page... you need to go into your website's control panel, find the link to your "MySQL Databases" and/or the link to phpMyAdmin - open the tables for the guestbook and browse through the data tables for the last few entries.

Word of caution, be careful not to change anything in there or delete anything that needs to be there in the tables.

Make certain to disable the HTML on your guestbook - when I visited, it said that HTML was enabled.