If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
new hack?  XML
Forum Index » Support Forum
Author Message
Anonymous



My homepage which has nothing to do with my installation of 2.2 (unpatched, yeah, I suck) in a separate directory, was hacked today. I Googled the text on my hacked homepage and found another hacked site which is too similar to be of coincidence (one big difference is they didn't change the look of my GB, they just changed my homepage):

http://foliarfert.com/forum/index.php
(They are running 2.2 as well)

In my hack, two things happened:

1. my homepage (index.html in my root dir) was changed to something very similar to the link above.
2. On my guestbook, which is now patched , I get the "admin loop" problem on all 2.2 guestbooks on my domain. I have tried the suggested fixes with no luck. They seem to pertain to issues related to an upgrade which I never did.

I would really like to avoid an upgrade, as I have read that it will remove the pics posted.

Any help would be much appreciated!
ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline

I think Carbonize has recommended that you use his password reset script to help resolve this problem. I'm pretty sure that it works with either 2.2 or 2.3.1

---------------
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

The admin loop happens when you upgrade your files from Advanced Guestbook 2.2 to 2.3.1. To fix it download www.carbonize.co.uk/AG/upgrade.zip to upgrade your database tables but you will lose pictures. The alternative is to either apply the patch yourself or goto www.carbonize.co.uk/AG and download the pre patched file.

By login loop do you mean it logs you in but as soon as you click a link it logs you out?

BTW the site you mention had three hacked entries one of which took you to a fake Yahoo login screen which i have now reported.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
bigcheez
Beginner

Joined: 14/07/2004 03:25:38
Messages: 6
Offline

By login loop do you mean it logs you in but as soon as you click a link it logs you out?
Yes, this is exactly what the problem is.

The admin loop happens when you upgrade your files from Advanced Guestbook 2.2 to 2.3.1.
To my knowledge, I never upgraded. Only after the hack did I notice this problem. I guess that means he brought this on?


The alternative is to either apply the patch yourself or goto www.carbonize.co.uk/AG and download the pre patched file.
I am assuming that using this alternative (2.2 to 2.3.1 Database Upgrade Script) will also not bring the pictures in?

I think Carbonize has recommended that you use his password reset script to help resolve this problem.
I am also assuming this is incorrect.

BTW the site you mention had three hacked entries one of which took you to a fake Yahoo login screen which i have now reported.
Very cool, thanks for reporting! He goes by (and apparently answers to) the email net_devil@hackermail.com. All of his hacks are somehow updated daily on the list on this website: http://www.zone-h.org/en/defacements/filter/filter_defacer=nEt%5EDeViL/page=2/.

Thanks again for the help!

Madbeats.com
[WWW]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

bigcheez you might want to fix the mysql exploit in your guestbook. Anyone can login as admin. Ps I also reset your login and password to the defaults since the new hacker reset them.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
bigcheez
Beginner

Joined: 14/07/2004 03:25:38
Messages: 6
Offline

I updated session.class.php. I tried the sql injection and it didn't work for me. And my username and pass is not default.

How did you login as admin? And if you did, don't you get the login loop problem?

If any info is private, please email bigcheez at my web site. Thanks!
[WWW]
bigcheez
Beginner

Joined: 14/07/2004 03:25:38
Messages: 6
Offline

Ps I also reset your login and password to the defaults since the new hacker reset them.


My apoligies, I didn't see your edit on this

Madbeats.com
[WWW]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

contact me via msn or yahoo and no i didnt get the login loop. And the password reset script has nothing to do with fixing the mysql exploit.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
bigcheez
Beginner

Joined: 14/07/2004 03:25:38
Messages: 6
Offline

Sorry for my confusion here, but I did not notice a change in Login info. Were you meaning you reset my username and pass to test 123?

Any further private info, please email.

Thanks again.

Madbeats.com
[WWW]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

yes No email just fix the exploit with carbs download.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Sorry fell asleep and missed all this. You get it sorted now?

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Carbonize wrote:Sorry fell asleep and missed all this. You get it sorted now?


Yes and no. Your password reset scipt isnt working for him.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Well they have obviously patched as I canot login to http://madbeats.com/guestbook/ using the exploit. As for my password reset script it should work just fine as there is nothing complicated about it. Email me a copy of your session.class.php file from your lib folder.

You have not run my upgrade script at any point have you? As you are running 2.2 this may be the reason.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
bigcheez
Beginner

Joined: 14/07/2004 03:25:38
Messages: 6
Offline

I sent an email w/ attachment to webmaster at carbonize . co . uk.

Thanks guys!!

Madbeats.com
[WWW]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

lol thanks for the antispam method of posting my email address but my address is posted in some many places it's far to late to stop the spam. Good job I have a decent spam filter

Anyway your email has been answered.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum