| Author |
Message |
![[Post New]](/forum/templates/html/images/icon_minipost_new.gif) 12/02/2005 22:22:40
|
Anonymous
|
A few weeks ago, a friend of mine died. His obituary was posted in the newspaper with a link to a GuestBook to enter condolences for the family. Doing that was a two step process. You fill out online a form with your message, that then goes electronically and automatically to the Webmaster for review -- then the webmaster lets it go on into the GuestBook and be posted.
I am using Advanced Guestbook 2.3.1 -- specifically how can I modify its software so that a new guestbook entry will first be transmitted to me -- then I let it go on into the Guestbook to be posted there if it is not spam? Wouldn't that system catch most all of the Hackers who now can immediately get to the Guestbook with a spam/trashing posting?
Does GuestBook 2.3.1 have any password (for Administrator) vulnerabilities that need to be fixed to prevent hacking?
Are we facing a losing battle such that GuestBooks cannot be made secure and sooner or later they are trashed?
|
|
|
12/02/2005 22:33:46
|
Auron
Expert
![[Avatar]](/forum/images/avatar/13803940053f323eaa510a6.jpg)
Joined: 23/06/2003 22:02:17
Messages: 1053
Offline
|
check the stickies in this forum.
|
Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought) |
|
|
12/02/2005 22:54:52
|
Carbonize
Master
![[Avatar]](/forum/images/avatar/96871336492d73e733f55.jpg)
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
2.3.1 is secure. 2.3.2 is more upto date but still in beta. Simple anti spam modification - http://proxy2.de/forum/viewtopic.php?t=4211
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/02/2005 23:06:42
|
julie
Beginner
Joined: 13/02/2005 23:04:40
Messages: 5
Offline
|
my friends guestbook has been hacked.. and its just a big black screen and then it redirects to some site.. how do i get rid of that?
|
|
|
13/02/2005 23:18:04
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Post a link to it here.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/02/2005 23:20:21
|
julie
Beginner
Joined: 13/02/2005 23:04:40
Messages: 5
Offline
|
sure thing!
http://www.fortryllelse.com/guestbook/
|
|
|
13/02/2005 23:21:21
|
julie
Beginner
Joined: 13/02/2005 23:04:40
Messages: 5
Offline
|
i know how to edit the design of it.. but thats it.. i don't know any of the tech stuff..
|
|
|
13/02/2005 23:23:47
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Fixed now you need to patch. Easiest way is goto www.carbonize.co.uk/AG and download the patched file then upload it.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/02/2005 23:25:04
|
julie
Beginner
Joined: 13/02/2005 23:04:40
Messages: 5
Offline
|
this one?
Advanced Guestbook 2.2 Login Exploit Fix
|
|
|
13/02/2005 23:25:49
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
yes.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
13/02/2005 23:26:28
|
julie
Beginner
Joined: 13/02/2005 23:04:40
Messages: 5
Offline
|
wow how did you fix it?? lol
what happens if it happens to my other clients guestbooks?
|
|
|
14/02/2005 01:18:05
|
Auron
Expert
Joined: 23/06/2003 22:02:17
Messages: 1053
Offline
|
Install the patch before it happens again is HIGHLY recommended.
|
Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought) |
|
|
14/02/2005 04:46:00
|
ET
Graduate
Joined: 21/02/2003 22:17:48
Messages: 179
Offline
|
julie wrote:wow how did you fix it?? lol
what happens if it happens to my other clients guestbooks?
Carbonize fixed it the same way it got hacked - through the exploit - As Auron points out, the sooner you patch it, the sooner the exploit is closed up. If you take the time to read through other "i've been hacked" posts on this board, you will notice that some have to get hacked 2 - 3 times before they finally figure out that the hackers will keep coming back time and time again - sometimes every few hours.
|
--------------- |
|
|
14/02/2005 06:44:19
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
It's been 6 hours and that site is still not patched.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
14/02/2005 07:23:22
|
ET
Graduate
Joined: 21/02/2003 22:17:48
Messages: 179
Offline
|
Carbonize wrote:It's been 6 hours and that site is still not patched.
ummmmmm..... guess you won't be surprised if asked to fix another attack there.... 
|
--------------- |
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login
![[Up]](/forum/templates/html/images/icon_up.gif){kind=icon}
![[Email]](/forum/templates/html/images/icon_email.gif){kind=icon}
![[WWW]](/forum/templates/html/images/icon_www.gif){kind=icon}
![[Yahoo!]](/forum/templates/html/images/icon_yim.gif){kind=icon}
![[MSN]](/forum/templates/html/images/icon_msnm.gif){kind=icon}
![[ICQ]](/forum/templates/html/images/icon_icq_add.gif){kind=icon}