Author |
Message |
07/04/2008 07:38:11
|
chimera99
Newbie
Joined: 07/04/2008 06:40:30
Messages: 3
Offline
|
My Guestbook has been defaced and spammed and I can not get past the initial Admin screen to delete entries.
My username and pass seem to work fine for log in but if I choose any option from the Admin screen, I am continually re-prompted for my username and pass again... an endless loop. My ISP says something got corrupted and they can not help me.
How and with what can I replace and retain my data.
If I migrate to the new version will this issue likely be resolved? Or will the files I am NOT overwriting still contain the problem code.
Using 2.2. New guestbook entries seem to be working fine for the spammers, but I can not edit the entires.
Thanks so much.
Chimera99
|
|
07/04/2008 18:29:25
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Go to http://www.carbonize.co.uk/AG/ and first use my password reset script and then use my exploit fix.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
08/04/2008 07:00:05
|
chimera99
Newbie
Joined: 07/04/2008 06:40:30
Messages: 3
Offline
|
Carbonize,
Thank you for the reply.
I was doing fine with your scripts direction until:
"" Could not connect to MySQL because: Access denied for user 'My_agbook1'@'boscgi0901.eigbox.net' (using password: YES) ""
I inserted 'My' for Domain ID above in error.
I have administered the MySql password from my ISP to verify the password and also changed it. Same response when try to access the reset.php file via the browser. Never got to step two...
Any further ideas?
I have disabled the GB for the time being as the attacks have escalated. Someone has my number I guess. :/
Thanks in advance
Chimera99
|
|
08/04/2008 09:13:41
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Well first thing to do is apply the exploit fix. As to the other problem the reset script uses the database information from your config file so possibly your MySQL server was down at the time.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
08/04/2008 17:52:24
|
chimera99
Newbie
Joined: 07/04/2008 06:40:30
Messages: 3
Offline
|
Cabonize,
I have re-applied the process and get the same results. Access denied through the browser.
Okay I will proceed. I WAS able at the time to 'administer' the MySQL database through the front end of my ISP, , change its passwords, etc..., so I don't know if the 'it being down' was in play.
I appreciate your following up on this.
Chimera99
|
|
|