My guestbook version 2.4.3 has been hacked

Is there any fix or tip to avoif this?

I've already reuploaded all files, changed username and password, but nothing changed. When try to delete entries or even see the guestbook, a black page shows up. I am trying to avoid deleting the database in the host since it means the loss of all the info. Any advise??

I've been checking other posts and applied the solutions I've found, like disabling HTML, but all remains the same.

http://www.casapatzcuaro.com.mx/gbook/

Either you had HTML enabled or they managed to login to your admin and posted

<meta http-equiv="refresh" content="0;URL=http://www.townofleaside.ca/images/">

Either login to phpMyAdmin to delete it or use a web browser like Opera or Firefox where you can disable meta refreshes while you delete it.

Finally I was able to delete de hacked post, changed username and password and all is normal again. I think they did as you say since I left the generic user and pass. Never will do so again!

Thanks!!

Hello, Carbonize

Apologies for my ignorance, but my GB was hacked the same, and trying (desperatedly) to fix.

How do I get to 'myPHPAdmin'?

Thanks!

Steve Gillespie
Memphis, Tn (USA)

phpMyAdmin is something your host usually provides if they are running cPanel. If you wish I can go into your guestbooks admin and delete the post for you.

Yes, that would be great!

Whtat do you need?

sg

Just email me the url and your login details to webmaster@carbonize.co.uk

OK, you should get an email from me, at work. Many thanks!

Steve G

Many, many thanks, Carbonize!

If I get hacked again, I will check into your Lazurus GB.

Steve G.
FedEx

You weren't hacked as such it's just that if you tell AG to allow HTML then it allows ALL HTML including nasty stuff.

so we should not have html enabled in advanced guestbook 2.4.3?

thanksalot

I had this problem, too.

(And that's how I found this forum.)

I had been thinking that I'd have to d/l (ftp) the database and open it in another non-web s/w app. and then I would be able to delete the offending record (which re-directed my page to somewhere in Russia!).

But the keywords "(disabling) meta refresh" rang a bell and then I could just delete that record using the Easy Admin function.

<Whew>

... I never got a notice of the addition of a new "comment" in the guestbook.

The point of a guestbook is to allow comments from the public.

The s/w has the anti-robot letter-code that a human has to type in, so that's cool.

I thought now, that, because I allow html, that somebody could easily put a re-direct on the page.

But now I'm wondering, "How hacked WAS my guestbook/site?"

My Guestbook has been hacked too,they changed the password for the administration.
I have access to phpmyadmin,so in which table is the password stored?
I don't want to delete it,there are a lot of entries.

It's in book_auth. 2.4.3 has a script to reset the password though. It is found inthe misc folder but I can't remember what it's called.