Author |
Message |
23/04/2004 13:15:52
|
Anonymous
|
Dear All,
Today the guestbook (version 2.2) on a very popular site in NL ha sbeen kind of hacked.
Someone was able to remove the top of the page (the logo part) and include a racial text...!
Several people have been on the phone!
We have removed it but want to make sure this NEVER happens again...
Thanks! (perhaps a chmod on a file?)
I'll wait here for your answer...
Thanks
|
|
23/04/2004 13:29:11
|
Anonymous
|
Check the logfiles in your server and see how they got in.
Maybe the server has a leak.
You could also upgrade to version 2.3.1
|
|
23/04/2004 13:31:41
|
Anonymous
|
Thanks for the fast reply!
We're currently checking the server logs. The file has probably been uploaded together with a comment. Not a server leak...a script leak.
I can't find the release notes of the latest version. What garuantees does this new version has?
Thanks!
|
|
23/04/2004 13:54:04
|
Anonymous
|
It gives some new features, fixes some bugs.
I don't know wich bugs, but it might be better then the version you now use.
version 2.3.0 had a bug in the admin section and 2.3.1 fixed that.
But it sounds if version 2.2 has a SQL Injection Exploit bug, this is common to bad coding in php scripts.
Do you have a link to your guestbook?
|
|
23/04/2004 14:00:33
|
Anonymous
|
Yep,
try this : http://gastenboek.leidapieters.nl/
Thanks!
|
|
23/04/2004 14:07:09
|
Jam'n
Graduate
Joined: 07/01/2003 17:31:39
Messages: 166
Location: Netherlands
Offline
|
I found out that Advanced Guestbook 2.2 appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting a special password string leaving the username entry blank:
So I suggest you upgrade to the latest version.
|
Jam'n
------------------------------------------------
Only the man who's truly educated
understands that he knows very little...
------------------------------------------------ |
|
23/04/2004 15:24:22
|
Anonymous
|
Thanks! I'll let them know....
|
|
24/04/2004 15:08:08
|
Anonymous
|
We also had the same hack problem at the same day...
It was in the guestbook of our dutch Atlantikwall Museum website. Also a racial text in the header and the language was put to Polish together with some other strange adjustments...
Is it possible this was a hack only against the advanced guestbook? And how did the hacker now were to find the guestbooks?
My biggest problem is now after I fixed al the changes (and everything was working like it should) I logged out of the admin.php and the whole guestbook doesn't seem to work anymore....
Are there more people with the same problem? and just to be shure, can I save al the messages that were submitted when it worked?
If you want to see that it doens't work go here http://www.atlantikwall-museum.nl/gastenboek/admin.php or /index2.php or /addentry.php
|
|
24/04/2004 15:10:56
|
Anonymous
|
By the way... The files I named are still intact when i open them with ftp acces... The source is almost blank when opened in Explorer.
I really hope someone can help, the guestbook is a important page on our website.
thank you!
Peter
|
|
24/04/2004 15:16:18
|
Anonymous
|
Uhm i now see we also use the 2.2 version... How do i upgrade to the new version? Overwrite? And will all the old submitted messages kept safe?
As you can see I have a lot of questions
I just don't understand why someone would hack the guestbook of a respectfull museum...
Hoping for a reply and thanks!
Peter
|
|
24/04/2004 17:37:53
|
Jam'n
Graduate
Joined: 07/01/2003 17:31:39
Messages: 166
Location: Netherlands
Offline
|
Hi Peter,
All your mesagges will be spared only the layout of the guestbook will be back to default.
You will have to use PHPMYADMIN or something similar. Phpmyadmin is what most web server hosts use for their clients to access the database.
Replace all files (with the original guestbook 2.3.1) and update your database with the SQL file.
|
Jam'n
------------------------------------------------
Only the man who's truly educated
understands that he knows very little...
------------------------------------------------ |
|
24/04/2004 19:28:03
|
Anonymous
|
Hey Jam'n,
Thanks for the quick reaction!
Still one problem. I get the following error when trying to updat the SQL
Error
SQL-query :
CREATE DATABASE /*!32312 IF NOT EXISTS*/gb22
MySQL said:
#1044 - Access denied for user: 'atlantik@localhost' to database 'gb22'
I've never done this before so maybe i am doing something wrong... I accessed the server using phpmyadmin, chose the database for the guestbook, clicked on SQL, located the SQL file (guestbook.sql) and clicked GO... I also tried to put in the code manually but that came out with the same error..
I hope you can come up with the sulution!
Thanks,
Peter
|
|
24/04/2004 19:38:52
|
Anonymous
|
One more thing...
Ive also tried the code you placed for me, and the update code, but the book still didn't work
|
|
24/04/2004 20:54:17
|
Jam'n
Graduate
Joined: 07/01/2003 17:31:39
Messages: 166
Location: Netherlands
Offline
|
Are you sure your authorized to make such changes>
Access denied for user: 'atlantik@localhost' to database 'gb22'
|
Jam'n
------------------------------------------------
Only the man who's truly educated
understands that he knows very little...
------------------------------------------------ |
|
24/04/2004 21:52:55
|
Anonymous
|
The error was my own fault, i updated the SQL with the wrong file... I used the whole guestbook.sql instead of the update version.
I am also not shure of how far my permissions go.. Im just a simple webmaster
When i used the update version later, it was succesfull.
But unfortunately the guestbook still isn't working. Ill try again tommorow otherwise i think will reinstall the whole program.
It's saternight so time for something else...
Nog ff in het Nederlands, bedankt voor het helpen dusver! Mocht je me nog gaan redden met het gastenboek, biertje?
|
|
|