Need FAST fix for HACK

Dear All,

Today the guestbook (version 2.2) on a very popular site in NL ha sbeen kind of hacked.

Someone was able to remove the top of the page (the logo part) and include a racial text...!

Several people have been on the phone!

We have removed it but want to make sure this NEVER happens again...

Thanks! (perhaps a chmod on a file?)

I'll wait here for your answer...

Thanks

Check the logfiles in your server and see how they got in.
Maybe the server has a leak.
You could also upgrade to version 2.3.1

Thanks for the fast reply!

We're currently checking the server logs. The file has probably been uploaded together with a comment. Not a server leak...a script leak.

I can't find the release notes of the latest version. What garuantees does this new version has?

Thanks!

It gives some new features, fixes some bugs.
I don't know wich bugs, but it might be better then the version you now use.
version 2.3.0 had a bug in the admin section and 2.3.1 fixed that.

But it sounds if version 2.2 has a SQL Injection Exploit bug, this is common to bad coding in php scripts.

Do you have a link to your guestbook?

Yep,

try this : http://gastenboek.leidapieters.nl/

Thanks!

I found out that Advanced Guestbook 2.2 appears vulnerable to SQL Injection granting the attacker administrator access. The attack is very simple and consists of inputting a special password string leaving the username entry blank:

So I suggest you upgrade to the latest version.

Thanks! I'll let them know....

We also had the same hack problem at the same day...

It was in the guestbook of our dutch Atlantikwall Museum website. Also a racial text in the header and the language was put to Polish together with some other strange adjustments...

Is it possible this was a hack only against the advanced guestbook? And how did the hacker now were to find the guestbooks?

My biggest problem is now after I fixed al the changes (and everything was working like it should) I logged out of the admin.php and the whole guestbook doesn't seem to work anymore....

Are there more people with the same problem? and just to be shure, can I save al the messages that were submitted when it worked?

If you want to see that it doens't work go here http://www.atlantikwall-museum.nl/gastenboek/admin.php or /index2.php or /addentry.php

By the way... The files I named are still intact when i open them with ftp acces... The source is almost blank when opened in Explorer.

I really hope someone can help, the guestbook is a important page on our website.

thank you!

Peter

Uhm i now see we also use the 2.2 version... How do i upgrade to the new version? Overwrite? And will all the old submitted messages kept safe?

As you can see I have a lot of questions

I just don't understand why someone would hack the guestbook of a respectfull museum...

Hoping for a reply and thanks!

Peter

Hi Peter,

All your mesagges will be spared only the layout of the guestbook will be back to default.

You will have to use PHPMYADMIN or something similar. Phpmyadmin is what most web server hosts use for their clients to access the database.

Replace all files (with the original guestbook 2.3.1) and update your database with the SQL file.

Hey Jam'n,

Thanks for the quick reaction!

Still one problem. I get the following error when trying to updat the SQL

Error

SQL-query :

CREATE DATABASE /*!32312 IF NOT EXISTS*/gb22

MySQL said:

#1044 - Access denied for user: 'atlantik@localhost' to database 'gb22'

I've never done this before so maybe i am doing something wrong... I accessed the server using phpmyadmin, chose the database for the guestbook, clicked on SQL, located the SQL file (guestbook.sql) and clicked GO... I also tried to put in the code manually but that came out with the same error..

I hope you can come up with the sulution!

Thanks,

Peter

One more thing...

Ive also tried the code you placed for me, and the update code, but the book still didn't work

Are you sure your authorized to make such changes>

Access denied for user: 'atlantik@localhost' to database 'gb22'

The error was my own fault, i updated the SQL with the wrong file... I used the whole guestbook.sql instead of the update version.
I am also not shure of how far my permissions go.. Im just a simple webmaster

When i used the update version later, it was succesfull.

But unfortunately the guestbook still isn't working. Ill try again tommorow otherwise i think will reinstall the whole program.

It's saternight so time for something else...

Nog ff in het Nederlands, bedankt voor het helpen dusver! Mocht je me nog gaan redden met het gastenboek, biertje?