Help, someone hacked into our guestbook

Dear Carb

You are the only our saviour, my guestbook was hacked too. Could you please advise what can be done to fix it.
Thanks.

my site: http://www.armens.info/patrick/

guestbook: http://www.armens.info/gd_book/

Post deleted and password changed to 123. I left the username as what it was Patrick. You need to patch your guestbook. Search this forum for advanced guestbook 2.2 exploit fix or visit my sites forum.

Carbonize wrote:Post deleted and password changed to 123. I left the username as what it was Patrick. You need to patch your guestbook. Search this forum for advanced guestbook 2.2 exploit fix or visit my sites forum.

You are a star. Thanks a mill.

You seem to be doing such a great job and I really need hel. Our fanclub guestbook was hacked by some jerk, he's been spamming for a couple of days now and has decided to get tougher and added his html file to the last entry. I have stopped the use of HTML code on the site, but can you delete his entry?

Then is that enough or is there something else I shoud do to prevent this happening again. You said earlier about not having to update to 2.3.1, just add the patches, I haven't a clue what that is all about, how to get them, how to add them. Can you send me info or direct me somehow? It's a non profit making club and members use the guestbook to keep in contact. Thank you so very much for any help you can give us.

www.rickynelson.co.uk/conversation

Ricky Fan wrote:You seem to be doing such a great job and I really need hel. Our fanclub guestbook was hacked by some jerk, he's been spamming for a couple of days now and has decided to get tougher and added his html file to the last entry. I have stopped the use of HTML code on the site, but can you delete his entry?

Then is that enough or is there something else I shoud do to prevent this happening again. You said earlier about not having to update to 2.3.1, just add the patches, I haven't a clue what that is all about, how to get them, how to add them. Can you send me info or direct me somehow? It's a non profit making club and members use the guestbook to keep in contact. Thank you so very much for any help you can give us.

www.rickynelson.co.uk/conversation

Ok your guestbook is now fixed. I didnt see where they changed any of your login or passwords. Also here is the link for the guestbook upgrade and mods. http://proxy2.de/forum/viewtopic.php?t=3563

I don't know if I did this myself, but the hack seems to have gone in the 5 ins since I posted the above. If someone else did this in such a quick time, thanks! Can someone let me know if the problem will happen again. I checked my session.class.php file in lib and that has the right code. (The one about magic quotes. Is there somerhing else I should do.

Yes I fixed your guestbook lol. And posted the link for upgrading for you. And yes the problem will happen again untill you upgrade and patch it.

Thanks Carb, I was wondering how it all happened so quick!
Anyway, have now downloaded the gbookphp.zip opened it, changed the name from guestbook to conversation and overwrote the original conversationfolder using WSFTP pro. Then I downloaded your upgrade.php (No install.php in it, it's upgrade.php) I then overwrote taht with the upgrade on the conversation folder I just uploaded. When I go to:
http://www.rickynelson.co.uk/conversation/upgrade.php
I get the message:
Could not connect to MySQL because: Access denied for user: 'root@localhost' (Using password: NO)
What am I / have I done wrong?

Also the guestbook itself now shows a warning page.

You need to make sure the MySQL information in your config file is correct.

Have done that now, using the advice on:
http://proxy2.de/forum/viewtopic.php?t=3654

Still not geting very far. What might be the trouble do you think?

The upgrade script needs to be in the guestbook folder. It calls on the config file to get the details so it needs to be in the right location.

The upgrade.php is inside the conversation (guestbook) folder, it is directly below the admin folder.

When I click on the guestbook link this page comes up:

Warning: mysql_connect(): Access denied for user: 'j1manley@localhost' (Using password: YES) in /home/j1manley/public_html/conversation/lib/mysql.class.php on line 30
Connection Error
--------------------------------------------------------------------------------

MySQL Error : Connection Error
Error Number: 1045 Access denied for user: 'j1manley@localhost' (Using password: YES)
Date : Mon, January 24, 2005 18:53:15
IP : 194.46.90.202
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)
Referer :
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.rickynelson.co.uk

Hmmmmmm my upgrade script should not have that effect, in fact it cannot have that effect. Check the details in the config file.

I'll do that tomorrow (It's 3.30 a.m. here) Thanks for your help, no doubt I'll be asking you for more help soon.

It's 04:23 here and I'm shattered. Currently contemplating typing up my resignation letter.