If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
someone entered javascript popup can't delete  XML
Forum Index » Support Forum
Author Message
bernie
Beginner

Joined: 29/07/2004 12:29:28
Messages: 9
Offline

someone has entered javascript in guestbook and it brings up a message on a pop up which freezes the page. This also happens when I go to the admin and try to delete the entry. The message says my site has been taken over.
How can I get rid of this entry and stop it from happening again.
Thanks

Only a short time ago my guestbook was hacked and I upgraded to solve that - I just don't know what the matter is with all these people do they just sit at their computers all day and night and try to mess up our guestbooks - why ? what for ?
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Give me the link to your website and I'll deal with it if you are using 2.2 otherwise I will need the password.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Just to add that I can fix this because the web browser I use, Firefox, allows me to turn javascript off easily. You can turn it off in IE as well it's just not as clearly labelled.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
bernie
Beginner

Joined: 29/07/2004 12:29:28
Messages: 9
Offline

Thanks my hosting company sorted out the problem for me. I don't allow html in the guestbook anymore.

So many idiots about !
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

The guestbook doesn't allow javascript to be posted regardless of if you are allowing HTML or not. They add the javascript by accessing your admin panel and editting an existing entry.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Thats why you upgrade to version 2.3.1. Because it will happen again if you dont. These script kiddies hunt for there stuff. They have nothing better to do.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
cdnmama
Beginner

Joined: 12/05/2004 20:45:53
Messages: 42
Location: Ontario, Canada
Offline

Carbonize wrote:The guestbook doesn't allow javascript to be posted regardless of if you are allowing HTML or not. They add the javascript by accessing your admin panel and editting an existing entry.

I had someone post a javascript redirection code that lead to a porn site a long time ago. Just turned off javascript in the browser to get rid of it. At the time I thought it was because html was turned on. I was surprised when you said the book doesn't allow javascript to be posted. I've always used 2.3.1

I was doing some experimenting and now I've messed something up with my book I was testing a javascript redirection and you're right, it doesn't work but now I can't remove the entry in 'easy admin'. I can't see the delete button....any ideas what I can do now?

I'm kicking myself now

http://weeinspirations.com
http://dreamworkdesigns.com
http://debsdesignandhosting.com
[WWW]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

ROFLMAO sorry. If you can see any edit delete buttons before your boo boo. Just single click in the box they are in. Do not click the edit or delete itself. Then just use the tab button to start highlighting the edit delete button. You will get to it.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

I personally use firefox which has a great find as you type feature for finding links. Anyways in IE use the TAB button to go through the links on a page one at a time and press enter when it's on the right link.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
cdnmama
Beginner

Joined: 12/05/2004 20:45:53
Messages: 42
Location: Ontario, Canada
Offline

Well.....I had a feeling I'd see a ROFLMAO from someone

Using tab did not work, I get as far as the "Next Page" link and it goes back to the Address for the book at the top. I see part of the last entry I made, but it's cut off. The area where you'd see edit and delete are black.

I was looking around in phpMyAdmin but can't see where I'd edit anything there. Any other ideas? Thanks....

Deb

http://weeinspirations.com
http://dreamworkdesigns.com
http://debsdesignandhosting.com
[WWW]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Tab will work. You just have to hit the right one is all. Either that or give carb access to your GB admin.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
cdnmama
Beginner

Joined: 12/05/2004 20:45:53
Messages: 42
Location: Ontario, Canada
Offline

Nope, tab will not work...it only goes so far then goes back to the url for the guestbook.

This is part of what I see....
http://dreamworkdesigns.com/book.jpg

I only see part of my entry and nothing below it...mmmm

Deb

http://weeinspirations.com
http://dreamworkdesigns.com
http://debsdesignandhosting.com
[WWW]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Well since we cant pm here do you have msn? mine is jtd (at) ravenprom (dot) org

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
cdnmama
Beginner

Joined: 12/05/2004 20:45:53
Messages: 42
Location: Ontario, Canada
Offline

Hi.....yes I do.....I've added you to my contact list

http://weeinspirations.com
http://dreamworkdesigns.com
http://debsdesignandhosting.com
[WWW]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum