If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Dot post your URL  XML
Forum Index » Support Forum
Author Message
Anonymous



This may be obvious to most of you, but it wasnt to me: if you post your URL in this forum, you will get hackers and spammers converging on your guestbook to mess with you.
I have gotten lots of help from this forum and I am grateful for all of it. This is just a bit of advice to newbies, so you can avoid the harassment I've gotten. Ask questions in here and you will get help, but dont post links to your guestbook in here.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

I find that most of the people attempting to exploit my guestbook actually came via a google search for advanced guestbook. I welcome all attempts at exploiting my guestbook so I can report more of the losers to their ISP's

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
rocket rabbit
Beginner

Joined: 06/01/2005 23:38:26
Messages: 11
Offline

yes, you are right I got some spammers via web sarches, but I didn notice my spam go up afetr I posted in here. So i imagine that amongst all the truly helpful there are some maliscious folks lurking about.

By the way CARBONIZE Here is something I found in my logs:

http://dimattic.com/uni.cgi?query=http://www.MYURLHERE/Guestbook/addentry.php

So for your site CARBONIZE it would be:
http://dimattic.com/uni.cgi?query=http://www.carbonize.co.uk/Guestbook/addentry.php

I guess this is the form that is generating the spam?
anyway, since I installed your mods my spam problem has VASTLY improved, thank you.

What is an EXPLOIT? without giving out the actual method what is the principle behind what they were doing to get inside my admin panel? (before I patched it)
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Yes I have found a few of these scripts around. My advice is report them to their hosts. As to the exploit it basically involves putting a certain string of characters into the password box of the admin login and then pressing enter. It basically bypasses the login procedure and fools the guestbook into believing you are already logged in.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum