Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
my guestbook got hacked - any suggestions?  XML
Forum Index » Support Forum
Author Message
[Post New]28/01/2005 21:43:08
    Subject: my guestbook got hacked - any suggestions?
[Up]
Anonymous



Seems a site I built for a friend got hacked. I think it was running Guestbook 2.3.1

http://www.selenoclarke.com/seleno_aguest_frameset.htm

Any suggestions as to fix this? Hopefully I can retain some of the messages and pictures.

Much thankx
[Post New]28/01/2005 21:47:37
    Subject: sorry for the dupe, I didn't see the msg below
[Up]
wolfereeno
Beginner

Joined: 28/01/2005 21:44:09
Messages: 7
Offline
sorry for the dupe, I didn't see the msg below

my appologies.
[Post New]28/01/2005 22:40:47
    Subject:
[Up]
wolfereeno
Beginner

Joined: 28/01/2005 21:44:09
Messages: 7
Offline
I've tried working through the various advice I found here:

http://proxy2.de/forum/viewtopic.php?t=3563

but am not having any luck. when I run the reset script it doesn't put any info in my config.inc.php. That file's actually blank.

Any suggestions?
[Post New]28/01/2005 23:02:37
    Subject:
[Up]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline
Your guestbook is fixed and the login and password have now been reset to the default ones. And yes you are running version 2.2. You need to upgrade. Also sent you an email.
LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
[Post New]28/01/2005 23:04:34
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Your cofig.inc.php file is not empty otherwise your guestbook would not work at all. The reset script is just to reset the admin username and password.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]28/01/2005 23:26:58
    Subject:
[Up]
wolfereeno
Beginner

Joined: 28/01/2005 21:44:09
Messages: 7
Offline
Much thanks guys!!

is there a cumulative update or do I need to install the various patches mentioned in this message:

http://proxy2.de/forum/viewforum.php?f=3&sid=24bc36509c8e49338ee046f19b21b4d4


Thanks again!
[Post New]29/01/2005 00:04:40
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
the 2.2 login exploit is the only real thing you need to atch. That and remember to leave HTML disabled.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]29/01/2005 00:52:10
    Subject:
[Up]
Anonymous



How come I don't need to update to 2.3.1?

Much thanx
[Post New]29/01/2005 02:10:17
    Subject:
[Up]
Anonymous



Anonymous wrote:How come I don't need to update to 2.3.1?

Much thanx


Because the Patch will fix the exploit without REQUIRING the update. But if you WANT to update - go for it.
[Post New]29/01/2005 07:24:09
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Because updating brings its own problems which I am trying to write an update script to fix.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]29/01/2005 11:38:56
    Subject: agbook 2.3.1 - is it hackable too?
[Up]
Anonymous



Hey Carbonize

Thanks very much for all your helpfull tips and scripts. I upgrade to agbook 2.3.1 and all your suggestions were working fine.

But there is still one question. Has the new version 2.3.1 got vulnerable exploits too or can I feel now safe ?

Thanks for your feedback
Cheers lizbo24
[Post New]29/01/2005 12:57:41
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Nothing major. Nothing I have seen used to any devastating effect anyway.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]29/01/2005 13:41:29
    Subject: Thanks Carbonize
[Up]
Anonymous



Allrighty
Thanks for your feedback
I will look in the forum from time to time
Cheers lizbo24
[Post New]29/01/2005 18:33:32
    Subject: agbook 2.3.1 just set up and already spam!
[Up]
Anonymous



Hi Carbonize

I was to fast with my answer. My new version agbook 2.3.1 is now one day up and I got already the first two spams, which have the same origin as i got in version 2.2!
Do I have to change php code or put in a patch, that it stops. I'm tired to delete records (entries) every day.
Thanks for your feedback and help
Re lizbo24
[Post New]29/01/2005 19:38:17
    Subject: Re: agbook 2.3.1 just set up and already spam!
[Up]
Anonymous



Me too. I am now getting about 10 spams a day. I would really like to be able to review posts before they are submitted in the guestbook. Can I do this?

Ken

lizbo24 wrote:Hi Carbonize

I was to fast with my answer. My new version agbook 2.3.1 is now one day up and I got already the first two spams, which have the same origin as i got in version 2.2!
Do I have to change php code or put in a patch, that it stops. I'm tired to delete records (entries) every day.
Thanks for your feedback and help
Re lizbo24
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum