Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Ideas to stop GuestBook Hackers?  XML
Forum Index » Support Forum
Author Message
[Post New]12/02/2005 22:22:40
    Subject: Ideas to stop GuestBook Hackers?
[Up]
Anonymous



A few weeks ago, a friend of mine died. His obituary was posted in the newspaper with a link to a GuestBook to enter condolences for the family. Doing that was a two step process. You fill out online a form with your message, that then goes electronically and automatically to the Webmaster for review -- then the webmaster lets it go on into the GuestBook and be posted.

I am using Advanced Guestbook 2.3.1 -- specifically how can I modify its software so that a new guestbook entry will first be transmitted to me -- then I let it go on into the Guestbook to be posted there if it is not spam? Wouldn't that system catch most all of the Hackers who now can immediately get to the Guestbook with a spam/trashing posting?

Does GuestBook 2.3.1 have any password (for Administrator) vulnerabilities that need to be fixed to prevent hacking?

Are we facing a losing battle such that GuestBooks cannot be made secure and sooner or later they are trashed?
[Post New]12/02/2005 22:33:46
    Subject:
[Up]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline
check the stickies in this forum.
Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
[Post New]12/02/2005 22:54:52
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
2.3.1 is secure. 2.3.2 is more upto date but still in beta. Simple anti spam modification - http://proxy2.de/forum/viewtopic.php?t=4211
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]13/02/2005 23:06:42
    Subject:
[Up]
julie
Beginner

Joined: 13/02/2005 23:04:40
Messages: 5
Offline
my friends guestbook has been hacked.. and its just a big black screen and then it redirects to some site.. how do i get rid of that?
[Post New]13/02/2005 23:18:04
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Post a link to it here.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]13/02/2005 23:20:21
    Subject:
[Up]
julie
Beginner

Joined: 13/02/2005 23:04:40
Messages: 5
Offline
sure thing!

http://www.fortryllelse.com/guestbook/
[Post New]13/02/2005 23:21:21
    Subject:
[Up]
julie
Beginner

Joined: 13/02/2005 23:04:40
Messages: 5
Offline
i know how to edit the design of it.. but thats it.. i don't know any of the tech stuff..
[Post New]13/02/2005 23:23:47
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
Fixed now you need to patch. Easiest way is goto www.carbonize.co.uk/AG and download the patched file then upload it.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]13/02/2005 23:25:04
    Subject:
[Up]
julie
Beginner

Joined: 13/02/2005 23:04:40
Messages: 5
Offline
this one?

Advanced Guestbook 2.2 Login Exploit Fix
[Post New]13/02/2005 23:25:49
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
yes.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]13/02/2005 23:26:28
    Subject:
[Up]
julie
Beginner

Joined: 13/02/2005 23:04:40
Messages: 5
Offline
wow how did you fix it?? lol

what happens if it happens to my other clients guestbooks?
[Post New]14/02/2005 01:18:05
    Subject:
[Up]
Auron
Expert
[Avatar]

Joined: 23/06/2003 22:02:17
Messages: 1053
Offline
Install the patch before it happens again is HIGHLY recommended.
Visit my site @ www.ragnaru.com
Adv. Poll Install Guide NOW BACK ONLINE! (And also rather out of date I would of thought)
[Email] [WWW]
[Post New]14/02/2005 04:46:00
    Subject:
[Up]
ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline
julie wrote:wow how did you fix it?? lol

what happens if it happens to my other clients guestbooks?


Carbonize fixed it the same way it got hacked - through the exploit - As Auron points out, the sooner you patch it, the sooner the exploit is closed up. If you take the time to read through other "i've been hacked" posts on this board, you will notice that some have to get hacked 2 - 3 times before they finally figure out that the hackers will keep coming back time and time again - sometimes every few hours.
---------------
[Post New]14/02/2005 06:44:19
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
It's been 6 hours and that site is still not patched.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]14/02/2005 07:23:22
    Subject:
[Up]
ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline
Carbonize wrote:It's been 6 hours and that site is still not patched.


ummmmmm..... guess you won't be surprised if asked to fix another attack there....
---------------
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum