If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Host says no to Advanced Guestbook!  XML
Forum Index » General Discussion
Author Message
DmcMan
Newbie

Joined: 23/02/2005 20:03:27
Messages: 3
Offline

Hi,

I recently received an email from my hosting company stating that the Advanced guestbook has security holes and recommends its members to remove the Advanced Guestbook from their sites.

I've updated my Guestbook with all the security updates from this site. Am I safe or is something my hosting company knows that I don't?

Thanks for any info.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Your host being Lunarpages by any chance? I tried to email them using the emaill address they provided - support@lunarpages.com and it got rejected as address unknown, not a good advertisement for a host. The only exploits in 2.3.1 are the XSS uri exploit and a possible useragent exploit. the former was silently patched in December (no I don't know why silently neither) and the latter is hard to perform and easily patched. This is typical of hosts. They supplied the scripts, probably badly edited by them, and then they panic like this.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
DmcMan
Newbie

Joined: 23/02/2005 20:03:27
Messages: 3
Offline

Yes, it's Lunarpages. They also have an international number you can call them at if you want.
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

They have a UK number as well but stuffed if I'm going to phone them. I'd say just install the guestbook yourself and tell them you are installing it as you have more faith in the guestbooks writer and help than in them. Ever heard the story of Chicken Lickin? Next you will get an email saying the sky is falling in. I'd find a better host.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Ok I finally got a reply from Lunarpages. They say it is partly because of the login exploit and partly because some guestbooks have been hacked and used for phishing scams. I have replied with how to fix the problems and point out that it was I that made it public about the phishing problems.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

What the heck is a phishing scams

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Phishing is when they send an email claiming to be your bank or paypal etc asking you to fill in your details as they are upgrading thir system or something stupid.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Ah ok. Hell I get those all the time. Dont even open them just delete onsite.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
 
Forum Index » General Discussion
Go to:   
Based on the open source JForum