Messages posted by: JTD

Hey carb I need your help. Or anyone else familer with the 2.2 mysql exploit. These script kiddies are defacing alot of guestbooks which I have been fixing but need help. Just click any of the guestbook links next to the name nEt^DeViL.
http://www.zone-h.org/en/defacements/filter/filter_defacer=nEt%5EDeViL/page=1/

Carbonize wrote:Sorry fell asleep and missed all this. You get it sorted now?

Yes and no. Your password reset scipt isnt working for him.

yes No email just fix the exploit with carbs download.

contact me via msn or yahoo and no i didnt get the login loop. And the password reset script has nothing to do with fixing the mysql exploit.

bigcheez you might want to fix the mysql exploit in your guestbook. Anyone can login as admin. Ps I also reset your login and password to the defaults since the new hacker reset them.

Please do a SEARCH This has been discussed before.

Well thank you. Now can you give me a 1 finger salute

That would really make my day complete.

Do a SEARCH you will find the anwser to that Question. As to your other question. No clue most of us are happy with AGB And dont see the need to try and moderate it. Maybe you would be better off with something like a phpbb based forum.

DonnieP wrote:Thanks Auron
I think I got it fixed.. I was going to see if JTD could get in to my guestbook now or if I did fix it.. Thanks.

http://www.catfishheaven.net/guestbook/index.php

All fixed. Now make sure you leave html off.

DonnieP wrote:I have a new entry in my guestbook and it is the only entry that displays, when I go into easy admin to delete the entry, it has no edit or delete link next to it.. Where are the entries kept on my server so I can go there and delete the entry? I am enclosing a link to my guestbook so you can see this entry, please help me get rid of it..

http://www.catfishheaven.net/guestbook/index.php

It is fixed. Please do carbs update script to fix the 2.2 exploit. Thats how I got in btw. And also keep html off I already disabled it. That is how the person did that to your guestbook.

Just tried your copy carb small message with an image. As soon as I hit submit it flashed and error. But It went back to the main page so quick I couldnt read what it said. It was something about permissions though. I did catch that much of it.

Unless carb wants to make an SMTP mod so you can configure guestbook to use any email addy you want to use.

And let's not forget -- the Advanced Guestbook is an informally supported freeware application that has a lot of problems with people hacking it. It's a great application, but we (or at least I) can't get too upset when a big dog like AOL doesn't uncritically accept its output.

Actually it isnt rejecting Guestbook. If you use an email addy from your webserver. That is what it is rejecting.

Most people use a custom header and footer with a php include in the index.php file.

LSander wrote:

It is easy to use and as solid as a rock.
It has reliable dialup capabilities if my high speed provider goes down.
It can be accessed from anyplace in the country with a local phone call.
It is extremely immune to hacking.
Phone-based tech support is superb (though online & email support are lame).
It hasn't ever been acquired by a company that requires me to change all my email addresses, my way of operating, etc., and this record is likely to continue.
Its spam control is very good, and constantly improving/evolving. (My wife gets zero spam--none. I get a certain amount of it because of the places I visit. AOL handles almost all of it.)
It is frequently updated, and has armies of people working to make it better. (God is on the side of the big battalions.)
Basically, it does everything I need it to do, with very few drawbacks.
It DOES block Guestbook messages, but that seems to be a side effect of titanium-strength spam filtering.

You for got one thing with AOL crap.
Its way OVERPRICED My cable internet isnt really that much more than what AOL wants for dialup.