If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Advanced Guestbook v2.2, hacked, fix and backup?  XML
Forum Index » Support Forum
Author Message
Anonymous



I'm by far not a computer expert, and I've been looking through these forums for the fix to the hole in v2.2, and it really doesn't help me much.. sure it would if I was a php expert or something. Just doesn't make much sense.. sorry.

The guestbook I'm using v2.2, was installed on the server I use. So I don't think I can upgrade to the new version. Unless I could get them to do it somehow..

I was thinking maybe if I changed the admin_enter.php template, that could fix the problem? I could post the whole code.. but won't for now, unless someone says so. Did read someone changed something though, so it wouldn't accept that thingy that lets you get in, and gave the "hacker" a message. Maybe that's what he did?

But so can someone explain in a way that somone with no idea how to program in php (me) could understand, to fix the problem?

I did see people talking about making a new file, changing the name to things, and a password file.. but it was a bit too complex for me.

And.. I never set up a database or backup, or does that do it auto? I had to delete some"hacked" posts since I couldn't restore them, though the "hacker" deleted everything tonight.

Thanks to anyone willing to take the time to try to explain it!
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

As I said in http://proxy2.de/forum/viewtopic.php?t=3343

open up lib/session.class.php and look for

On the next line put the following (rembering to put this between that line and the next line, DO NOT OVERWIRTE THE CURRENT NEXT LINE!)


Very crude but effective. Just change the YOUR PASSWORD to whatever your password is. I assume with this code that your actual password is not NOTYOURPASSWORD but if it is change this bit. Also you will need to change this if you ever change your password.


The other option is to change the name of admin.php to stop them finding it and also remove the link from the guestbook if you do this.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum