If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
Hacking concerns  XML
Forum Index » Support Forum
Author Message
Anonymous



I am totally ignorant and naive in regards to hacking, but I have seen much discussion on these forums on this subject which has raised several questions in my mind.

1) How do people find these guestbooks to hack into in the first place, and is it just guestbooks from proxy2.de that are being hacked into or is this something that all guestbooks are at risk for? Do these hackers lurk on these forums and attack guestbooks that have had URLs for them posted here or do they have a more devious way of finding them (like doing a google search for guestbook)?

2) In order for me to upload my files to my server via FTP, I have to have a user name and password - how does a hacker get this info or do they have a way of bypassing it (in which case, why do I have to bother with it if it can be gotten around so easily)?

3) I have read that it is version 2.2 which is most suseptible to hacking, then others have said that 2.3.1 is also at risk, and yet others have said it is the webhosts php version which is the culprit. Can anyone clarify? And are other scripts, such as forums, equally at risk?

I realize, as I reread my questions, that someone could think that I am trying to get a primer on hacking! Definitely not - I'm just trying to get a better understanding so that I can assess the level of risk for my recently added guestbook.

Thanks.
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

Do your own search and see what you find.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Anonymous



OK, I took your advice and put the word "guestbook" in google and came up with over 22 million hits! That should keep those punks amused for quite a while, unfortunately.

But I'm still curious - is there something about guestbooks in particular or php scripts in general that makes them so vulnerable to hacking? And how do they get around the FTP password issue?

Thanks.
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

They dont get around the ftp password. They use it by getting into your guestbook admin. AS I always say do a search.

http://proxy2.de/forum/viewtopic.php?t=3037&highlight=exploit

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
Trevor
Student
[Avatar]

Joined: 17/06/2004 02:53:11
Messages: 67
Location: UK
Offline

Ahroo,

Just posted this... <<<http://proxy2.de/forum/viewtopic.php?t=3475>>>, you might find it useful.

To answer your questions...

How do people find these guestbooks to hack into in the first place


Search engines mainly

and is it just guestbooks from proxy2.de that are being hacked into or is this something that all guestbooks are at risk for?


Version 2.2 is particularly vulnerable but if someone's clever enough and determined enough they could probably get into pretty much any guestbook they wanted

Do these hackers lurk on these forums and attack guestbooks that have had URLs for them posted here or do they have a more devious way of finding them (like doing a google search for guestbook)?


Lurking on forums would be one way but why bother when any search engine will throw up thousands of results. Use a robots.txt file to prevent your guestbook being indexed by search-bots.

In order for me to upload my files to my server via FTP, I have to have a user name and password - how does a hacker get this info or do they have a way of bypassing it (in which case, why do I have to bother with it if it can be gotten around so easily)?


As JTD said - it's not your ftp password, it's the password that you use to access the guestbook admin panel - there's a known vulnerability which can be exploited allowing anyone with a certain password to access unprotected guestbooks.

I have read that it is version 2.2 which is most suseptible to hacking


Judging by the posts on this forum then - yes.

others have said that 2.3.1 is also at risk


Maybe but to a much lesser extent. No doubt someone, somewhere is trying to expose any weaknesses but at present there's no major issues that I'm aware of.

others have said it is the webhosts php version which is the culprit.


Could be in some cases - depends on the version but the weak point in the majority of cases is the ease with which the admin panel in version 2.2 can be accessed.

And are other scripts, such as forums, equally at risk?


It's a bit like asking how long's a piece of string. Depends on the forum, some are more at risk than others. I guess the more popular ones are most likely to be the target of people looking for weaknesses but on the other hand, it's likely that the more popular ones are the better developed ones anyway.

In general do the following...
Go for version 2.3.1
Read the post mentioned above
Restrict access with a .htaccess file
Use noindex / nofollow in robots.txt
Rename admin.php (change all links to it as well)
Remove the 'administration' link from the view and sign pages of the guestbook

Hope this helps,

Trevor
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



Thank you very much - I am getting QUITE an education. I was thrilled just to get my guestbook working, then ecstatic when I figured out (thanks to a great extent to the wonderful help that so many people are willing to give to us "ignorant people" who "should be neutered") how to get it modified to look exactly the way I wanted it to, and now I can see that there is so much more to it to ensure its security. But I'm really enjoying learning about php and look forward to trying more things. It is people like you, who are willing to share your knowledge and experience without being condescending, who make this such an enjoyable process. Thanks again for taking the time to answer my questions!
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum