If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register / 
[Login] Login 
HACKED!!!!!!!!!  XML
Forum Index » Support Forum
Author Message
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline



http://www.39reasons.com/guestbook39/

I'm pretty new at all this. I've done the search for fixing it, but I'm just not sure I understand it enough and don't want to make it worse.

I can still log into my admin pages - but I don't know what to do from there.

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

looks like they edited the header.php in the templates file or possibly body.php I doubt they did this via the guestbook though. Did you chmod the template files to 777? Possibly this person has an account on the same server as you. Simply remove the cde from the appropriate template file.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
JTD
Graduate

Joined: 08/05/2004 21:52:50
Messages: 529
Location: Arkansas
Offline

He is running version 2.3.1 also.

LINK-> Use Lazarus Guestbook
[WWW] [Yahoo!] aim icon [MSN]
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline

I upgraded to 2.3.1 after reading all of the suggestions on here. Like I said, I'm pretty new to this so I'm not sure what
Did you chmod the template files to 777
means.

This is what my header template looks like - again, I don't know a lot about coding, but I'm trying to learn.

<html>
<head>
<title>$LANG[FormSelect]</title>
$LANG[metatag]
<meta name="keywords" content="guestbook, php, script, mySQL, free, advance">
<style type="text/css">
<!--
.font1 { font-family: $VARS[font_face]; font-size: $VARS[tb_font_1]; color: $VARS[text_color] }
.font2 { font-family: $VARS[font_face]; font-size: $VARS[tb_font_2]; color: $VARS[text_color] }
.font3 { font-family: Arial, Helvetica, sans-serif; font-size: 7.5pt; color: $VARS[text_color]; font-weight: bold}
.select { font-family: $VARS[font_face]; font-size: 9pt}
.input { font-family: $VARS[font_face]; font-size: 9pt}
-->
</style>
<script language="JavaScript">
<!--
function gb_picture(Image,imgWidth,imgHeight) {
var border = 24;
var img = Image;
var features;
var w;
var h;
winWidth = (imgWidth<100) ? 100 : imgWidth+border;
winHeight = (imgHeight<100) ? 100 : imgHeight+border;
if (imgWidth+border > screen.width) {
winWidth = screen.width-10;
w = (screen.width - winWidth)/2;
features = "scrollbars=yes";
} else {
w = (screen.width - (imgWidth+border))/2;
}
if (imgHeight+border > screen.height) {
winHeight = screen.height-60;
h = 0;
features = "scrollbars=yes";
} else {
h = (screen.height - (imgHeight+border))/2 - 20;
}
winName = (img.indexOf("t_") == -1) ? img.substr(4,(img.length-) : img.substr(6,(img.length-10));
features = features+',toolbar=no,width='+winWidth+',height='+winHeight+',top='+h+',left='+w;
theURL = '$GB_PG[base_url]/picture.php?img='+Image;
popup = window.open(theURL,winName,features);
popup.focus();
}
//-->
</script>
</head>
<body bgcolor="$VARS[pbgcolor]" link="$VARS[link_color]" vlink="$VARS[link_color]">

Thanks!!!
Pamela

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Sorry my mistake. They have editted a post via the admin area. The exploit for the guestbook does not work on your site though so I am curious as to how they got in. Anyway you can delete the post that got editted to fix the problem then change your password. Or if you wish email me the login details and I will deal with it. My email is on my site.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
amber222
Graduate

Joined: 07/05/2004 21:13:07
Messages: 586
Offline

Chmod is changing file permissions. Here is a post explaining it, you might want to read later:

http://proxy2.de/forum/viewtopic.php?t=3520

This post explains how to change permissions from the CPanel:

http://proxy2.de/forum/viewtopic.php?t=3654 (second from last post)


I don't think any of that will help you get rid of the hack. You need to find the offense and delete it... either from one of the template files or the Easy Admin Panel. If you email the login, I could try to find it for you.
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline

Carbonize wrote:Sorry my mistake. They have editted a post via the admin area. The exploit for the guestbook does not work on your site though so I am curious as to how they got in. Anyway you can delete the post that got editted to fix the problem then change your password. Or if you wish email me the login details and I will deal with it. My email is on my site.


Carbonize - you are a genius!!! I went in through myphpAdmin page - checked the latest entry - and sure enough - that was the problem!!! So I deleted it, and I'm back up and running. Thank you everyone!! And amber... I will read that post you suggested too.

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

glad to have helped. You could of just as easily deleted the post using the admin section of the guestbook but it was probably easier to identify the entry via phpMyAdmin.

I'm still curious as to how they gained access so as I said change your password.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline

Actually - that was the first place I went once I knew I still had access to my admin section. But the photo was showing up so huge even in there (like it was on the guestbook itself) that I couldn't get to the message to delete it. It was in message 94 or 95 - and the photo covered everything down to message 80.

And since this happened, I have upgraded to the newer version of the guestbook AND changed my password!

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

No problems with using the admin section after you upgraded? There is a known bug whereby you end up in a login loop when trying to use the admin section after upgrading from 2.2 to 2.3.1.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline

No problems. I am able to log in with no problem. Haven't done anything but delete the testing posts - but so far so good.

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

Glad to hear it. You may also want to use my image verification mod to prevent sutomated spamming of your guestbook. Not that I saw any.

Just a suggestion, why not edit the templates a little so that you could have the guestbook load in the iframe you use for the rest of the site?

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
39 Reasons
Beginner

Joined: 23/06/2004 10:08:41
Messages: 10
Location: Los Angeles, CA
Offline

Carbonize wrote:Glad to hear it. You may also want to use my image verification mod to prevent sutomated spamming of your guestbook. Not that I saw any.


where would I find that?

Carbonize wrote:Just a suggestion, why not edit the templates a little so that you could have the guestbook load in the iframe you use for the rest of the site?


Would love to..... but don't know how And I don't want to bother anyone with it. I don't handle the majority of the site, only the extras (guestbook, e-mail, stats and CPanel maintenance) and our "webmaster" is still learning how to do this as well. There are other things I want to (eventually) figure out how to do - get rid of the "here you can leave your mark" note, replace the "GUESTBOOK" image with our logo, have that link return the viewer back to the main site, fun stuff like that. I know all those answers are on this forum somewhere, I just need to find the time to research them. Plus I need to figure out how to allow visitors to the site the option of signing up on our mailing list...... want to add an online journal for the guys in the band to post into... I could go on and on and on and on.... but I won't

Just want to thank you all again for your help - don't know what I would have done without this forum.

No excuses.... just 39 Reasons
www.39reasons.com
[WWW] aim icon
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline

www.carbonize.co.uk/verification.zip for the image verification. Most of the guestbooks text can be editted via the lang/english.php file. The HTML is to be found in the templates folder.

Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
Anonymous



Hi guys,
Okay... so what if we've been hacked and we can't access our Admin?
Our passwords have been changed. How do we hack back in?

We can get into the control panel and php pages, but can't seem to get to anything that resembles the guest entries to be able to delete the damned hacker.

We're at http://grahamgreene.topcities.com/guestbook

Any tips?

Thanks... I hope.
Dusky.
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum