Hacker from Turkey owns our Guestbook

Hey, these same "Turkish" guys hacked my guestbook once before. and one of you mods fixed the problem. Well, they got to it again before I could find time to patch the exploit problem. Could you tell me how to delete the message, but don't do it actually do it. I wont to know step by step. Ill have a little surprise for the hackers next time.

Here's the link.
http://www.mariettafirst.org/guest

Thanks

No because I deleted it already. You can delete the posts by going into phpMyAdmin if you have it or via your cPanel. Once into your MySQL database you need to goto the table called book_data and then browse it. Simply then click the bin icon next to the row containing the post. The method I just used (which is risky) is to use the tab key to go through the links until I find the first link that says action=del then I press return. The safer option, if you do not have phpMyAdmin is to view the source code, press Ctrl + F to open up the find dialog, type in some of the text from their message so it goes to it, press Ctrl + F again if it is not still open and then type in action=del which should take you to the url used to delete that post. Simply copy that url, replace all the & with just & and then paste it into your url bar and press enter.

Oh and you can get the pre patched session.class.php file from www.carbonize.co.uk/AG/

Just wondering. How does the hacker post this message? Does the hacker use the exploit to gain admitance to the administrative page, then enable html, post his page, disable html, then simply log out? Or is he using some other way to post his little flag of Turkey? Knowing how he did it would be a great help.
Thanks.

Well trey I see you still havnt applied carbs patch. Your just leaving yourself open for repeated hacks.

As JTD says anyone can login to your admin section until you patch. Once in you can edit any post and when the admin edits a post they can put HTML tags in there.

I was wondering if you knew anything about this Turkey hacker. I checked out the site he set it up to redirect you to, and it seems like they are hosting some sort of hacking contest. They keep count of how many defacements they have done and stuff like that. And I wonder if this guy is watching my guestbook to see if I have taken down his post so he can slap 'er right back up there.

Also a funny tidbit. My initials are JTD.

And yes, I will patch the exploit problem.

If you have stats or access to your servers logs just check what IP's access the admin.php file using a POST request. This will be either you logging in, me deleting the post or the hacker when he logged in.

trey wrote:I was wondering if you knew anything about this Turkey hacker. I checked out the site he set it up to redirect you to, and it seems like they are hosting some sort of hacking contest. They keep count of how many defacements they have done and stuff like that. And I wonder if this guy is watching my guestbook to see if I have taken down his post so he can slap 'er right back up there.

Also a funny tidbit. My initials are JTD.

And yes, I will patch the exploit problem.

There's a variety of them - from Turkey, Egypt, Saudi, etc - Once you are "tagged" as vulnerable, they arrive on a regular basis to continue to attempt to hack your guestbook The sooner you patch it, the better. There are "hacker" websites out there specifically telling people how to hack into the guestbook and how to find the vulnerable ones.

Now you are forewarned so it is up to you to take the advice to heart or choose to ignore.

Be well

Was this the website???? http://fultroncomputing.com/xoops-2.0.9.2/html/modules/news/

Nope, but ill search my history and see if I can find it. Only small parts of it were English, so I couldn't understand it. But i got the general idea. But I have a question for Carbonize. Where did you learn C++, Java, HTML, ect., and how long have you been in to computers and programming?

I've been in to computers ever since our family had a Sinclair Spectrum 48k. As to programming etc I only got into that about 5 years ago. I am self taught by looking at other peoples code and looking things up on the net.

Here is the site.
The homepage is http://www.mavideniz.org/
and the hacking page is http://www.mavideniz.org/isko/iskorpitx.htm

Right now I'm at school, so I dont have access to the server of my website. But now, a different Turkish hacking team hacked my guestbook. I will install the patch as soon as I get home today, but for now, tell me how to get rid of their post through the cpanel. BUT DONT DELETE IT, I NEED IT AS EVIDENCE. You told me before, but I'm kind of confused. Please help me out once more guys.

the fact that you keep getting hadcked seems to prove that they share a list of vulnerable sites.

trey wrote:
Hey, these same "Turkish" guys hacked my guestbook once before. and one of you mods fixed the problem. Well, they got to it again before I could find time to patch the exploit problem. Could you tell me how to delete the message, but don't do it actually do it. I wont to know step by step. Ill have a little surprise for the hackers next time.

Here's the link.
http://www.mariettafirst.org/guest

Thanks

trey wrote:Right now I'm at school, so I dont have access to the server of my website. But now, a different Turkish hacking team hacked my guestbook. I will install the patch as soon as I get home today, but for now, tell me how to get rid of their post through the cpanel. BUT DONT DELETE IT, I NEED IT AS EVIDENCE. You told me before, but I'm kind of confused. Please help me out once more guys.

I think I see a pattern here

Carbonize wrote:the fact that you keep getting hadcked seems to prove that they share a list of vulnerable sites.

LOL - Oh really? LOL