Main Menu
Our Sponsors
Chi Kien Uong
Geranienstraße 30
71034 Böblingen
Deutschland / Germany
If you are not registered or logged in, you may still use these forums but with limited features. Show recent topics
  [Search] Search   [Hottest Topics] Hottest Topics   [Members]  Member Listing   [FAQ]  FAQ 
[Register] Register /  [Login] Login 
Guestbook hijacked  XML
Forum Index » Support Forum
Author Message
[Post New]28/02/2005 23:47:59
    Subject: Guestbook hijacked
[Up]
Anonymous



Hi, I just discovered that the Advanced Guestbook of the site I managed gets redirected to some Turkish website http://www.mavideniz.org/ .- I dont know these mean fellows, or how they accessed the files on my site to enable that process.

The Guestbook script was installed via the CPanel. What can I do to get rid of the malicious script doing the redirection? I am new to PHP, and so I dont know where to look. I just could not locate anything alluding to that site in the index.php of the Guestbook.
Please urgently help, as the website part of a big University website.
[Post New]01/03/2005 02:28:39
    Subject:
[Up]
ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline
THis link will take you to a thread where this happened and how to get into the database to remove it.

http://proxy2.de/forum/viewtopic.php?p=14274#14274
---------------
[Post New]01/03/2005 14:21:34
    Subject:
[Up]
Anonymous



Hi,
Thanks for that response. I had actually just managed to solve the problem.
Below is a comment I just made in another forum where I had also requested for help. The concerned database table, as also suggested in your forum articles was "book_data".

I did actually go back to the database so I could prove to you what I had said, that there was no suspicious entry! This time, though, I opened the concerned database table in PHPmyAdmin, in a different way, so it showed the entries in detail, and the re-directing script was hidden. I deleted and everything is now okay. Actually those bastards had put their script there as a "Comment" to the last visitors entry! For that reason, even the administration page of the Guestbook, where you could delete/edit the entries was not accessible as the same script would redirect me to the hackers page!



Is there anyway to prevent such??
Regards
[Post New]01/03/2005 16:24:18
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
turn off HTML and patch your guestbook.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]01/03/2005 18:29:42
    Subject:
[Up]
ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline
Anonymous wrote:


Is there anyway to prevent such??


I don't know - I can't find your guest book - the language is not something I understand on your site and you don't have it set up in a way that is intutive for me to find.

If you have version 2.2 - make certain to use the patch to fix the exploitable hole that allows backdoor access to the admin.

And as Carbonize suggests, turn off HTML if you have it enabled on your guest book - perhaps password your comments - and as I had suggested in the other thread add those "words" to the curse words portion in the admin section to prevent people from even typing them into your guestbook.

You can do these things if you have 2.2 or 2.3.1 versions of the guestbook.
---------------
[Post New]01/03/2005 18:53:54
    Subject:
[Up]
Carbonize
Master
[Avatar]

Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
they didn't post a link to their site. the link they posted is one that many guestbooks have been redirected to.
Carbonize
I am not the maker of the Advanced Guestbook

get Lazarus
[Email] [WWW] [Yahoo!] aim icon [MSN] [ICQ]
[Post New]01/03/2005 22:55:57
    Subject:
[Up]
ET
Graduate

Joined: 21/02/2003 22:17:48
Messages: 179
Offline
Thanks Carbonize - I should have picked up on that sooner... LOL
---------------
 
Forum Index » Support Forum
Go to:   
Based on the open source JForum