Host says no to Advanced Guestbook!

Hi,

I recently received an email from my hosting company stating that the Advanced guestbook has security holes and recommends its members to remove the Advanced Guestbook from their sites.

I've updated my Guestbook with all the security updates from this site. Am I safe or is something my hosting company knows that I don't?

Thanks for any info.

Your host being Lunarpages by any chance? I tried to email them using the emaill address they provided - support@lunarpages.com and it got rejected as address unknown, not a good advertisement for a host. The only exploits in 2.3.1 are the XSS uri exploit and a possible useragent exploit. the former was silently patched in December (no I don't know why silently neither) and the latter is hard to perform and easily patched. This is typical of hosts. They supplied the scripts, probably badly edited by them, and then they panic like this.

Yes, it's Lunarpages. They also have an international number you can call them at if you want.

They have a UK number as well but stuffed if I'm going to phone them. I'd say just install the guestbook yourself and tell them you are installing it as you have more faith in the guestbooks writer and help than in them. Ever heard the story of Chicken Lickin? Next you will get an email saying the sky is falling in. I'd find a better host.

Ok I finally got a reply from Lunarpages. They say it is partly because of the login exploit and partly because some guestbooks have been hacked and used for phishing scams. I have replied with how to fix the problems and point out that it was I that made it public about the phishing problems.

What the heck is a phishing scams

Phishing is when they send an email claiming to be your bank or paypal etc asking you to fill in your details as they are upgrading thir system or something stupid.

Ah ok. Hell I get those all the time. Dont even open them just delete onsite.