new hack?

My homepage which has nothing to do with my installation of 2.2 (unpatched, yeah, I suck) in a separate directory, was hacked today. I Googled the text on my hacked homepage and found another hacked site which is too similar to be of coincidence (one big difference is they didn't change the look of my GB, they just changed my homepage):

http://foliarfert.com/forum/index.php
(They are running 2.2 as well)

In my hack, two things happened:

1. my homepage (index.html in my root dir) was changed to something very similar to the link above.
2. On my guestbook, which is now patched , I get the "admin loop" problem on all 2.2 guestbooks on my domain. I have tried the suggested fixes with no luck. They seem to pertain to issues related to an upgrade which I never did.

I would really like to avoid an upgrade, as I have read that it will remove the pics posted.

Any help would be much appreciated!

I think Carbonize has recommended that you use his password reset script to help resolve this problem. I'm pretty sure that it works with either 2.2 or 2.3.1

The admin loop happens when you upgrade your files from Advanced Guestbook 2.2 to 2.3.1. To fix it download www.carbonize.co.uk/AG/upgrade.zip to upgrade your database tables but you will lose pictures. The alternative is to either apply the patch yourself or goto www.carbonize.co.uk/AG and download the pre patched file.

By login loop do you mean it logs you in but as soon as you click a link it logs you out?

BTW the site you mention had three hacked entries one of which took you to a fake Yahoo login screen which i have now reported.

By login loop do you mean it logs you in but as soon as you click a link it logs you out?

Yes, this is exactly what the problem is.

The admin loop happens when you upgrade your files from Advanced Guestbook 2.2 to 2.3.1.

To my knowledge, I never upgraded. Only after the hack did I notice this problem. I guess that means he brought this on?

The alternative is to either apply the patch yourself or goto www.carbonize.co.uk/AG and download the pre patched file.

I am assuming that using this alternative (2.2 to 2.3.1 Database Upgrade Script) will also not bring the pictures in?

I think Carbonize has recommended that you use his password reset script to help resolve this problem.

I am also assuming this is incorrect.

BTW the site you mention had three hacked entries one of which took you to a fake Yahoo login screen which i have now reported.

Very cool, thanks for reporting! He goes by (and apparently answers to) the email net_devil@hackermail.com. All of his hacks are somehow updated daily on the list on this website: http://www.zone-h.org/en/defacements/filter/filter_defacer=nEt%5EDeViL/page=2/.

Thanks again for the help!

bigcheez you might want to fix the mysql exploit in your guestbook. Anyone can login as admin. Ps I also reset your login and password to the defaults since the new hacker reset them.

I updated session.class.php. I tried the sql injection and it didn't work for me. And my username and pass is not default.

How did you login as admin? And if you did, don't you get the login loop problem?

If any info is private, please email bigcheez at my web site. Thanks!

Ps I also reset your login and password to the defaults since the new hacker reset them.

My apoligies, I didn't see your edit on this

contact me via msn or yahoo and no i didnt get the login loop. And the password reset script has nothing to do with fixing the mysql exploit.

Sorry for my confusion here, but I did not notice a change in Login info. Were you meaning you reset my username and pass to test 123?

Any further private info, please email.

Thanks again.

yes No email just fix the exploit with carbs download.

Sorry fell asleep and missed all this. You get it sorted now?

Carbonize wrote:Sorry fell asleep and missed all this. You get it sorted now?

Yes and no. Your password reset scipt isnt working for him.

Well they have obviously patched as I canot login to http://madbeats.com/guestbook/ using the exploit. As for my password reset script it should work just fine as there is nothing complicated about it. Email me a copy of your session.class.php file from your lib folder.

You have not run my upgrade script at any point have you? As you are running 2.2 this may be the reason.

I sent an email w/ attachment to webmaster at carbonize . co . uk.

Thanks guys!!

lol thanks for the antispam method of posting my email address but my address is posted in some many places it's far to late to stop the spam. Good job I have a decent spam filter

Anyway your email has been answered.