Author |
Message |
25/06/2005 19:38:29
|
Lobster
Newbie
Joined: 25/06/2005 19:22:30
Messages: 2
Offline
|
The guestbook installed here:
http://duestrade.it/vale_guestbook
Has been hacked (sigh... what a shame!), so after reading
the stickies I tried to upgrade to the latest version of
Advanced Guestbook.
To avoid loosing data I created a new guestbook here
http://www.duestrade.it/guestbook
1) I uploaded the .zip with the latest Advanced Guestbook
version and unzipped it;
2) I uploaded the upgrade.zip by Carbonize in the same directory and unzipped it;
3) I modified the first 4 lines of admin/config.inc.php to have them
equals to my dear old guestbook.
4) I went with my browser (firefox) to
http://www.duestrade.it/guestbook/upgrade.php
Everything worked well but now if I go to
http://www.duestrade.it/guestbook
I see the same exploitation. It seems that Carbonize's
upgrade.zip not only restored the old data but also the
hacker's job.
If I go to
http://www.duestrade.it/guestbook/admin.php
and I enter the right user/password pair I get into the
administration page but when I click on "easy admin"
I still get the hacked page.
I really don't know what else to do. Any suggestion?
Bye,
Lobster
|
|
25/06/2005 22:44:20
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
My script did not RESTORE anything. The post is still there because you never deleted it.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
25/06/2005 22:51:51
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
Also you ran the update script but you did not update your actual files. The point of the update script is to update the database ONCE you have updated your actual guestbook files.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
26/06/2005 18:18:51
|
jimbo
Newbie
Joined: 26/06/2005 18:01:34
Messages: 1
Offline
|
Hi,
I was very frustrated like yourself, with unwanted comments added to the ends of peoples' proper guestbook entries.
Texas Holdem and 24-hour-money loan crap was relentessly populating my guestbook pages.
Here is my solution (I'm using 2.3.2 of Advanced Guest Book):
1.) I went to my stats package for the site I'm the webmaster for and I looked at the REFERRING URL REPORT, which shows how people access any part of the the site.
2.) I noticed http://www.MYSITENAME.com/guestbook/comment.php?gb_id=33 along with other similar ones. When I tested that link, it became clear that that's how they were doing it.
3.) I then went into ADMINISTRATION of the guestbook and I did the following:
3A: I turned ON PASSWORD PROTECTION FOR COMMENT - and put in a different PASSWORD (don't leave the password COMMENT!)
3B: I changed the maximum length of a comment/guestbook entry, from 1,500 to 150.
3C: I changed the FLOOD TIME to 180 seconds. Which I think means that someone has to wait 3 minutes in between each addition.
So far, no surprises with unwanted entries. Although, if they do it again, I will just go back to my URL SITE REFERRAL REPORT in my stat package and see what they used to access the program. (They don't go in the front door.) I had been under the delusion that it was some fancy SQL-injection trick. And it wasn't. They were simply using the program, albeit, through specific commands that I could control through ADMINISTRATION.
Doing these things, means I get to keep using the AGB 2.3.1, which I like.
I hope you get to keep using yours, too.
|
|
26/06/2005 18:43:11
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
jimbo you are confusing spam with defacing. Lobster's problem was that someone had accessed his admin using the SQL injection exploit and edited an existing post. Posts edited via the admin are not subject to having the HTML removed and so they can post what they like. As for your problem with spam you can try my Human Verification mod to try and stop it. It's been successful for me so far.
I'm also wondering if you are not talking about referal spam which is a different matter. Referal spam is where they make a request to your site and spoof the refer. They do this as a lot of sites and blogs show the top refers as links and so they get their links on other peoples sites.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
27/06/2005 12:57:07
|
Lobster
Newbie
Joined: 25/06/2005 19:22:30
Messages: 2
Offline
|
Carbonize wrote:My script did not RESTORE anything. The post is still there because you never deleted it.
I thought they could have put something in the DB, this is way
I went to the "Easy Admin" page. I wanted to remove that blasted post.
I think the problem can only be solved by removing the post.
What should I do? Should I act as a DB administrator, to search
and destroy the bad post?
By the way, could you better explain what you mean in your second
reply? For instance, can you tell me at which point I went wrong
(I put numbers to identify the actions I performed during the upgrade)?
Bye,
Lobster
|
|
27/06/2005 15:56:47
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
You only ran my upgrade script but you did not do the actual upgrade of the guestbook but you have now. Give me your username and password (by email) and I will go in and delete the post for you.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
30/06/2005 09:40:14
|
roediej
Beginner
Joined: 30/06/2005 09:28:31
Messages: 6
Offline
|
Carbonize wrote:You only ran my upgrade script but you did not do the actual upgrade of the guestbook but you have now. Give me your username and password (by email) and I will go in and delete the post for you.
Where is that update script??
|
|
30/06/2005 11:52:15
|
Carbonize
Master
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
www.carbonize.co.uk/update.zip but it will not let you keep your uploaded photos YET.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|