Latest posts for the topic "Help, someone hacked into our guestbook"

Help, someone hacked into our guestbook

Anonymous — GMT

Big problems
Someone has hacked into our guestbook , does anybody know how to get rid of it
I can't get into the panels to delete this. Our adress is http://www.krambjornen.com. Look at guestbook.

Please, please can anybody help us I would be forever greatful

Anonymous — GMT

Yes, my guestbook was hacked into today - by the same people I guess.
They have inserted html into the last entry's comment field. You need to access the database directly and remove the code.

Anyone know how they did it and how it may be prevented?

JTD — GMT

[quote="Camilla"]Big problems
Someone has hacked into our guestbook , does anybody know how to get rid of it
I can't get into the panels to delete this. Our adress is http://www.krambjornen.com. Look at guestbook.

Please, please can anybody help us I would be forever greatful [/quote]

Your guestbook is now fixed. Do not renable html and please upgrade to version2.3.1 I have reset your login info to the default ones.

[quote="Graysbrooke"]Yes, my guestbook was hacked into today - by the same people I guess.
They have inserted html into the last entry's comment field. You need to access the database directly and remove the code.

Anyone know how they did it and how it may be prevented?[/quote]

Easy to fix if you had left a url to your book. The above advice goes for you also disable html and upgrade to version2.3.1

Anonymous — GMT

Me 2 http://d8ll.org/guestbookclosed/index.php

Carbonize — GMT

[quote="Anonymous"]Me 2 http://d8ll.org/guestbookclosed/index.php[/quote]
Fixed and you have an email I just sent.

Thanks

Anonymous — GMT

Thanks Dude!!!

Should I also upgrade to the new version!

Thanks!!!

Re: Thanks

JTD — GMT

[quote="Biggiek"]Thanks Dude!!!

Should I also upgrade to the new version!

Thanks!!![/quote]

Yes upgrade to version2.3.1

Thanks!!!

Anonymous — GMT

I just wanted to say thanks to Carbonize…
Thank god there are still some good people out there

Carbonize — GMT

There is no need to update to 2.3.1 if you are happy with 2.2. Just apply the patch and carry on as normal. Actually I should say patches.

thankyou

Anonymous — GMT

Can't say in words how grateful I am for your help, and I really agree with Biggiek, thankgood there are still some good people out there.
You are a real hero
I will follow your advice about upgrading and disable html, thanks for your tip

JTD — GMT

Hey no problem Camilla. I see you are a dog lover like i am. My Passion is GreatDanes.

Carbonize — GMT

[quote="JTD"]I see you are a dog lover like i am. My Passion is GreatDanes.[/quote]Well that could be taken the wrong way

JTD — GMT

Ok carb get your mind out of the gutter. And what could be taken wrong about that anyway.

Anonymous — GMT

Yes, a maniac about all animals but specially dogs, my real passion is with the newfies, but I do have a passion with danes too.
Even owned a black dane before we got into newfies

Carbonize; depends on how you choose to read it

Well many thanks to you both, thanks for you mail too carbonize, am about to answer it soon, just a bit busy right now

Anonymous — GMT

Oops, forgot to right my name

help

Anonymous — GMT

Dear Carb

You are the only our saviour, my guestbook was hacked too. Could you please advise what can be done to fix it.
Thanks.

my site: http://www.armens.info/patrick/

guestbook: http://www.armens.info/gd_book/

Carbonize — GMT

Post deleted and password changed to 123. I left the username as what it was Patrick. You need to patch your guestbook. Search this forum for advanced guestbook 2.2 exploit fix or visit my sites forum.

thanks

Anonymous — GMT

[quote="Carbonize"]Post deleted and password changed to 123. I left the username as what it was Patrick. You need to patch your guestbook. Search this forum for advanced guestbook 2.2 exploit fix or visit my sites forum.[/quote]

You are a star. Thanks a mill.

Hacker messing with my guestbook (and my head!)

Anonymous — GMT

You seem to be doing such a great job and I really need hel. Our fanclub guestbook was hacked by some jerk, he's been spamming for a couple of days now and has decided to get tougher and added his html file to the last entry. I have stopped the use of HTML code on the site, but can you delete his entry?

Then is that enough or is there something else I shoud do to prevent this happening again. You said earlier about not having to update to 2.3.1, just add the patches, I haven't a clue what that is all about, how to get them, how to add them. Can you send me info or direct me somehow? It's a non profit making club and members use the guestbook to keep in contact. Thank you so very much for any help you can give us.

www.rickynelson.co.uk/conversation

Re: Hacker messing with my guestbook (and my head!)

JTD — GMT

[quote="Ricky Fan"]You seem to be doing such a great job and I really need hel. Our fanclub guestbook was hacked by some jerk, he's been spamming for a couple of days now and has decided to get tougher and added his html file to the last entry. I have stopped the use of HTML code on the site, but can you delete his entry?

Then is that enough or is there something else I shoud do to prevent this happening again. You said earlier about not having to update to 2.3.1, just add the patches, I haven't a clue what that is all about, how to get them, how to add them. Can you send me info or direct me somehow? It's a non profit making club and members use the guestbook to keep in contact. Thank you so very much for any help you can give us.

www.rickynelson.co.uk/conversation[/quote]

Ok your guestbook is now fixed. I didnt see where they changed any of your login or passwords. Also here is the link for the guestbook upgrade and mods. http://proxy2.de/forum/viewtopic.php?t=3563

Anonymous — GMT

I don't know if I did this myself, but the hack seems to have gone in the 5 ins since I posted the above. If someone else did this in such a quick time, thanks! Can someone let me know if the problem will happen again. I checked my session.class.php file in lib and that has the right code. (The one about magic quotes. Is there somerhing else I should do.

JTD — GMT

Yes I fixed your guestbook lol. And posted the link for upgrading for you. And yes the problem will happen again untill you upgrade and patch it.

Anonymous — GMT

Thanks Carb, I was wondering how it all happened so quick!
Anyway, have now downloaded the gbookphp.zip opened it, changed the name from guestbook to conversation and overwrote the original conversationfolder using WSFTP pro. Then I downloaded your upgrade.php (No install.php in it, it's upgrade.php) I then overwrote taht with the upgrade on the conversation folder I just uploaded. When I go to:
http://www.rickynelson.co.uk/conversation/upgrade.php
I get the message:
Could not connect to MySQL because: Access denied for user: 'root@localhost' (Using password: NO)
What am I / have I done wrong?

Also the guestbook itself now shows a warning page.

Carbonize — GMT

You need to make sure the MySQL information in your config file is correct.

Anonymous — GMT

Have done that now, using the advice on:
http://proxy2.de/forum/viewtopic.php?t=3654

Still not geting very far. What might be the trouble do you think?

Carbonize — GMT

The upgrade script needs to be in the guestbook folder. It calls on the config file to get the details so it needs to be in the right location.

Anonymous — GMT

The upgrade.php is inside the conversation (guestbook) folder, it is directly below the admin folder.

When I click on the guestbook link this page comes up:

Warning: mysql_connect(): Access denied for user: 'j1manley@localhost' (Using password: YES) in /home/j1manley/public_html/conversation/lib/mysql.class.php on line 30
Connection Error
--------------------------------------------------------------------------------

MySQL Error : Connection Error
Error Number: 1045 Access denied for user: 'j1manley@localhost' (Using password: YES)
Date : Mon, January 24, 2005 18:53:15
IP : 194.46.90.202
Browser : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705)
Referer :
PHP Version : 4.3.10
OS : Linux
Server : Apache/1.3.33 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 PHP/4.3.10 FrontPage/5.0.2.2635 mod_ssl/2.8.22 OpenSSL/0.9.6b
Server Name : www.rickynelson.co.uk

Carbonize — GMT

Hmmmmmm my upgrade script should not have that effect, in fact it cannot have that effect. Check the details in the config file.

Anonymous — GMT

I'll do that tomorrow (It's 3.30 a.m. here) Thanks for your help, no doubt I'll be asking you for more help soon.

Carbonize — GMT

It's 04:23 here and I'm shattered. Currently contemplating typing up my resignation letter.

JTD — GMT

Ricky Fan Are you uploading the whole folder? Or just the files themselves. If you are uploading the whole folder then that is wrong. Just upload the files in the folder.

Anonymous — GMT

Yes I was uploading the whole folder. What's the difference between uploading the whole folder and only uploading the files contained within?

Are there only certain files that I should be uploading?

Thanks for taking the time.

Anonymous — GMT

Have now re-instated my old 2.2 guestbook, while I try to solve this problem.

Will upload a second copy of it uing WSFTPro. Call it conversation1

Then the gbookphp.zip that I downloaded, I open in WS... and select each individual file including those in the subfolders and overwrite the original 2.2 contents with them. Right?

Then I make sure that tmp and public fiolders are 777. Right?

Then I open admin folder and edit the admin/config.inc.php file as shown in the page: http://proxy2.de/forum/viewtopic.php?t=3654

So:
$GB_DB["dbName"] = "databasename";
$GB_DB["host"] = "localhost";
$GB_DB["user"] = "databaseusername";
$GB_DB["pass"] = "databasepassword";

Should be changed to:
$GB_DB["dbName"] = "conversation1";
$GB_DB["host"] = "localhost"; *Does this stays as localhost or do I type something here?*
$GB_DB["user"] = "my admin username goes here";
$GB_DB["pass"] = "my admin password goes here";

Then further down where it says:
$GB_PG["base_url"] = "http://www.yoursite.com/guestbook";
$DB_CLASS = "mysql.class.php";
$TEC_MAIL = "email@yoursite.com";
$GB_UPLOAD = "public";
$GB_TMP = "tmp";

This changes to:

$GB_PG["base_url"] = "http://www.rickynelson.co.uk/conversation1";
$DB_CLASS = "mysql.class.php";
$TEC_MAIL = "email@yoursite.com"; *Change this to my e-mail*
$GB_UPLOAD = "public";
$GB_TMP = "tmp";

Is that right or should I be entering the same details as on my previous 2.2 admin/config.inc.php file

I have tried both.

Then I either download upgrade.zip or install.zip (which one should I be using?) Then which ever one it is I overwrite that into the folder conversation1

Then I go to either
www.rickynelson.co.uk/conversation1/install.php

or

www.rickynelson.co.uk/conversation1/upgrade.php (which one)

And then follow instructions

I can get to an area in install.php where it askes me for the info needed and then there are two choices
Create Table

Create New DB Table

Is this right and if so which should I be clicking
(Neither work mind!)

I know I'm doing something wrong (possibly several)
It shouldn't be this difficult.
Have searched the forum but still stuck.
Thanks for your help

Carbonize — GMT

Why not stick with 2.2? would be a lot less hassle I think lol.

Anonymous — GMT

I am happy to do that, but my concern is the risk of getting hacked again.
I have disabled HTMl code, is that going to be enough do you think?

Carbonize — GMT

so long as you have applied my patch as well you will be fine.

Anonymous — GMT

I hate to say this, but...

No I haven't applied your patch, how do I do that and where can I get it.
A link to an answer would be fine as I hate to put you to even more trouble.

Carbonize — GMT

http://www.carbonize.co.uk/Board/viewtopic.php?t=20

It is also in this forum but I am trying to steer people away from here.

Anonymous — GMT

Hi I have done this,
Thanks so much for your help, both of you. Really did appreciate you holding my hand like this.

Fingers crossed all will be well now.

Anonymous — GMT

Sorry to write again, but I am now in an admin loop that I can't get out of. I seem to have a mixture of 2.2 and 2.3.1 files in my guestbook.
I have spent a couple of hours checking out the other posts, but no real joy. Any suggestions?
Besides shooting myself in the head?

can't logon

Anonymous — GMT

I have tried my password and user name to log onto admin section on my guest book and can not logon

I check the =
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$password = addslashes($password);
and that is in there,
some help would be nice if someone could point me in right direction to get this problem solves

http://www.countrymods.com/gb/index.php

webmaster at countrymods.com

JTD — GMT

http://proxy2.de/forum/viewtopic.php?t=3563

Anonymous — GMT

I still can't get in

I did install the password lock and added the line in the admin.php

Anonymous — GMT

got it

Anonymous — GMT

got it

Anonymous — GMT

Hello,
I have the same problem with my guestbook where I cannot log in and there is a message in the main page that i cannot get rid of. Can anyone help me?

I am aware that I need to install the new AG and install some patches, but is there something else that needs to be done before I do this?

my guestbook: http://www.moenia.com/foro/indexno.php

Thank you!

Carbonize — GMT

Ok I deleted the post. You need to edit your [b]lang/english.php[/b] file as there is a lot of space after the closing ?>. The only patch you really need to apply is http://www.carbonize.co.uk/Board/viewtopic.php?t=20

Anonymous — GMT

Hey Thanks!

One more thing, is there any way I can reset my password. The person that hacked in changed all my css.

Thanks again

Carbonize — GMT

www.carbonize.co.uk/reset.zip

Anonymous — GMT

Wow! That was fast! Thank you so much!

Same problem..

Anonymous — GMT

Hey,

I've tried to perform this fix for myself but I am just totally confused, I have a small site and the only scripting I've ever used is this one simple guestbook, which was recently hacked. Can someone perform the fix for me or give more detail exactly how it is fixed?

www.joshuareid.net/guestbook

I don't know where to look for the code that I have to replace..or something? Sorry to be so clueless...Thanks so much in advance, though!

-Josh

Carbonize — GMT

I deelted the post. You can find simple instructions on patching the exploit in my sites forum.

Anonymous — GMT

Carbonize,

Thanks so much for your help--It's very kind of you to take the time to help complete strangers!!

All my best,
Josh

using 2.3.1 and html disabled but still hacked

symidream — GMT

Hi
We are using version 2.3.1 and we have HTML code disabled but in the last two days we've had about 20 spams/hacks posted on the guestbook.

I noticed that AGCodes were enabled and have now disabled these. (Will that help?)

Any other ideas about how to stop casinoa, drug sellers and the like putting up the pointless messages?

www.symidream.com/guestbook/index.php

ET — GMT

THere are other posts on here about dealing with spam on the guestbook - run a search for those and the solutions offered.

me too

jakob — GMT

My guestbook was hacked as well.

Here is the link to my guestbook

http://www.suite108.com/cuedup_guestbook/

I will upgrade to 2.3.1.

btw I dont recall having turned html on in the old version.

Hope you can help, thanks

Jakob
suite108

TORB — GMT

It looks like there is a lot of this going around, I have just been hijacked by these ****** too.

If somone could help me and get rid of the hijack code, it would be very much appreciated. The site is [url]www.torbwine.com[/url] and there is a link to the guest book from there.

I get the message about not enabling html and the need to upgrade.

I also own a pet store so love animals. I have a Newfoundlander, a Golden Retriever, an obnoxious (tautology) Poodle, a Burmese, a Ragdoll and a Himalayan. Thats a full hose and i wont mention the large fish tank full of Discus.

Many thanks and cheers
Ric

ET — GMT

[quote="TORB"]It looks like there is a lot of this going around, I have just been hijacked by these ****** too. :cry:

If somone could help me and get rid of the hijack code, it would be very much appreciated. The site is [url]www.torbwine.com[/url] and there is a link to the guest book from there.
[/quote]

[code]

Monday, 24. January 2005 02:28 AM Host: cpe-66-74-100-229.dc.rr.com

[/code]

It is a basic redirect to gbytes.tk - can't you erase it by entering from the admin.php page? Or go into your MySQL tables and delete it from there.

TORB — GMT

ET,

Thanks for the quick response. The first thing I did was go into the Guest Book Admin page and delete the spam entry, that was when the script enabled and the hijacking started. As soon as I open the Easy Admin or Private Messages section, I am hijacked.

I am going to sound thick here, but where do I find the MYSQL Tables you refered to?

Many thanks
Ric

[b]EDIT[/b] Woopie, thanks ET, I found it and fixed it using the method you suggested. Surprised myself. I have disabled the html code too. Now all I have to do is update the program.

ET — GMT

[b]TORB writes:[/b]
[quote]As soon as I open the Easy Admin or Private Messages section, I am hijacked. [/quote]

Try this trick first - when you log into your admin page and click on the Easy Admin or the Private Messages - click on the "ESC" button a couple ot times - often times, this will disable the refresh feature and give you time to delete the actual entries.

If you still can't get it deleted from the admin page... you need to go into your website's control panel, find the link to your "MySQL Databases" and/or the link to phpMyAdmin - open the tables for the guestbook and browse through the data tables for the last few entries.

[i]Word of caution, be careful not to change anything in there or delete anything that needs to be there in the tables. [/i]

[b]Make certain to disable the HTML on your guestbook - when I visited, it said that HTML was enabled. [/b]

TORB — GMT

Thanks ET, all fixed and HTML is disabled.

Anonymous — GMT

Hi I just got hacked and I don't know how to fix this? Could you please help thanks!1
[url]www.that80shairband.com/guestbook[/url]

Angryjay — GMT

Hi I just got hacked and I don't know how to fix this? Could you please help thanks!1
www.that80shairband.com/guestbook

sorry about the double post.... i thought i was logged in...

Carbonize — GMT

Fixed and you have email.

Angryjay — GMT

Thanks but I have not received any email yet.

jason@that80shairband.com

Carbonize — GMT

I sent to webmaster@ will now send to jason@

Re: me too

JTD — GMT

[quote="jakob"]My guestbook was hacked as well.

Here is the link to my guestbook

http://www.suite108.com/cuedup_guestbook/

I will upgrade to 2.3.1.

btw I dont recall having turned html on in the old version.

Hope you can help, thanks

Jakob
suite108[/quote]

I fixed your guestbook and reset the login and password back to the default ones. Everybody that has posted about being hacked either needs to use carbs update script or update to the full version of GB. Or this will continue to happen.

How do you fix them?

Anonymous — GMT

It's completely cool that you can help people remove the posts that do the redirect. But, I have to ask, how the heck do you get in to delete them?? Could you just go to my guestbook and log in at will?

My guestbook was hacked this week, and my hosting provider deleted the offending post for me. But tonight I went to log into my cpanel (and also tried to FTP), and my password no longer works! Would this hacker have been able to do that??

Just curious, and naieve!

Jester

Re: How do you fix them?

Carbonize — GMT

[quote="Jester66"]It's completely cool that you can help people remove the posts that do the redirect. But, I have to ask, how the heck do you get in to delete them?? Could you just go to my guestbook and log in at will?

Just curious, and naieve!

Jester[/quote]
If you are running an unpatched version of Advanced Guestbook 2.2. yes we can log in at will.

JTD — GMT

And no for security reasons we wont post how on this board.

Auron — GMT

[quote="JTD"]And no for security reasons we wont post how on this board.[/quote]

We WILL post how to patch the exploit but, its in several threads already and well documented.

Carbonize — GMT

[quote="Auron"][quote="JTD"]And no for security reasons we wont post how on this board.[/quote]

We WILL post how to patch the exploit but, its in several threads already and well documented.[/quote]And I would sooner have people visit my forum for help as atleast we will have some control then.

Spammed and Hacked....HELP

Anonymous — GMT

http://www.viewedfromtheright.org/vftrguest/index.php

Dang it...and I've got the HTML disabled, but still I've removed about 50 spams in the past few days and they just keep coming back...the b*tch about it is the company is using the same software/script to post how to do it and make money...

Please help...I'm not sure how to get in and fix the script on my own...some savviness in the HTML world but not really up-to-date on scripts!

Thanks,
Deb
DragonLion Productions
Viewed From the Right, Management

Re: Spammed and Hacked....HELP

ET — GMT

[quote="dragonlionproductions"]http://www.viewedfromtheright.org/vftrguest/index.php

Dang it...and I've got the HTML disabled, but still I've removed about 50 spams in the past few days and they just keep coming back...the b*tch about it is the company is using the same software/script to post how to do it and make money...

Please help...I'm not sure how to get in and fix the script on my own...some savviness in the HTML world but not really up-to-date on scripts!

Thanks,
Deb
DragonLion Productions
Viewed From the Right, Management[/quote]

a temporary work-around for spam is to rename the directory of your guestbook and disallow google to search and index your guestbook and don't post your guestbook url in places like this forum (or edit the url out of the post once you have it fixed) - most of the spammer folks look for easy prey - 95% of the spammers use google to find guestbooks to spam.... As long as all the guestbook files stay intact in the directory that you rename, it should still work. (suggestion found on)
http://proxy2.de/forum/viewtopic.php?p=13712&highlight=#13712

Some other basic suggestions are here that don't require scripting knowledge...
http://proxy2.de/forum/viewtopic.php?p=13797&highlight=#13797

Or run a search on the board for dealing with spammers for other people's suggestions. There are a lot of ideas and good thinks