Latest posts for the topic "My guestbook version 2.4.3 has been hacked"

My guestbook version 2.4.3 has been hacked

mexstud — GMT

Is there any fix or tip to avoif this? I've already reuploaded all files, changed username and password, but nothing changed. When try to delete entries or even see the guestbook, a black page shows up. I am trying to avoid deleting the database in the host since it means the loss of all the info. Any advise??

I've been checking other posts and applied the solutions I've found, like disabling HTML, but all remains the same.

http://www.casapatzcuaro.com.mx/gbook/

Carbonize — GMT

Either you had HTML enabled or they managed to login to your admin and posted

Either login to phpMyAdmin to delete it or use a web browser like Opera or Firefox where you can disable meta refreshes while you delete it.

mexstud — GMT

Finally I was able to delete de hacked post, changed username and password and all is normal again. I think they did as you say since I left the generic user and pass. Never will do so again!

Thanks!!

Hoe To Get to myPHPAdmin?

steveg — GMT

Hello, Carbonize

Apologies for my ignorance, but my GB was hacked the same, and trying (desperatedly) to fix.

How do I get to 'myPHPAdmin'?

Thanks!

Steve Gillespie
Memphis, Tn (USA)

Carbonize — GMT

phpMyAdmin is something your host usually provides if they are running cPanel. If you wish I can go into your guestbooks admin and delete the post for you.

Yes, that would be great!

steveg — GMT

Yes, that would be great!

Whtat do you need?

sg

Carbonize — GMT

Just email me the url and your login details to webmaster@carbonize.co.uk

Done

steveg — GMT

OK, you should get an email from me, at work. Many thanks!

Steve G

Super! - it's fixed!!

steveg — GMT

Many, many thanks, Carbonize!

If I get hacked again, I will check into your Lazurus GB.

Steve G.
FedEx

Carbonize — GMT

You weren't hacked as such it's just that if you tell AG to allow HTML then it allows ALL HTML including nasty stuff.

html off always?

raymmmondo — GMT

so we should not have html enabled in advanced guestbook 2.4.3?

thanksalot

BTW, thanksalot, Carbonize

raymmmondo — GMT

I had this problem, too.

(And that's how I found this forum.)

I had been thinking that I'd have to d/l (ftp) the database and open it in another non-web s/w app. and then I would be able to delete the offending record (which re-directed my page to somewhere in Russia!).

But the keywords "(disabling) meta refresh" rang a bell and then I could just delete that record using the Easy Admin function.

now that I think of it...

raymmmondo — GMT

... I never got a notice of the addition of a new "comment" in the guestbook.

The point of a guestbook is to allow comments from the public.

The s/w has the anti-robot letter-code that a human has to type in, so that's cool.

I thought now, that, because I allow html, that somebody could easily put a re-direct on the page.

But now I'm wondering, "How hacked WAS my guestbook/site?"

itsnotme — GMT

My Guestbook has been hacked too,they changed the password for the administration.
I have access to phpmyadmin,so in which table is the password stored?
I don't want to delete it,there are a lot of entries.

Carbonize — GMT

It's in book_auth. 2.4.3 has a script to reset the password though. It is found inthe misc folder but I can't remember what it's called.

itsnotme — GMT

Hello again,

i found the table book_auth.Now all i have to do,is to change the password, right?Wanted to be sure,because the pass seems to be encrypted "2e3bf74742005f64".

I think it's version 2.3.x ,i made it with your carbonize script.

Carbonize — GMT

Try my reset script from www.carbonize.co.uk/AG or click the FAQ at http://lazarus.carbonize.co.uk

itsnotme — GMT

It worked.Thank you.

jalmz — GMT

guys try to use lazaruz guestbook by carbz

Carbonize — GMT

I doubt they got in through 2.4.3.

To change the password of your guestbook

mexstud — GMT

Go to www.yoursite.com/guestbook/misc/forget_pass

There you will be asked for the name and password of the database used by your guestbook, and after that you will be able to enter a new password.

Something I don't understand anyway, is how to block ip´s like 087206213221 or some others that use only five numbers like 345-89.pl. One of my guestbooks is being hacked by owners of those kind of ip´s and it seems not to be possible to block them to put silly things at the book. But all of them comes from .pl (poland?)

Carbonize — GMT

AG just stored the hostname which I've always thought was stupid. It was one of the first things I changed for Lazarus.

Anyway try http://whois.domaintools.com to get the ip from the hostname.

Feestgrot — GMT

Hello Everybody,

My guestbook (version 2.4.3.) also receives spam messages. I reinstalled the script, do not use the standard login and password and refuse html in the markup of the messages. Ofcourse this version includes the robot-check by using the image with a code that is needed before you can publish a new message.

Does anybody know how I can resolve this?

Thank you in advance.

Hacking

karenbee — GMT

Hi
I have just registered as I have been hacked twice now but only have 2.4.2. I am using Dataflame as my host and I do not know very mcuh about all of this and they loaded the Guestbook onto my site in the first place. Each time they have sorted the problem but yesterday I got 6 spam entries - all the same except the name. Dataflame suggested upgrading the Guestbook, but by the look of all these entries, that will not help! Any suggestions that an amatuer could deal with?

Carbonize — GMT

You have captcha enabled?

You should all be on the latest version.

karenbee — GMT

I assume captcha is where you have have to copy the letters that appear in the box? This seems to be there automaticially and I can't see anywhere in my settings where it allows me to turn it on or off. Actually Dataflame have now installed the 2.4.3 version although it is not entirely working as the emoticons/ pictures are not appearing!

Carbonize — GMT

Open config.inc.php and edit the base_url.

karenbee — GMT

Oh dear -I wish I knew what you meany by that! Or where to find it. Is that what captcha is then?

karenbee — GMT

I have found where it says captcha.php on the LHS and there is a load of code on the RHS.

Carbonize — GMT

There is a line marked

$base_url = '';

Put your guestbooks url between the '

karenbee — GMT

OK - I have found that. It says
[base_url]/image.php?id=$VARS[gbtoken]"
So i understand what to insert in between the '', but please could you explain what I am doing before I do this!
On add an entry, the letters come up that a user has to copy already. I looked up 'captcha' and it seems that it what it is. So if it already working, do I still need to do what you suggest, or is there another benefit?
thanks

Carbonize — GMT

That's definitely no right. Your config file appears to have gotten messed up. Can you email it to me? Either use the forums email system or send it to webmaster@carbonize.co.uk