[x] Navigation

[x] Languages

[x] Design
Each user can view the site with a different theme.
Themes marked with a * also change the forum look.

[x] Downloads (Top)

Guestbook4U hacked ?
aktuelle version : 1.0.0.1 von klas
Neues Thema eröffnen    Neue Antwort erstellen    Druckversion     Foren-Übersicht ›  Guestbook 4U

Vorheriges Thema anzeigen :: Nächstes Thema anzeigen  
Autor Nachricht
Francis
Investigator
Investigator

Offline Offline
Dabei seit: Apr 01, 2006
Beiträge: 2

BeitragVerfasst am: 01.04.2006 11:13
Titel: Guestbook4U hacked ?

Hey all,

I have 2 sites running Dragonfly 9.0.6.1 with Guestbook4U v 0.9.
On BOTH sites new entries were made in the Guestbook on 1 April 2006 (!!!) via "Anonymous".
As admin I receive an email confirmation with the code in it, which I will not publish here. In can hower pm it if you want.

If I go to the Guestbook, it is displayed as normal,
BUT,
an automatic link is activate to www.rapmedia.org/

This might be entended as a joke (?) but how could this be done ???

And how can this be prevented ? Is there some leak in security ?

(am I the only victim of this bad joke ?)

Francis


Francis please enter your server specs in your user profile! traurig
Nach oben
Benutzer-Profile anzeigen Website dieses Benutzers besuchen
Poldi
Moderator
Moderator

Offline Offline
Dabei seit: Nov 14, 2004
Beiträge: 705

BeitragVerfasst am: 01.04.2006 12:09
Titel: Re: Guestbook4U hacked ?

Hi ...

You forgot to deactivate the BB-Code, and someone simply planted a flash-file in your GB
(with[flash])which directs browsers to rapmedia.org ...

Simply deactivate BB-Code in the future ...

and yes, the guy must have been quite busy, he also did it at one of my sites ...
(maybe he tried all 6, but only at one I forgot to deactivate BB-Code lachen )

_________________
gG,
Poldi
www.green-dragon.de (Dragonfly 9.2.1)
www.tampones.de (Dragonfly 9.2.1)
www.bfg-deggendorf.de (Dragonfly 9.2.1)
www.sexy-goths.de (Dragonfly 9.1.2.1)
www.gig-hunter.de (deceased)
www.green-dragon.net (Dragonfly CVS ... Testseite)

Poldi's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.37/4.0.27-5.0.18/4.4.9-5.2.1/9.1.0.0-9.2.1
Nach oben
Benutzer-Profile anzeigen Website dieses Benutzers besuchen
Francis
Investigator
Investigator

Offline Offline
Dabei seit: Apr 01, 2006
Beiträge: 2

BeitragVerfasst am: 01.04.2006 15:07
Titel: Re: Guestbook4U hacked ?

I already deactivated NBB in GB.

Still it is strange that if that code is posted in a forum using the qoute tag, the code is active and if posted using the php quote tag, the code is NOT active.

So the qoute tag does not filter the flash tag, maybe something for a new update ... lachen

Thanks

Francis


Francis please enter your server specs in your user profile! traurig
Nach oben
Benutzer-Profile anzeigen Website dieses Benutzers besuchen
Poldi
Moderator
Moderator

Offline Offline
Dabei seit: Nov 14, 2004
Beiträge: 705

BeitragVerfasst am: 01.04.2006 20:20
Titel: Re: Guestbook4U hacked ?

Francis wrote:
I already deactivated NBB in GB.

Still it is strange that if that code is posted in a forum using the qoute tag, the code is active and if posted using the php quote tag, the code is NOT active.

So the qoute tag does not filter the flash tag, maybe something for a new update ... lachen

Thanks

Francis

Well, the normal quote tag should not alter NBB tags, that would destroy the looks of the original post (no smilies, no textsize or colors) ...
on the other hand, the code, or here php tag was designed to prevent posted code from messing up the forum, so, that´s ok.

BUT, as I already requested at dragonflycms.org, the flash tag should be removed (via includes/nbbcode.php) ...

_________________
gG,
Poldi
www.green-dragon.de (Dragonfly 9.2.1)
www.tampones.de (Dragonfly 9.2.1)
www.bfg-deggendorf.de (Dragonfly 9.2.1)
www.sexy-goths.de (Dragonfly 9.1.2.1)
www.gig-hunter.de (deceased)
www.green-dragon.net (Dragonfly CVS ... Testseite)

Poldi's server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS)
Linux/1.3.37/4.0.27-5.0.18/4.4.9-5.2.1/9.1.0.0-9.2.1
Nach oben
Benutzer-Profile anzeigen Website dieses Benutzers besuchen
Beiträge der letzten Zeit anzeigen:   
Neues Thema eröffnen    Neue Antwort erstellen    Druckversion    Foren-Übersicht ›  Guestbook 4U
Seite 1 von 1
Alle Zeitangaben sind in GMT + 1 Stunden



Gehe zu:  


Du kannst keine Beiträge schreiben.
Du kannst auf Beiträge nicht antworten.
Du kannst Deine Beiträge nicht bearbeiten.
Du kannst Deine Beiträge nicht löschen.
Du kannst an Umfragen nicht mitmachen.
Du kannst keine Dateien anhängen.
Du kannst keine Dateien herunterladen.




Interactive software released under GNU GPL, Code Credits, Privacy Policy