guestbook empty after a day or 2

More
16 years 11 months ago #717 by Pete

jazzy wrote: similar problem has just happened to my guestbook all entries deleted? I set my own username and password in the settings.


What is most likely happening is that someone is guessing your username and password. There is no way for the script to wipe itself out unless someone tells it to delete all the entries manually.

DigiOz Webmaster
www.digioz.com

Please Log in or Create an account to join the conversation.

  • admin
  • Visitor
  • Visitor
16 years 11 months ago #723 by admin
Replied by admin on topic guestbook empty after a day or 2

mismas wrote: hey guys,

i installed guestbook v 1.7.1. everything is peachy except that after a day or 2 any messages left dissapear. the list.txt is just completely empty. anybody has an idea how this is possible?

cheers,

mis.


A new version of the guestbook (Version 1.7.2) has been released which fixes some browser input validation issues. This will most likely fix your issue as well. I recommend that you download and install the new files. Files changed in this release are:


* admin/delete.php
* admin/delete_process.php
* admin/view.php

To upgrade from version 1.7.1 to this version, simply replace the old version of the above 3 files with the new files. Let us know if this fixes your problem.

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #724 by jazzy
just had entries deleted again even after a new username and password was implemented.
just upgrading to the latest version to see if it fixes things?

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #726 by NOmad
Same here, all entries deleted :cry: Password was set.
There are really some sick minds out there, probably a frustated spammer.
What were these browser input validation issues?

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #727 by Pete

NOmad wrote: Same here, all entries deleted :cry: Password was set.
There are really some sick minds out there, probably a frustated spammer.
What were these browser input validation issues?


It was browser parameter validation issues. Here is the diffs on all 3 pages:


delete.php DIFF

delete_process.php DIFF

view.php DIFF

Granted you would have to hijack an admin session first to be able to do anything with the above, but technically it can be done (if someone doesn't have anything better to do and sits at a computer all day, trying to take over an admin session).

You could also password protect the admin directory with a ".htaccess" file to make 100% sure no one gets in unless they have that username and password. But try to bug fix and let me know if it helps first.[/b]

DigiOz Webmaster
www.digioz.com

Please Log in or Create an account to join the conversation.

More
16 years 11 months ago #728 by NOmad
Thanks Pete.
The entries were deleted yesterday, and I didn't have an admin session open for weeks.
I replaced the 3 files and will tell you if it happens again.

Please Log in or Create an account to join the conversation.

Time to create page: 0.124 seconds
Powered by Kunena Forum