 Since a few days I'm getting spam in my members' guestbooks all over the site. Filled with sexlinks ... very annoying and obviously a security issue.
Needs urgent attention.
I disabled all guestbook items but still my database is being filled every day with 3 full pages of spam. |
It looks a database hack, I got this spamming try's into a nother system I use every day. Kids first |
I know i have it but never figured out, what does a guestbook do thats different from email or friends list?
sec. I thought the new release 6.1.2 was hacker proof.
if your database is filling up, does this mean someone installed something on your site??
|
Thats possible yes...
Only things you can do is, that your site alway's use the newest updates of the scripts you are running. And that you server (if dedicated) has the newest software running. Kids first |
This problem has been discussed SEVERAL times...
The spammers aren't targeting Dolphin sites.. they have bots that scan the internet looking for a file named "guestbook.php" and then spam it. So it was probably a bad idea for Boonex to name the file that. The guestbook.php file is vulnerable in every version of Dolphin that is out. So there are two ways to fix the problem:
1. Delete guestbook.php and take it off the navagational menu.. do you really need profile comments AND a guest book?
2. Rename the file and then change the path in the navagational menu.
I did #1 because I really didn't need the guestbook anyway.
Mike http://www.makeasocialnetwork.com
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
I already removed all guestbook items, but in this case I'm also going to delete it from the script (and my database).
As mscott says : who needs a guestbook ?
But in this case I also thought the 6.1.2 script was hacker-proof :-) |
You able to disable guestbook using membership levels .. here are always such action |
Hey andrey,
I already disabled all guestbook actions using membership level but the fact is, that guestbook is still in the database. The spammer is posting directly in the database and in my opinion that's a nasty error in the script. Today I again deleted 120 messages :-( |
Annabel, did you delete the file "guestbook.php" from the dolphin directory? That file is how they are accessing the database.. and as long as it is there they can keep doing it even if you take it out of member actions and take it off the menu.
Just look in the directory dolphin is in and if "guestbook.php" is there delete it.
Now if you have already deleted that file and you are STILL getting guestbook spam we have a bigger problem :-)
Mike BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Thanks Mscott, I'll do that right away :-) |
