Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ARGH! How is my guestbook still getting spammed?

a guestbook can still get spammed if someone has a program that is written to find the page or file that has the function to post to the guestbook. spammers don't actually visit the pages to post spam feedback, they let a computer do it which doesn't ever look at the pages.
 
Might want to take a look at this page:

http://www.net-security.org/vuln.php?id=3408

There's a gaping security hole in the guestbook script you're using that gives anybody administrative access to it. Took me about 20 seconds with Google and guessing "admin.php" is where the admin entrypoint is to get full admin access, and I could now do anything I want to it.

I'll also mention that in many cases a poorly secured script can allow things to be posted to it from any page, not just a page on the same server. Meaning that anybody with a dummy page that posts its data to your script could, if it doesn't check, post to it, even if you've deleted an easy interface to it from your own site.

I'd look on the site that your script is from for a fix, or else just disable it.
 
Very good post Makosuke, just tried what he says and it really works :/. You should get that fixed asap. Don't worry, I didn't mess up anything.
 
Well, that's certainly a kick in the pants. I added a redirect as a temporary fix (since I don't have time to muck with it now).... that should be good for now, right? Anyone trying to access the guestbook directory will automatically get kicked back to the main page....
 
brianellisrules said:
... that should be good for now, right? Anyone trying to access the guestbook directory will automatically get kicked back to the main page....
Click to expand...
I expect it'd be hard to do anything with a directory if you can't view it, so the redirect should cover your rear for now.

Good luck getting it fixed eventually.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back