PDA

View Full Version : Guestbooks Altered


Andreas
11-16-2004, 06:29 AM
Dear guestbook owner,

Yesterday all guestbooks were altered to reflect the look and style of one single guestbook. This was not done by a hacker, but was due to an error in the system that in certain cases has allowed a single user to overwrite all guestbooks (messages were not affected).

Just to clarify a security concern: Your emails or passwords were never hacked or revealed to anyone, but overwritten to reflect the email and password of one single user.

Automatic backups of the systems are created frequently (both locally and on a separate server), and the database has been restored. Accounts created in the past few hours have been erased. The same is true for messages created in the same timespan.

I realize that this is totally unacceptable for you all and I am doing my best to figure out how this could happen. Although I previously announced that I thought I had solved this problem, this is obviously not the case.

If there are any PHP/MySQL security-wizards out there I would more than appreciated your assistance. There are only a few places in the guestbook system where an error such as this one can take place, as suchs I am very surprised that I have not yet found it, but still confident that a solution is not far away.

Feel free to contact me if you have any further questions, comments or concerns.

indeterminacy
11-16-2004, 07:43 AM
Maybe you can reconstruct what went wrong in some of the details I ran into yesterday. Last night, sometime before midnight CET I noticed a new guestbook entry "Love your blog..." or something. It linked to a site that didn't load. I searched google for the poster's name and discovered that it was some kind of spampost which had been seen before. I logged in and deleted the post. The guestbook was working fine. I could log in and I could delete the post. Some minutes later, not sure how long, I clicked back into my guestbook and noticed the changes. At that point I could not log in anymore.

Could the bug be connected in some way with a mass spam post preceding the overwrite?

Andreas
11-16-2004, 01:00 PM
A security hole dealing with user input have been found and corrected. This security flaw may have been the reason for the problems experienced lately.

To "indeterminacy": I do not believe mass spamming have caused this problem, but thanks for the suggestion.

D. Saunders
11-16-2004, 01:05 PM
Thanks, Andreas !!

Andreas
11-16-2004, 01:09 PM
Well, I guess I am the one who should say "Thanks" to you all for your patience... :rolleyes:

GreenEnvy
11-16-2004, 06:46 PM
Thanks for the explanation Andreas. Good luck in finding out what went wrong. I'm sorry to have been such a crabby person in the other thread. :rolleyes:

Hebertsite
11-17-2004, 11:58 PM
The same thing happened to me the day the problem occured, but a different post. Most of my posts are from people I know. We use it like a message board. But there was a post from a spammer who left a link to a porn website. I was logged in, deleted the post, then shortly thereafter I could not log back in. Probably just a coincedence but I thought I would let you know in case it could help you figure out the problem.
You're doing a great job Andreas. This does not happen often and is always resolved quickly. Keep up the good work.

Andreas
11-18-2004, 01:45 AM
Thanks for letting me know. I will try to figure out if this could have been related.