guestbook empty after a day or 2
jazzy wrote: similar problem has just happened to my guestbook all entries deleted? I set my own username and password in the settings.
What is most likely happening is that someone is guessing your username and password. There is no way for the script to wipe itself out unless someone tells it to delete all the entries manually.
DigiOz Webmaster
www.digioz.com
Please Log in or Create an account to join the conversation.
- admin
- Visitor
mismas wrote: hey guys,
i installed guestbook v 1.7.1. everything is peachy except that after a day or 2 any messages left dissapear. the list.txt is just completely empty. anybody has an idea how this is possible?
cheers,
mis.
A new version of the guestbook (Version 1.7.2) has been released which fixes some browser input validation issues. This will most likely fix your issue as well. I recommend that you download and install the new files. Files changed in this release are:
* admin/delete.php
* admin/delete_process.php
* admin/view.php
To upgrade from version 1.7.1 to this version, simply replace the old version of the above 3 files with the new files. Let us know if this fixes your problem.
Please Log in or Create an account to join the conversation.
just upgrading to the latest version to see if it fixes things?
Please Log in or Create an account to join the conversation.
There are really some sick minds out there, probably a frustated spammer.
What were these browser input validation issues?
Please Log in or Create an account to join the conversation.
NOmad wrote: Same here, all entries deleted Password was set.
There are really some sick minds out there, probably a frustated spammer.
What were these browser input validation issues?
It was browser parameter validation issues. Here is the diffs on all 3 pages:
delete.php DIFF
delete_process.php DIFF
view.php DIFF
Granted you would have to hijack an admin session first to be able to do anything with the above, but technically it can be done (if someone doesn't have anything better to do and sits at a computer all day, trying to take over an admin session).
You could also password protect the admin directory with a ".htaccess" file to make 100% sure no one gets in unless they have that username and password. But try to bug fix and let me know if it helps first.[/b]
DigiOz Webmaster
www.digioz.com
Please Log in or Create an account to join the conversation.
The entries were deleted yesterday, and I didn't have an admin session open for weeks.
I replaced the 3 files and will tell you if it happens again.
Please Log in or Create an account to join the conversation.