Guestbook hackers

Forum Moderators: phranque

Message Too Old, No Replies

Guestbook hackers

janmccl

4:14 pm on Nov 25, 2002 (gmt 0)

I manage a small site for my church and it has a guestbook. Last week someone or someones - mostly casino sites - put comments on the guestbook with links to their sites. The problem is, that at the same time they erased some of the comments that were already on the guestbook.
How do they do that? I thought I was the only one with access to edit the guestbook.
I edited out the offensive links but I'm really baffled by this. This site has only been up for about 3 months.
Does anyone have any ideas?
Thanks,
Jan

DaveN

4:23 pm on Nov 25, 2002 (gmt 0)

It depends on what guestbook you are running.

on your guestbook add to the front page a statement about linking to other urls and google and that you have banned the goolebot with the robots.txt.

then ban google from you guestbook.

Daven

richlowe

5:18 pm on Nov 25, 2002 (gmt 0)

If you are using a common guestbook, it may be that the data is contained in text or other easy-to-read and modify files and the casinos simply referenced them and edited them. Not hard at all.

Dino_M

5:26 pm on Nov 25, 2002 (gmt 0)

How do these people find these guestbooks - I just typed guestbook into google and that bought up tons, do they have auto-mated ways of doing this?

oilman

5:39 pm on Nov 25, 2002 (gmt 0)

>>do they have auto-mated ways of doing this

the real professional spammers do. There are certain guestbooks with certain weaknesses. A homespun spider and some fancy programming takes care of the rest.

janmccl

9:33 pm on Nov 25, 2002 (gmt 0)

Richlow - I have a "common" guestbook - that is one furnished by my server. Is there some type of code I can put on the page to keep people from editing it? I'm not too smart so please be specific if there is such a code.
I didn't understand DaveN's post about banning Google from it. Why would I want to ban Google? Actually that might be a good idea if it would keep the hackers away. I suppose the site is on the list for hackers now, just as I am for every email spammer in the world.
Thanks for posting.
Jan

martinibuster

11:31 pm on Nov 25, 2002 (gmt 0)

One way to ban SE bots is to use a robots meta, with a noindex,nofollow. The major reason for spamming your guestbook is to get search engine visibility. If it's not being indexed, then that removes the spammer's motivation.

shelleycat

11:36 pm on Nov 25, 2002 (gmt 0)

Also by banning googlebot from those pages you remove any chance of having googole think you are linking to bad neighbourhoods. Google seems pretty smart about guestbooks, so the chances of this being a problem are fairly rare anyway, but it's easier to just not take the risk.

janmccl

2:57 am on Nov 26, 2002 (gmt 0)

Thanks so much for your suggestions. I will put a "noindex,nofollow" tag on the page and also make a robot text file which I had neglected to do.
I love this forum - its a very valuable resourse for clueless people like me.
Jan

martinibuster

4:10 am on Nov 26, 2002 (gmt 0)

Hi Jan,
Be sure when making your robots.txt that you only ban bots from your guestbook directory. You don't want to ban your entire site.

There's a good explanation on this here in WW as well as on Google's web site.

graywolf

9:17 pm on Nov 26, 2002 (gmt 0)

There is also an article on XSS and guestbook abuse here

[hotwired.lycos.com...]