[thelist] how did they hack my guestbook and who can I report them too.

matthew.hallam at baesystems.com matthew.hallam at baesystems.com
Thu Apr 19 07:31:27 CDT 2001


there was some similar in latest issue of webreview about looking after web
database apps:
http://www.webreview.com/2001/04_13/developers/index02.shtml

HTH
matt

-----Original Message-----
From: Lisa Frost [mailto:lisa at koolfish.com]
Sent: 19 April 2001 11:43
To: the list
Subject: [thelist] how did they hack my guestbook and who can I report
them too.


I have a free dreambook guestbook on a personal site.

Some lovely person added a message which then refreshed the page and
redirected my guestbook to www.irchat.tv

When I looked at the page source they had written this:

<tr>
 <td width=30% align=left>E-mail address:</td>
 <td><a href="mailto:Buddd at hotmail.com">Buddd at hotmail.com</a></td>
</tr>

<tr>
 <td colspan=2>Comments: <meta http-equiv="refresh" content="1;
URL=http://www.irchat.tv"></td>
</tr>

I was able to remove it by removing the entry but even that was a pain as
when you went to dreambooks manage account, the delete entry page would also
refresh after just 1 second. I had to be very quick with the mouse on the
delete button!

To sign the guest book you just fill in a form so how did they embed the
refresh in the comments without it being seen on the screen.

More importantly is there any chance I can track the culprit down and I also
want to report irchat.tv.

I am not sure if this is OT or not so here is a tip:
<tip "type=DW4">
In layout view you can not click a table cell and drag it to a new position
with your cursor. To move the cell click on the border and use the arrow
keys. Holding shift whilst pressing the arrow keys will move it 5 pixels at
a time.
</tip>

Thank you

Lisa.


---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt ! 


**************************************************************************************

This email and any attachments are confidential to the intended 
recipient and may also be privileged. If you are not the intended 
recipient please delete it from your system and notify the sender 
immediately by telephoning +44(1252) 373232. You should not copy it or 
use it for any purpose nor disclose or distribute its contents to any 
other person.

**************************************************************************************





More information about the thelist mailing list