[thelist] how did they hack my guestbook and who can I report them too.

[Niklaus Haldimann]

Lisa Frost wrote:
> I have a free dreambook guestbook on a personal site.
> 
> Some lovely person added a message which then refreshed the page and
> redirected my guestbook to www.irchat.tv
> 
> To sign the guest book you just fill in a form so how did they embed the
> refresh in the comments without it being seen on the screen.

Basically you can enter anything into a form field, also HTML tags such
as the meta tag used by your "hacker". Most guest book scripts do some
sort of tag filtering, like removing all but basic text formatting tags
(<b> <i> <a>). Obviously dreambook doesn't do that or at least it
doesn't filter meta tags. No way to work around it on your side. I'd
write directly to dreambook and ask them to add a filter - or choose
another guest book service.
 
> More importantly is there any chance I can track the culprit down and I also
> want to report irchat.tv.

Short answer: There's no way to track him down.

Long answer: The most dreambook could know about him is his browser and
his host IP. And even with that you're far from tracking him down. From
his host IP (if it's actually his real one) you could probably tell his
ISP and try contact them to help you out. But they will probably only
skim their logs for you if you're investigating a serious crime, if they
even have that ability.

--
Niklaus Haldimann
Frontend Engineer
R.Ø.S.A. Internet Concept and Creation
http://www.rosa.com