How do I delete 5645 guestbook items?

Specific ones, approved, non-approved, specific dates, containing some text, or all?

all, see http://www.nr3.se

Oh, those spams are from EE 1.5 attacks.
If you have PHPmyADMIN or similar SQL tool, browse to your database and give SQL command

TRUNCATE TABLE ee_exhibition_feedback

that clears it all. But make sure you give the command for the correct database!

Thanks Pekka, the guestbook is empty now.

I have just started getting these attacks. Never had them before I recently posted a link to my website here.... Gonna delete that message now...

Paul

I have just started getting these attacks. Never had them before I recently posted a link to my website here.... Gonna delete that message now...
That's probably akin to shutting the stable door after the horse has bolted. The attackers already know the URL of your site and they'll keep attacking it.

What posting your site in the forums may have done is alerted the web spiders, like Googlebot, that your gallery exists, and I'm not sure that can be undone. I suspect many of the attacks are done starting from something like this (http://www.google.com/search?hl=en&q=%22Gallery+pages+created+by+Exhibit+Engine+1.5%2 2). There is evidence to suggest that there are machines deliberately hunting down EE based sites to attack. If the search engines were already aware of your site, then I suspect what happened was completely disconnected to posting your gallery URL in the forums.

Like with all software, you have to stay on top of the security patches. EE 2 is quite a major upgrade in some ways, but part of the reason behind it is security.


I can't remember if there's a specific mitigation for guestbook defacing under 1.5. If there is, you have a choice of installing the fix or upgrading to 2.01. If there isn't a fix for 1.5, then the fix is to upgrade to 2.01.


Whilst this bug forum may give the impression that EE 2 is buggy, the reality is that there's an upsurge of interest in squashing what, in many cases, are historic bugs. I've found and reported three bugs so far (all of which have the fixes incorporated in 2.01), and two of those three bugs were in code that dates back to 1.5 RC4 if not before.

I'm on the trail of at least one more bug (which is complex enough really to need a debugging environment that will need some time to set up - "blind" debugging of the metadata parser that's not working for me when I can't see the variables as it runs is very difficult), and that, too, is in code that dates back to 1.5 RC4 if not before.



David