| Author |
Message |
micah
Hangin' Around
Joined: May 25, 2006
Posts: 40
|
 Posted:
Wed Dec 05, 2007 11:13 pm |
 
|
Hi there.
I have ravennuke 2.20.01 installed on my site wowhockey.com
Since installing it on November 25 my site has been hacked a few times and new folders have been created in which phishing sites have been set up. I do have Sentinel installed. Any help would be very, very appreciated.
Could anyone please advise help or test to ensure that sentinel is working properly.
Thanks,
micah |
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Wed Dec 05, 2007 11:51 pm |
|
First thing to check is access logs to determine how they got in. If you know the date and time of the incident, it should be quick to find. If Sentinel isn't going off, then your settings may be down or not working correctly. They could have gotten into other scripts that aren't phpNuke related. |
|
|
|
|
micah
Hangin' Around
Joined: May 25, 2006
Posts: 40
|
| Posted:
Thu Dec 06, 2007 8:37 am |
|
I will check the access logs to see if I can figure out how they got in. Can you please test to see that sentinel is working ok on my site. It wold be appreciated.
Thansk againAQ
Micah |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9133
Location: Arizona
|
| Posted:
Thu Dec 06, 2007 10:02 am |
|
micah, although it is good to think of NukeSentinel as it can, at times, be the only protection that you may have for third-party scripts that you add to your site. However, THE most important thing to keep in mind is your site is only as good as its weakest link.
The usual culprits of hacks these days are really anything that allows file uploading, such as:
> Gallery / photo album
> Forum attachment mods
> Some chat programs
> and other file upload tools
I would first look for references to those scripts. |
|
|
|
|
|
slackervaara
Worker
Joined: Aug 26, 2007
Posts: 234
|
| Posted:
Thu Dec 06, 2007 10:14 am |
|
You can look on your site the date and time the new folders have been created. Then look in the access logs for that time to see how they made it. |
|
|
|
|
|
micah
Hangin' Around
Joined: May 25, 2006
Posts: 40
|
| Posted:
Thu Dec 06, 2007 12:50 pm |
|
Thanks for the tips.
Micah |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Thu Dec 06, 2007 6:36 pm |
|
Have a link to your site? |
|
|
|
|
|
micah
Hangin' Around
Joined: May 25, 2006
Posts: 40
|
| Posted:
Thu Dec 06, 2007 8:39 pm |
|
Hey yes ... my site is
Thanks |
|
|
|
|
|
micah
Hangin' Around
Joined: May 25, 2006
Posts: 40
|
| Posted:
Thu Dec 06, 2007 8:50 pm |
|
This is one of the files that i pull ed from my log
hmmmm.
Micah |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Thu Dec 06, 2007 11:07 pm |
|
I see your Forums admin is secured. It should not be affected (if you had this protection on during the time of the attack)
I don't see any obvious vulnerability, but I haven't tried many attacks. One did set off Sentinel and send me to cnn.com, banning me from the server in the process. |
|
|
|
|
|
micah
Hangin' Around
Joined: May 25, 2006
Posts: 40
|
| Posted:
Fri Dec 07, 2007 8:13 am |
|
Thanks for having a test/look evaders99
Again everyones help is appreciated.
Micah |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
