Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
3rdschulz
Hangin' Around


Joined: May 19, 2006
Posts: 39

PostPosted: Tue Jun 13, 2006 5:24 pm Reply with quote

Hey, my website was hacked AGAIN for the 3rd time in past couple months! Only registered users can see links on this board! Get registered or login! can anyone help me out with this? I am not sure if this is right section or not but I seen another guy post here with same kind of issue.
I am pretty much a phpnuke noob.

running PNC 3.0.1

which came with nuke sentinal but I guess they got past it.
 
View user's profile Send private message
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Tue Jun 13, 2006 5:29 pm Reply with quote

well its easy to point at sentinel....but im pretty sure they used a backdoor provided by some addon....
But PNC...whats that?
 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Tue Jun 13, 2006 6:24 pm Reply with quote

Sorry to jump in hitwalker, but some additional questions that might help:

Are you running any addons that allow uploads (e.g. a photo gallery)?

Is your NukeSentinel current?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
3rdschulz
PostPosted: Tue Jun 13, 2006 9:47 pm Reply with quote

As far as I know sentinel is current. PNC is another nuke prog kinda like raven nuke and platnum nuke. I had vwar, latest version installed. Any ideas as to how to go about fixing this?

pnc info can be found here
Only registered users can see links on this board! Get registered or login!
 
hitwalker
PostPosted: Wed Jun 14, 2006 4:35 am Reply with quote

well vwar is very vunerable....
to help you its for the best if you tell us what kind of mods you have installed that might be opening doors....like kguske says...any gallery?
 
3rdschulz
PostPosted: Wed Jun 14, 2006 9:10 am Reply with quote

well I had v3 arcade, vwar with members roster, applications to join, and all other standard vwar features, I had a up and running ventrilo status block, a bf2 stat tracking block that got its info from bf2tracker.com I had phpbb forums, Nuke sentinal, paypal donations block, and really thats all I can think of. Other than that you can apply to be a member of the site and upload your own avatars and things I believe for the forum. Most of that is pretty standard stuff for gaming clan to have on there nuke site and no one elses is getting hit as much as mine.
 
hitwalker
PostPosted: Wed Jun 14, 2006 9:21 am Reply with quote

the vwar is mentioned before as it has vunerabilities.as far as i know of ...sentinel never lost any battle of hack attempts...
so these things are mostly caused by the website owners self..

and you should have dived into your stats,logs whatever to track down how they did it or from where...
if you dont fix this then you can only wait till the next time..
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed Jun 14, 2006 12:18 pm Reply with quote

If you did not install sentinel pl6 then you most likely got hacked by the phpbb admin exploit that has been going around.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
3rdschulz
PostPosted: Wed Jun 14, 2006 4:56 pm Reply with quote

Its possible I did not have the latest sentinel since I was running the version that came with PNC. everything in my cpanel appears to be fine....
 
3rdschulz
PostPosted: Fri Jun 23, 2006 12:36 pm Reply with quote

iVE BEEN HACKED YET AGAIN.....
 
3rdschulz
PostPosted: Fri Jun 23, 2006 12:58 pm Reply with quote

only now my sentinel wont even allow me to acsess anything in the admin phpnuke area
 
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Sat Jun 24, 2006 6:44 am Reply with quote

Please be more specific.
You can see the site as a normal user?
Can you actually log in as an admin (and not see any of the admin icons) or can you not log in at all as an admin?

If you cannot access the site all, compare the htaccess and config.php files on your site with those in your last back up to see if there are any obvious anomolies.
 
View user's profile Send private message Send e-mail
3rdschulz
PostPosted: Sat Jun 24, 2006 11:57 am Reply with quote

ok well while working on this I delted the god account in phpmyadmin. How do I create a new god account? I tryed logging in under other super user accounts and I see no phpnuke admin icons, just th elog out button.

I have tryed this with no luck so far Only registered users can see links on this board! Get registered or login!

Does anyone know how to create a new "god" account in phpmyadmin?
 
Guardian2003
PostPosted: Sat Jun 24, 2006 12:21 pm Reply with quote

^^^^^^^^^^^^^^^^^^^^^^^
 
kguske
PostPosted: Sat Jun 24, 2006 4:58 pm Reply with quote

What happened when you tried that?
 
3rdschulz
PostPosted: Sat Jun 24, 2006 5:49 pm Reply with quote

tried what?
 
kguske
PostPosted: Sat Jun 24, 2006 7:15 pm Reply with quote

Tried to access your admin...
 
3rdschulz
PostPosted: Sat Jun 24, 2006 8:22 pm Reply with quote

The account has been deleted in phpmyadmin It wont allow me to login to access my admin because god admin hsa been deleted. My superusers no longer work for access since then either
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Sat Jun 24, 2006 11:41 pm Reply with quote

go into phpmyadmin..then click insert...and itll bring u to a page...fill all the info out

the only thing extra is to make it set ur password function to md5 before u hit save

easiest thing would be a screenshot...heres one for u:

MAKE aid God
then name ur username.


fill out all info:
Image

Set your password function to MD5:
Image
Remember your password as you will not know what it is through phpmyadmin.

Now hit go or save.
this will make a new god admin account.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
3rdschulz
PostPosted: Sat Jun 24, 2006 11:56 pm Reply with quote

ok followed your example exactly exceptI did not have a radminsuper box to enter the value one. when i try to login to ........admin.php I enter my username and password along with my number code and it dosent work
 
gregexp
PostPosted: Sun Jun 25, 2006 12:04 am Reply with quote

ok this is probably due to the fact that u dont have the radminsuperuser...u sure u saved ur password in md5?

also this is not right to have no radminsuper in any authors table ive ever seen.

I maybe wrong here but it should be there and if it isnt then we may need to remake the table.

what version of nuke are you currently running?
 
3rdschulz
PostPosted: Sun Jun 25, 2006 12:08 am Reply with quote

PNC 3.0.1

u want me to take a screenie?
 
gregexp
PostPosted: Sun Jun 25, 2006 12:08 am Reply with quote

also try this one more time but dont put anything into the fields of counter radminsuper and adminlanguage.
 
gregexp
PostPosted: Sun Jun 25, 2006 12:23 am Reply with quote

CREATE TABLE nuke_authors` (
`aid` varchar(25) NOT NULL default '',
`name` varchar(50) default NULL,
`url` varchar(255) NOT NULL default '',
`email` varchar(255) NOT NULL default '',
`pwd` varchar(40) default NULL,
`counter` int(11) NOT NULL default '0',
`radminsuper` tinyint(1) NOT NULL default '1',
`admlanguage` varchar(30) NOT NULL default '',
`radminblocker` tinyint(2) NOT NULL default '0',
PRIMARY KEY (`aid`),
KEY `aid` (`aid`)
) TYPE=MyISAM;");

this is the mysql query u need to run to rebuild ur authors table...as u can see its got radminsuper in it

This is from the pnc 3.0.1 installer.

change the nuke_authors to whatever prefix u uselike test_authors or whatever it may be.
 
3rdschulz
PostPosted: Sun Jun 25, 2006 12:26 am Reply with quote

Only registered users can see links on this board! Get registered or login!


then I tryed tp change the pass tp md5 hash for Password still no luck

Only registered users can see links on this board! Get registered or login!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©