Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

I was hacked tonight
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
glidergirl
Hangin' Around



Joined: Feb 28, 2004
Posts: 35
Location: Kentucky
PostPosted: Thu May 20, 2004 10:53 pm Reply with quote
All they did was replace my opening message to this:

<h1> hahuahuahuha Admin Lammer !!!!!!!
hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!hahuahuahuha Admin Lammer !!!!!!!

contact [ Only registered users can see links on this board! Get registered or login! ]

Wow -- is it really easy to hack this program, or is there something I can do to prevent this happening again?

Raven, I have the hack script, right? I'm just a little perplexed, and want to keep the college students out on summer break from causing havoc to my site! What do I need to do?

Slightly panicked,
 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
glidergirl
PostPosted: Thu May 20, 2004 11:57 pm Reply with quote
I've been reading here since my initial panic earlier, and it seems like others here have run into this hacker. I just realized he (guess that was sexist -- he or she) has made him/herself a GodAdmin along with me.

How do I ban this set of IPs? (I don't mind banning all 200.xxx.xx for now). How can I do it while the person is a God Admin?
How do I remove this person from BEING a God Admin?
How can I best protect myself from future intrusions, which could be more malicious?

It took a whopping 10 minutes for 5 files to be altered...that I know of.

Any help would be greatly appreciated!


Last edited by glidergirl on Fri May 21, 2004 12:21 am; edited 1 time in total 
chatserv
Member Emeritus



Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico
PostPosted: Thu May 20, 2004 11:58 pm Reply with quote
Aside from the hack alert script what other security pack do you have? what add-ons do you use at your site? contact your webhost provider and have them send you the site's access.log
 
View user's profile Send private message Visit poster's website
glidergirl
PostPosted: Fri May 21, 2004 12:20 am Reply with quote
Raven installed my phpNuke, along with his add-ons. I don't have anything other than that -- coppermine is there, but I've never activated it. The rest is the standard phpNuke. It's a fairly recent release -- 7.3, I think.

My technical know-how is limited (obviously!).

Do I have hacker alert? I'm not really sure. What will the access log tell me that I can't find out from the IP tracking? What am I looking for with the access log?
 
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Fri May 21, 2004 5:36 am Reply with quote
GG,

I replied to your email. email me your login stuff for your site, ftp, and phpmyadmin. Then, rename admin.php to somehting that only you know until I can get to this later this morning. Use phpmyadmin and edit the nuke_authors table to delete any names you do not recognize.
 
View user's profile Send private message
Raven
PostPosted: Fri May 21, 2004 8:10 am Reply with quote
I have added the admin.php fix and the mainfile.php fix, and my hackalert script. Those were not installed when you set up your site, otherwise you would never have been hacked. Later today I will add the http auth. addon for an extra level of admin security Smile
 
glidergirl
PostPosted: Sat May 22, 2004 9:24 pm Reply with quote
A huge thanks to you, Raven and chatserv, for all the work you do making things secure for us! Thank you!
 
Raven
PostPosted: Sat May 22, 2004 10:03 pm Reply with quote
Wink
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©