Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Tue Jan 25, 2005 5:45 am Reply with quote

ok he has sentinel but flash-for-nuke.de just got hacked.
but it is a bit suprising....

also getting the mail...

From: Owned! [ Only registered users can see links on this board! Get registered or login! ] just got hacced so you all want to see a real site wid all da shyte click dis!!!!! [ Only registered users can see links on this board! Get registered or login! ]

i know where they put the stuff in....
its probably in the Footer Messages.
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Tue Jan 25, 2005 7:58 am Reply with quote

Look for applications that allow uploading. Did he have httpauth turned on? I doubt it.
 
View user's profile Send private message
hitwalker







PostPosted: Tue Jan 25, 2005 8:22 am Reply with quote

well he's very slow on fixing it....
 
djmaze
Subject Matter Expert



Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv

PostPosted: Tue Jan 25, 2005 10:40 pm Reply with quote

His real website is [ Only registered users can see links on this board! Get registered or login! ]
and he has a "referers list" that is filled with his own domain ronnies-realm.3at-me.com/ which is just a entrance page.

I can spam his referers list with a different site if you want Laughing (or other bad things)

[edit]
His root is /home/eatme/public_html/ronnies-realm/
 
View user's profile Send private message Visit poster's website
sixonetonoffun
Spouse Contemplates Divorce



Joined: Jan 02, 2003
Posts: 2496

PostPosted: Tue Jan 25, 2005 11:14 pm Reply with quote

After 500kbs I got tired of waiting for his page to load. I consider it a text browsing site after that.

_________________
[b][size=5]openSUSE 11.4-x86 | Linux 2.6.37.1-1.2desktop i686 | KDE: 4.6.41>=4.7 | XFCE 4.8 | AMD Athlon(tm) XP 3000+ | MSI K7N2 Delta-L | 3GB Black Diamond DDR
| GeForce 6200@433Mhz 512MB | Xorg 1.9.3 | NVIDIA 270.30[/size:2b8 
View user's profile Send private message
djmaze







PostPosted: Wed Jan 26, 2005 8:50 am Reply with quote

And another got hacked [ Only registered users can see links on this board! Get registered or login! ]
 
sixonetonoffun







PostPosted: Wed Jan 26, 2005 9:53 am Reply with quote

Trying to find my Black Hat I know its around here somewhere...
 
kguske
Site Admin



Joined: Jun 04, 2004
Posts: 6432

PostPosted: Wed Jan 26, 2005 3:01 pm Reply with quote

See the updated thread that DJMaze posted. The hacked site wasn't using HTTP admin authentication. It is now...

_________________
I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
 
View user's profile Send private message
valkster
New Member
New Member



Joined: May 29, 2004
Posts: 5

PostPosted: Thu Jan 27, 2005 5:18 pm Reply with quote

Yep, these turds hacked my site [ Only registered users can see links on this board! Get registered or login! ] I had PHPnuke 7.2 and Sent 2.13 installed, it was hacked. Sent has always blocked attempts in the past, hundreds of them on my site. I though it was the old nuke so I went to 7.6 chatserv.

Setup the vanilla site and installed sent 2.13. Went upstairs to grab a bite to eat, came back downstairs and the site was hacked again, Andrew and Ronnie.

Have turned on HTTPauth w/CGIauth on the admin.php and problem has been solved so far. I wish i would have utilized this feature long ago, just never really figured it would be needed.

Looking at my RAW access logs I see they have been trying to hack me again with proxied IPs from Australia. Actually funny they try to access my admin.php get pissed off after awhile and try an authors attack and get nailed and banned by Sent.

I wish I would have caught the first attempt early enough before my RAW logs were updated but I did not. Whatever they are doing they can access the God password and take over the site and sent doesnt catch them. I guess this means everyone would need to utilize HTTPauth for the time being or be at risk.

Regards
 
View user's profile Send private message
Raven







PostPosted: Thu Jan 27, 2005 5:56 pm Reply with quote

I developed HTTPAuth for Nuke Sentinel when everyone was trying to add code here and there to try to catch all the possibles. That was a never ending job. So, I thought, well, if they can't get to it they can't hack it. Once again, necessity is the mother of invention Wink
 
PHrEEkie
Subject Matter Expert



Joined: Feb 23, 2004
Posts: 358

PostPosted: Thu Jan 27, 2005 9:35 pm Reply with quote

Once you have a server-side login setup, it's over for them. You can setup a frickin' Guest account in the author's table and email them the login... they still won't get in.

The only thing you need Sentinel for, then, is to stop them from injecting their banner into your news and such. That's what they're reduced to.. without access to admin.php to be able to login, a login is useless, and they can't do any real permanent damage with just injections. Which is again why it is so silly to rename admin.php. Leave it admin.php, make the God user Guest and the password Welcome. Let's see them crack the server-side password, which when I create them, exist behind the webroot where they are not readable by anyone but the owner.

One thing I'd like to caution new webmasters about is using the same MySQL password as your FTP/Control Panel login. NO NO NO!!! hehe The highlight exploit in phpBB 2.0.10 and below allowed hackers to view your config.php, where your user and password are in plain text. If this is also your FTP/Panel login, well, they now own your whole web filesystem.

Always make your MySQL user and password UNIQUE from everything else, and make it robust! Always use both lower and upper-case letters and numbers. A few weird characters like dashes can't hurt either.

ilikeicecream is not robust...
I--liKe-42-ICE-CreAM-9x is...

PHrEEk
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©