Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Website hacked..again
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Himmel
Regular
Regular



Joined: May 08, 2004
Posts: 77
PostPosted: Thu Oct 06, 2005 9:42 am Reply with quote
Yep, they did it again.
They couldnt access authors or the admin part.
But they did get in anyway and changed the "nuke_config" tabel. Via that table its showing a hacked tekst on the mainpage.

Any ideas how they get in? and how to prevent this?
Must say that im using an older phpnuke version with sentinel for that website, because i had plans quiting the website i never updated it (shame on me).
 
View user's profile Send private message
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088
PostPosted: Thu Oct 06, 2005 12:08 pm Reply with quote
Do you use Coppermine or any third party application that allows uploading of files? What version of NukeSentinel are you using?
 
View user's profile Send private message
Himmel
PostPosted: Thu Oct 06, 2005 1:31 pm Reply with quote
I did use Gallery and Sentinel was an older version (didnt update, thought that i would sell the website..). Cant check now.
Do you think that Gallery could be the problem?
 
Himmel
PostPosted: Sat Oct 08, 2005 6:10 am Reply with quote
Did fix/replace the table and website is ok now, but not online yet.
Need to update Sentinel and Gallery first...
Hope that will fix the problem, otherwise it will happen again i guess..Sad
 
Raven
PostPosted: Sat Oct 08, 2005 7:56 am Reply with quote
Himmel wrote:
I did use Gallery and Sentinel was an older version (didnt update, thought that i would sell the website..). Cant check now.
Do you think that Gallery could be the problem?
If you check bugtraq for Gallery exploits that may answer your question. Dependent on what release of Gallery you use there may have been a similar exploit. OTHO, when a table gets changed it can also be a result of XSS through the weblinks module or some other module that isn't secured with Chatserv's latest patches. Or, depnding on the release of NukeSentinel there could have been an exploit that was discovered and blocked in a later release. You need to carefully go through your server access logs from the day when this happened and see if you can find the access that was used.
 
Himmel
PostPosted: Mon Oct 10, 2005 9:04 am Reply with quote
Hi Raven, will update things asap. Cant reach any server logs, so after the updates we will see how things work out;)
Thx
 
djmaze
Subject Matter Expert



Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
PostPosted: Mon Oct 10, 2005 11:49 am Reply with quote
Raven wrote:
Do you use Coppermine or any third party application that allows uploading of files?


LMAO these days should that question just be:

Do you use any third party application that allows uploading of files?

After all a PoC keeps popping up much more these days that Coppermine is not the issue.
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©