Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
aap
New Member
New Member


Joined: May 05, 2008
Posts: 6

PostPosted: Mon May 05, 2008 3:22 pm Reply with quote

I am some what new to PHP sites. I'm getting ready to launch my site soon: Only registered users can see links on this board! Get registered or login!. But, before I even have allot if any content on it; I have had several banned ips already from NS. How or what makes my site a target and what do the hackers gain out of it?
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Mon May 05, 2008 4:08 pm Reply with quote

Unfortunately the virgin phpNuke files are riddled with security issues and the community has been patching and fixing it with every release that was made. The author of phpNuke mostly ignored fixes given to him by the community and the odd time when fixes were included he gave no credit to the 'fixer', then dropped fixes from subsequent releases as well as creating even more problems.

With a reputation like that, it is a prime target for hackers/wannabe hackers. Most of the time they find sites by doing a simple Google search or use automated software to probe for vulnerabilities.
 
View user's profile Send private message Send e-mail
aap
PostPosted: Mon May 05, 2008 4:31 pm Reply with quote

Well, A friend of mine pointed me to your RN package and has stated that 7.6 is the most secure of the nuke. They have tried to attack me 30 times today alone. As long as NS post the bans that means they have been stopped correct? It looks as they are trying to get in my Forums DB which has no content.
 
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Mon May 05, 2008 4:51 pm Reply with quote

Just to be clear here, it isn't PHP they are targeting, it is PHP-Nuke. As Guardian2003 said, it is the known security holes in past versions that draws these script kiddies to your site like a moth to a flame. PHP-Nuke was very widely deployed in the past (is it now?) and it had holes you could drive a truck through thanks to the author's carelessness.

And yes, if NS bans them then they are stopped. That doesn't mean they won't try again from a different IP address. But after a while they will move onto another site that isn't patched.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon May 05, 2008 5:15 pm Reply with quote

If you look at your search statistics, you'll probably notice several popular search terms used by attackers:

powered by phpnuke
powered by php-nuke
powered by php-nuke
copyright phpnuke

etc.

They use this to identify the sites they want to attack, using known security holes found by someone else. Because this is the least creative type of attack, because they use automated scripts written by someone else, and because they tend to be young, these punks are disparagingly known as script kiddies. They target PHP-Nuke not only because it has known security holes, but a long history and a large number of sites using it.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon May 05, 2008 5:46 pm Reply with quote

Well, its not only PHP Nuke you will notice similar attacks with a Joomla installation or other CMS and also blogsoftware because they are using PHP. And beneed this there have been in the past security holes for the popular phpBB forum and many sites where hacked just because running old software.
You can´t run a PHP Nuke site without additional protection like NukeSentinel because the standard protection is not enough in my opinion.
 
View user's profile Send private message
kguske
PostPosted: Mon May 05, 2008 7:35 pm Reply with quote

Good point, Susann. You will even see attacks on non-PHP sites. It's pretty sad - most kiddies are just blanketing sites to see what sticks...
 
aap
PostPosted: Mon May 05, 2008 8:25 pm Reply with quote

Well from the time that I have posted here today I have been attacked and hacked to where now I cant login as a user nor the admin login. So I am using the latest RN and was getting ready to update NS to .17 and I have been highjacked. So were would the hole be to make this happen.

I have nothing againest Raven but I have a feeling they are feeding off of your members seeking help here. I had more traffic today after posting then the total of last week when I first installed RN.
 
kguske
PostPosted: Mon May 05, 2008 9:09 pm Reply with quote

Assuming "they" read this site, yes, posting your site's weaknesses and / or uncertainties here (or in any public forum) could certainly be compared to blood in shark-infested waters. But without any information about your site (e.g. what upgrades / addon modules you have, whether or not you have admin authentication working, whether or you use complex passwords, how your host has configured PHP and your webserver, and with no visibility to your access logs), it's very difficult to give you a specific answer. The bottom line is that we must all be vigilant about security - even if you use a secure base like RN, there are plenty of opportunities for weak links.

There are plenty of similar posts in the forums here, a la "How do I recover from an attack?" and "How do I prevent attacks?" Please search them for suggestions and answers from others. From experience (back in 2004, my sites were frequently attacked), I learned to follow the guidelines here. As some point, largely, but not completely, due to NukeSentinel and admin authentication, the attacks were no longer successful.

I'd suggest the following:
- disable any addons that allow uploading, even by members, unless you verify that it wasn't done by a member
- install / configure admin authentication for both admin.php and the /modules/Forums/admin directory
- change and have unique users and complex passwords for 1) database, 2) Nuke admin, 3) Nuke user, 4)admin authentication, 5) hosting account control panel
- review access logs for suspcious activity and file change dates on files on the webserver to see if any files were changed / added recently
- ask the host for assistance in verifying that this wasn't accomplished via another account on the same server or through some server configuration weakness

I know it's frustrating - especially when you have what you think is secure. The challenge is to remain calm and find the weak link(s).
 
aap
PostPosted: Mon May 05, 2008 9:24 pm Reply with quote

Thanks kguske,

I havn't really done anything to the RN after installing it. I am the only user as I am in the process of getting the site set up to go live. Atleast it was the plan before this set back of getting hacked.

I will follow the steps that you have posted above. I was able to get back in my admin. I am trying to check to see if anything looks out of place. I still can't get my user account to login. I changed the user information and still no luck. when trying to login It just acts like the account isnt there. It just brings up a new blank user/password field with a new graphic code. It dosnt tell me that the USER or Password was in-correct or anything. Any ideas?
 
aap
PostPosted: Mon May 05, 2008 10:13 pm Reply with quote

Well, I have narrowed it down to the $gfx_chk. When I disable it I can get logged in. But when I enable it. the codes are always wrong. What could I do to fix this error?
 
Guardian2003
PostPosted: Tue May 06, 2008 2:15 am Reply with quote

Sounds like you have a cookie conflict. Clearing your browser cache and cookies, then close the browser before opening a new browser window and that should fix the conflict.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue May 06, 2008 5:54 am Reply with quote

aap, there are also numerous threads here regarding issues with the captcha that might help you. All of the issues previously reported are related to your host setup BTW, so hopefully you can get that cleared up as that is one of the key features of RN is the newer captcha and its incorporation also as a spam stopper... Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
sting
Involved
Involved


Joined: Sep 23, 2003
Posts: 456
Location: Somewhere out there...

PostPosted: Tue May 06, 2008 9:00 am Reply with quote

Hopefully this is a typo and not a script kiddie hack. . .

In your main news article you have 'Welcome to Advanced Aerail Photography!"

Check the word "Aerail"

Wink

-sting
is wishing he had a different pet peeve.

_________________
You see - I told you I wasn't paranoid. They were really out to get me. 
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
aap
PostPosted: Tue May 06, 2008 9:31 am Reply with quote

Thanks for the info everyone. I will keep you posted on the issues.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©