Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
RossDagley
New Member
New Member


Joined: Aug 29, 2004
Posts: 7
Location: UK

PostPosted: Sun Aug 29, 2004 4:03 pm Reply with quote

Hi guys.

I've spent a few hours browsing over what I can here (and unfortunately before I got here...) also at nukecops. I hope I dont offend anyone here, but I sort of get the idea the guys there don't know what they're talking about so much - they seem to give conflicting info and advice. Like I said - hope to not offend!

Anyway, now I've type-casted myself Wink...

I know this a setup destined to go straight to hell, but without too much pointing and laughing, could you guys please help me secure my php-nuke based site. I don't know what I need, and what I dont.

I've got a windows 2003 server, running IIS6 with php-nuke 7.3. I think that also takes care of the phpbb upgrade? It says phpbb 2.0.8 anyway.

Regardless, I'd like to secure the site more, and log any attempts made into the site. I'm a bit stuck as I get the impression that fortress and sentinel (which I presume you're going to recommend...) appear to be orientated towards apache, on linux.

Could you guys point me in the right direction please?

Thanks for any guidance in advance!

--Ross
 
View user's profile Send private message
TheosEleos
Life Cycles Becoming CPU Cycles


Joined: Sep 18, 2003
Posts: 960
Location: Missouri

PostPosted: Sun Aug 29, 2004 4:05 pm Reply with quote

Quote:
I hope I dont offend anyone here, but I sort of get the idea the guys there don't know what they're talking about so much - they seem to give conflicting info and advice. Like I said - hope to not offend!


Don't expect anyone here to get offended at that comment. Wink

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website AIM Address ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sun Aug 29, 2004 4:08 pm Reply with quote

Apache is only needed if you need/want to block IP's at the server level (.htaccess). Other than that, NukeSentinel will allow the banning of IP's at the site level and should be able to secure your site quite nicely.
 
View user's profile Send private message
RossDagley
PostPosted: Sun Aug 29, 2004 4:10 pm Reply with quote

Ok - so a simple case of download sentinel, read instructions, install?

Would this cover most common things? I'm not after uber-1337 security (unplug NIC etc Wink) but like what I've read about sentinel.

Thanks again!

-Ross
 
Raven
PostPosted: Sun Aug 29, 2004 4:18 pm Reply with quote

And some uncommon ones Wink
 
GeekyGuy
Client


Joined: Jun 03, 2004
Posts: 302
Location: Huber Heights Ohio

PostPosted: Sun Aug 29, 2004 4:18 pm Reply with quote

RossDagley,
If you have any questions, just ask. We want to help you get your site secured with the best protection available.

_________________
"The Daytona 500 is ours! We won it, we won it, we won it!", Dale Earnhardt, February 15th, 1998, Daytona 500 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger MSN Messenger ICQ Number
RossDagley
PostPosted: Sun Aug 29, 2004 4:22 pm Reply with quote

Really - just a 'your doing the right thing' is great so far! After getting my nuke site hacked this morning, I'm nervous and trying to sort it out Sad

I found two users in the nuke_auth table and removed those, but the giveaway was the changed welcome message saying you've been h@><0r'd or some such. Presumably kids with too much time on their hands. Its not even a particually interesting site (http://www.thedoctorsclan.com) - just a bunch info for a group of mates mainly...

Anyway - I've installed sentinel now, and I'm just going through the options. Pleased it was so simple to install - I expected a headache, but none so far Very Happy

Thanks guys. Really.

--Ross
 
Raven
PostPosted: Sun Aug 29, 2004 5:26 pm Reply with quote

Make sure you activate the Admin Auth! That prevents changes to the authors table, which is how you were hacked.
 
RossDagley
PostPosted: Sun Aug 29, 2004 5:32 pm Reply with quote

Yes. Thanks! I've got my head round it now, i think! I've certainly done that change, thats for sure.

Thanks again for all your help. I hope this is all I need to add. Smile

--R
 
jodale
New Member
New Member


Joined: Sep 05, 2004
Posts: 2

PostPosted: Sun Sep 05, 2004 3:16 pm Reply with quote

My website is hosted on a professional host. I have uploaded all my files and ran the install script. I updated my mainfile.php and everything looks good. Here is my question, I am unable to find the .htaccess file and when I try to upload it again, it doesn't show up...am I missing something? If I am unable to use .htaccess, what do I put for the .htaccess path in the admin console? Thanks.
 
View user's profile Send private message
GeekyGuy
PostPosted: Sun Sep 05, 2004 3:23 pm Reply with quote

jodale,

It could be hidden. What program are you using to upload the files with?

You can use just .htaccess in the path, unless you are on a virtual hosting server. then you might have to use the entrie path to the .htaccess file.
 
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Sep 05, 2004 3:25 pm Reply with quote

You won't see your .htaccess file in your ftp client. If you have cpanel on your host, which I think you will have as it's a professional host, go into file manager and open the abuse folder in Sentinel and you'll see it there. Just check it's chmod 666, its probably still 644, if it is 644 change it to 666 save and exit.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
jodale
PostPosted: Sun Sep 05, 2004 3:42 pm Reply with quote

WOW!!! You guys are quick. Thanks for the help, that worked just fine. Thanks again.
 
Raven
PostPosted: Sun Sep 05, 2004 3:52 pm Reply with quote

Most ftp clients have a way of displaying hidden files on the server. For example wsftp simply requires you to add '-la' in the files mask text box and then all hidden files are displayed. Most other ftp clients have a similar mechanism.
 
Muffin
PostPosted: Sun Sep 05, 2004 4:20 pm Reply with quote

I didnt know that Raven, thanks for that.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©