Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
ladysilver
Hangin' Around


Joined: May 03, 2004
Posts: 49
Location: Cyberspace

PostPosted: Sat Sep 18, 2004 11:42 am Reply with quote

I have had a few hacking attempts on a site where I have PHP-Nuke 7.4 installed with Sentinel 2.02. Today I received an email from Sentinel as follows:

You Access Changed on [Site Name]

The below information pertains to the HTTPAuth system in NukeSentinel(tm) only!
It does not affect your normal admin login information.


HTTPAuth Login: [not disclosed]
Protected: Is Protected

The header looked legit. I didn't see anything about this anywhere, so if I missed this somewhere in the documentation please excuse me for asking, but why would Sentinel send this? My thoughts are running to an attempt to hack HTTP Auth that (correctly) obtained the login name but not the encrypted password.
 
View user's profile Send private message Visit poster's website ICQ Number
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Sat Sep 18, 2004 3:24 pm Reply with quote

This is the email that NukeSentinel will send out when an admin's userid/password is changed in NukeSentinel. Did you modify yours or someone elses?
 
View user's profile Send private message
ladysilver
PostPosted: Sat Sep 18, 2004 4:33 pm Reply with quote

Hi Raven,

No I didn't change userid or password. I could log in normally using my HTTP Auth name/password combo and the admin username/password combo after HTTP Auth cleared.

After receiving the email I checked both in Sentinel and afterwards in the database in CPanel to make sure there were no new authors or unauthorised changes to exisiting admin accounts. Also checked localhost access to see if anybody might have hacked into the server but did not see anything amiss. I followed this up by checking the logs. Outside of somebody looking for 4NGallery (again) nothing immediately sticks out.

The HTTP Auth username was correct, and I don't use "admin" or "webmaster" or anything that would be unusually easy to guess.

I'm going to go ahead and change all the admin access passwords at that website for general safety, but I am curious what would cause Sentinel to send that emai, if it was in fact generated by Sentinel.
 
Raven
PostPosted: Sat Sep 18, 2004 4:43 pm Reply with quote

Look at the email smtp headers and see where the email originated from.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©