Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
phiberoptik
New Member
New Member


Joined: Oct 10, 2004
Posts: 17

PostPosted: Sun Oct 10, 2004 12:52 pm Reply with quote

My site Only registered users can see links on this board! Get registered or login! was hacked... how I am not sure.

Yes I was using the same password on my GOD account as my cPanel hosting account.

Yes I contacted the hosting provider and had them change it to something totally different.

I then changed ALL of my passwords on all of my e-mail accounts, instant message, cPanel, etc etc.. All to something different, not all the same password.. but each one a different password with letters and numbers, 8+ characters long.

I wakeup this morning, he got into my cPanel again, changed my e-mail passwords, messed with my database etc.

At this moment, I have downloaded the newest ChatServ 7.4 Nuke Patched... Overwrote all the files on my site with those.. and activated the newest Sentinel, I am trying to tweak the sentinel quite a bit, I have the site in offline mode for now, it seems to be safe.. I have enabled the Http Auth on the admin side..

I am trying to fix some of the damage to the site now...

I have some questions if anyone knows.

How could he possably gey my cPanel password after it was changed to something I have NEVER used and not used on anything else.

I also ran some custom modifications in my News Module, I basically custom hacked the WYSG Editor and made it do macros into the news, but in my config.php I had to allow a lot of the HTML tags, would this have anything to do with it?

The guy is using a proxy, and attacking me from 217.172.149.4 which I have blocked at cPanel and Sentinel and their website is Only registered users can see links on this board! Get registered or login!

Also I am looking for a good list of proxy IPs to block, along with some suggestions for Sentinel.


Thanks guys

Phiber0ptik
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Oct 10, 2004 12:55 pm Reply with quote

Once he had access to your cPanel then he had either root and/or ftp access. He no doubt has planted a backdoor program into your account. He probably has added his own id/pass possibly. Scour your ftp site for any programs (possibly cgi) that you did not install.
 
View user's profile Send private message
phiberoptik
PostPosted: Sun Oct 10, 2004 12:58 pm Reply with quote

Did that, seems to be totally clean now... Do you happen to know some good settings for all of the filters in Sentinel to add as a default, like the Strings, Request Method, and maybe a good proxy IP list?
 
phiberoptik
PostPosted: Sun Oct 10, 2004 12:59 pm Reply with quote

BTW Everytime I turn "Block Proxies" ON in the configuration, it turns right off... Any ideas?
 
Raven
PostPosted: Sun Oct 10, 2004 1:08 pm Reply with quote

Can you save any settings at all? Normally that only happens if you haven't got all the tables installed correctly.
 
phiberoptik
PostPosted: Sun Oct 10, 2004 1:10 pm Reply with quote

Yep, I can change the other settings and they stick.
 
BobMarion
Former Admin in Good Standing


Joined: Oct 30, 2002
Posts: 1037
Location: RedNeck Land (known as Kentucky)

PostPosted: Sun Oct 10, 2004 1:12 pm Reply with quote

Check your nuke_nsnst_config table for the following two items. In one of the releases of NukeSentinel(tm) one or both were missing, don't remember which it was.:
Code:
INSERT INTO nuke_nsnst_config VALUES ('proxy_reason', 'admin_proxy_reason.tpl');

INSERT INTO nuke_nsnst_config VALUES ('proxy_switch', '0');

_________________
Bob Marion
Codito Ergo Sum
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website
phiberoptik
PostPosted: Sun Oct 10, 2004 1:14 pm Reply with quote

Getting an error, I even deleted those 2 entries first..

MySQL said:


#1136 - Column count doesn't match value count at row 1
 
phiberoptik
PostPosted: Sun Oct 10, 2004 1:18 pm Reply with quote

Got it working.. I had to kill the config SQL tables, and re-insert them

Do you happen to know some good settings for all of the filters in Sentinel to add as a default, like the Strings, Request Method, and maybe a good proxy IP list?
 
BobMarion
PostPosted: Sun Oct 10, 2004 1:24 pm Reply with quote

1 proxy list I know of is Only registered users can see links on this board! Get registered or login!

Request Method I have set to Email, Block, & Default page , in hte list box I have HEAD and SEARCH.
 
phiberoptik
PostPosted: Sun Oct 10, 2004 1:26 pm Reply with quote

Ok thanks Bob, 1 last question is anyone knows..

EVERY time I try to turn the Harvester blocking on, I get a 403 Error... Any ideas?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©