Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
zaki
New Member
New Member


Joined: Oct 12, 2004
Posts: 9

PostPosted: Tue Oct 12, 2004 7:28 am Reply with quote

hello all,

my site (php-nuke 7.4) was hacked today, since I installed sentinal it blocked 98 attempt, but the 99 was successfull.

the hackers added a god author to authors DB

with that they managed to change the index.htm file that redirect to the folder where phpnuke is, and they managed to change index.php file, here it is

index.php

Code:
<html><head><title>Owned</title>

</head><body><span style="font-family: Trebuchet MS, Verdana, Arial, Helvetica, sans-serif; font-size: 22pt; color: #333333">Kernel_Attack OwnZ Here ! ! !</span><br>
<br><span style="font-family: Trebuchet MS, Verdana, Arial, Helvetica, sans-serif; font-size: 14pt; color: #333333">by MaMa</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;<img src="http://www.hispanic.com/ka.jpg" align="absmiddle"> <br>
<br><span style="font-family: Trebuchet MS, Verdana, Arial, Helvetica, sans-serif;   font-size: 10pt; color: #333333">
Dead_c0de - DeRf- - ZerO4 - MaMa - MaTrIzz - LEONE_PARK - Nickvicq<br>
Help Admin? Connect on <font color="#000000"><strong>irc.gigachat.net</strong></font><br>
Join <font color="#000000"><strong>#Kernel_Attack </strong></font></span></body></html></html>


and the hacked index.html seems much like the above,

Code:
<body><span style="font-family: Trebuchet MS, Verdana, Arial, Helvetica, sans-serif; font-size: 22pt; color: #333333">Kernel_Attack OwnZ Here ! ! !</span><br>

<br><span style="font-family: Trebuchet MS, Verdana, Arial, Helvetica, sans-serif; font-size: 14pt; color: #333333">by MaMa</span> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;&nbsp;<img src="http://www.hispanic.com/ka.jpg" align="absmiddle"> <br>
<br><span style="font-family: Trebuchet MS, Verdana, Arial, Helvetica, sans-serif;   font-size: 10pt; color: #333333">
Dead_c0de - DeRf- - ZerO4 - MaMa - MaTrIzz - LEONE_PARK - Nickvicq<br>
Help Admin? Connect on <font color="#000000"><strong>irc.gigachat.net</strong></font><br>
Join <font color="#000000"><strong>#Kernel_Attack </strong></font></span></body>


my database / author , had this line beside my first line

Code:
`nuke_authors` VALUES ('Kernel_Attack', 'God', '', '', 'e8d95a51f3af4a3b134bf6bb680a213a', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, '');


and of course, the main message in my site was edited, with their own message.

my sentinal is version 2.0.2 (latest as i think), only today i found a new 2.0.2 in your site, but i couldn't open the compressed file, apparently it got some patches or better files.

btw, I got Admin HTTPAuth List disabled in sentinal configuration, i believe that was since the installation, I don't know why !!

can any of you pls give me the newer 2.0.2 so I update my sentinal ?


and, will the site be more protected with this new version ? will hackers manage to add another author (god) again ?


suggestion: why not make a newsletter or alert system for sentinal users, so they know about new updates ? it seems that hackers come and search for security holes in this site (and other sites), and when they see you posting a new security hole, they attack sites hoping they didn't patch yet.

and, I want to report these hackers to their local authority, any ideas where is the best place to start with ?

thanks,
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Tue Oct 12, 2004 8:35 am Reply with quote

You got hacked because you didn't have http auth set to on. That's how admin.php gets protected. The download is a zip file and works w/o any problem. But, the problem is in your setup. You need to have HTTP Auth on.
 
View user's profile Send private message
zaki
PostPosted: Tue Oct 12, 2004 9:10 am Reply with quote

thanks Raven,

How do I turn it on please ?

I also have coppermine, shall I uninstall it ?

I downloaded the zip file several times but when i try to open it, i get a strange error (error while processing 0 entries) from winzip !!
 
Raven
PostPosted: Tue Oct 12, 2004 9:20 am Reply with quote

From here? I just d/l it and opened it w/o any problem.

I would dump Coppermine and go with Gallery or Menalto. Turn the HTTP Auth on in your NukeSentinel Administration panel.
 
zaki
PostPosted: Tue Oct 12, 2004 12:48 pm Reply with quote

I can assure you I am getting the error "error reading heading after processing 0 entries" when i try to open the file with winzip, with winrar it expands into one file only.

and the HTTP Auth is just disabled, i cannot enable it!! i sent an Email to my hosting service asking them about the PHP, will tell you their answer.
 
Raven
PostPosted: Tue Oct 12, 2004 12:59 pm Reply with quote

If it is disabled then your host has PHP compiled as a CGI module and I address how to protect yourself in this article Only registered users can see links on this board! Get registered or login! . As to your unzipping issue, I just this moment [again] d/l it and it unzipped perfectly Only registered users can see links on this board! Get registered or login!
 
zaki
PostPosted: Tue Oct 12, 2004 1:19 pm Reply with quote

Raven, i also have secure admin, the parameter $nsnsecureadminacces = true, yet when i go into the administration of secure admin it tells me it is not protected, any ideas ? I have version 1.3 installed

and something else very strange, when i go into the administration of secure admin, the whole block of administration as we normally see it in admin.php is shown twice!! why is that ?

as for the zip file, i was trying to download it from a totally different URL!! this one
Only registered users can see links on this board! Get registered or login!

now it is ok, i will upgrade my 2.0.2 into this new 2.0.2, thanks
 
Raven
PostPosted: Tue Oct 12, 2004 1:29 pm Reply with quote

Yes, Bob packages his stuff [usually] as a tar.gz file and winblows XP SP2 breaks it. As to admin secure (which apparently it wasn't) I have no idea.
 
cprompt
Regular
Regular


Joined: Jun 08, 2004
Posts: 64

PostPosted: Sun Oct 17, 2004 2:46 pm Reply with quote

I've attempted to apply theis method Raven, adn I just don't get it I guess. Only registered users can see links on this board! Get registered or login!
I have no idea how to generate a cpypt pass or where in the script to put the username and password.

I was also hacked by the same exact hacker as the poster of this topic.
 
View user's profile Send private message
zaki
PostPosted: Sun Oct 17, 2004 3:34 pm Reply with quote

it worked fine with me

thanks Raven
 
cprompt
PostPosted: Sun Oct 17, 2004 3:46 pm Reply with quote

zaxi, How did you get rid of the crap the hacker left. I replaced my index.php file and all affected files, I thought, but I still get this on the main page: Only registered users can see links on this board! Get registered or login!
 
cprompt
PostPosted: Sun Oct 17, 2004 3:59 pm Reply with quote

Ok I figured it out. I forgot about the Main message on the main page. They edited it as well as deface my index file.

As for the HTTP AUTH, Rave, I figured it out.
I ended up having to use a .htpasswd file instead in my subdomain, but your other method worked for my main site.
 
Raven
PostPosted: Sun Oct 17, 2004 4:09 pm Reply with quote

RavensScripts
 
zaki
PostPosted: Sun Oct 17, 2004 7:33 pm Reply with quote

what can we do to these hackers ?

any suggestions ? i really want to punish them
 
Raven
PostPosted: Sun Oct 17, 2004 7:50 pm Reply with quote

Add the pckiller templates to your NukeSentinel redirect page.
 
cprompt
PostPosted: Mon Oct 18, 2004 3:01 pm Reply with quote

hmm..where can we get PC killer?
 
zaki
PostPosted: Mon Oct 18, 2004 3:51 pm Reply with quote

i was going to ask the same question Smile
 
Raven
PostPosted: Mon Oct 18, 2004 4:38 pm Reply with quote

Only registered users can see links on this board! Get registered or login!

Always search the forums before asking Wink
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©