Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
morpheus_75
Involved
Involved


Joined: Oct 07, 2003
Posts: 302

PostPosted: Sun Dec 26, 2004 3:01 pm Reply with quote

My site was hacked by a group of Brazilian lamers. They replaced index.php, admin.php and config.php with different files. They also put a index.htm file, so that my home page was changed, displaying their message.

I have phpbb forum 2.0.10 and coppermine. I also have Hackattempt script.

Anyone may suggest how to protect my site?
 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sun Dec 26, 2004 3:41 pm Reply with quote

Get rid of Coppermine. Upgrade phpbb. Install NukeSentinel.
 
View user's profile Send private message
Muffin
Client


Joined: Apr 10, 2004
Posts: 649
Location: UK

PostPosted: Sun Dec 26, 2004 3:48 pm Reply with quote

Wonder if it's the same bunch of numbskulls that hacked a friends site, they were daft enough to leave a trace back to their own website and it was plastered with posts in their forums and their home page of their 'conquests'

My friend emailed their hosting company, as they were using a free host and they got their account shut down lol

Worth doing the same morpheus. It doesnt stop them but it does suspend their activities for a while.

_________________
Classic Mini rules the bends & bends the rules!
[img] 
View user's profile Send private message
morpheus_75
PostPosted: Sun Dec 26, 2004 4:04 pm Reply with quote

Raven wrote:
Get rid of Coppermine.


But I've just installed it! Sad
What would you reccommend?

Raven wrote:
Upgrade phpbb.


I have a modded forum. What about changing files manually?

Raven wrote:
Install NukeSentinel.


Is it hard to install?

P.S.: tnx for your adivce, Muffin! Smile
 
Muffin
PostPosted: Sun Dec 26, 2004 4:08 pm Reply with quote

It's dead easy to install morpheus, if I can do it anyone can lol
 
morpheus_75
PostPosted: Sun Dec 26, 2004 6:50 pm Reply with quote

Ok, I'll try to install Sentinel!

I have a few questions I hope someone (Raven?) may answer:

1) If I install Sentinel, do I have to remove Hackattempt script? If it is so, how?

2) Why should I get rid of coppermine?

3) Is it possible to make manual changes to phpbb 2.0.10?

Thank u in advance
 
Raven
PostPosted: Sun Dec 26, 2004 7:52 pm Reply with quote

Coppermine (nuke) is one of the easiest ways to get hacked. This has been documented many times. The upload has major exploits.

Remove HackAttempt by removing the code in mainfile.php.

Check with ChatServ on the manual upgrade of phpbb. He may have more information.
 
morpheus_75
PostPosted: Mon Dec 27, 2004 6:36 am Reply with quote

Thanks, Raven! What version of Sentinel would you reccommend? Is it diffocult to configure?
 
Raven
PostPosted: Mon Dec 27, 2004 6:45 am Reply with quote

v2.1.2b, the latest. I wouldn't say it was difficult, but it is powerful so it involves several steps. Refer to the Guide and the FAQ available on my home page.
 
morpheus_75
PostPosted: Mon Dec 27, 2004 7:00 am Reply with quote

THANK YOU! Smile
 
morpheus_75
PostPosted: Wed Dec 29, 2004 3:39 am Reply with quote

AGAIN! My site was defaced with SENTINEL ON!!

I checked through my ftp and found an index.html file with the defacement message. This time though they didn't replace index.php, admin.php and config.php, but only added that file. Is it Sentinel that blocked the hackers? If this is the case, why Sentinel didn't track any hack attempt?

Thank u Sad

EDIT: when I installed Sentinel I didn't modify my .htaccess file... maybe this the reason why Sentinel isn't working properly? or could there be configuration problems?
 
morpheus_75
PostPosted: Wed Dec 29, 2004 5:03 am Reply with quote

The hacker wrote me an email!! :-O He explained how he hacked my site.

Basically he entered my server through Coppermine, theme.php.

He also told me the script he used to enter my server. I do not enclose it here, because I don't want to spread this information.

Is there any patch for this?

Why Sentinel didn't block this guy?
 
Raven
PostPosted: Wed Dec 29, 2004 7:37 am Reply with quote

NukeSentinel cannot block holes in 3rd party software. I told you back on 12/26 that Coppermine was your problem.
 
morpheus_75
PostPosted: Wed Dec 29, 2004 8:05 am Reply with quote

Raven wrote:
NukeSentinel cannot block holes in 3rd party software. I told you back on 12/26 that Coppermine was your problem.


Yes, Raven, you're right! Sad The point is that I need a gallery. Which one would you recommend? Thanks Smile
 
Raven
PostPosted: Wed Dec 29, 2004 8:07 am Reply with quote

I don't use any, but Menalto has been mentioned quite often.
 
morpheus_75
PostPosted: Wed Dec 29, 2004 8:47 am Reply with quote

Raven wrote:
I don't use any, but Menalto has been mentioned quite often.


Ok. I think I'll try with Menalto Wink
 
morpheus_75
PostPosted: Wed Dec 29, 2004 9:32 am Reply with quote

I have another question, Raven.

When I installed Sentinel, I noticed a .htaccess file that I didn't upload to my server because there is already one in my site root. Shall I copy the lines included in that file to the existing one?
 
Raven
PostPosted: Wed Dec 29, 2004 10:20 am Reply with quote

Only if you need to use CGIAuth. If you're able to use NukeSentinel with HTTPAuth then you don't need it.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©