Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
KOMAPA
New Member
New Member


Joined: Sep 11, 2004
Posts: 20

PostPosted: Mon Jul 18, 2005 11:50 pm Reply with quote

My site was stopped by hosting company because of spaming and server attack try...

Here is some (I thing telnet) log, but I dont understand what is this?!?!

Can somebody help me and do thet more explicably for me?
Quote:
root@nadia:~ on ttyp1
#:> ps auxw |grep domainname
loginname 14258 7.0 0.6 14600 10164 ?? R 8:36PM 0:00.10 /usr/bin/php modules.php
loginname 14215 0.0 0.3 6716 4072 ?? S 8:36PM 0:00.00 /usr/local/sbin/exim -Mc 1DuZXW-0003g3-Tx (exim-4.51-0)
loginname 14231 0.0 0.3 6716 4072 ?? S 8:36PM 0:00.00 /usr/local/sbin/exim -Mc 1DuZXY-0003hD-Ci (exim-4.51-0)
root 14262 0.0 0.1 2696 932 ?? R 8:36PM 0:00.01 /usr/local/apache/bin/suexec loginname loginname modules.php
loginname 42074 0.0 0.3 5012 4416 ?? S 12:29PM 1:33.10 inetd (perl)
loginname 42146 0.0 0.1 3092 1764 p0 Is 12:29PM 0:00.08 /bin/bash
loginname 53851 0.0 0.1 2652 1896 p0 S+ 12:56PM 0:27.59 perl vv.txt mic.txt Only registered users can see links on this board! Get registered or login! eu de novo rafael2.htm


Or maybe it's a server security problem?....

Sorry for my bad english.

Tanx in advance!
 
View user's profile Send private message
Guardian2003
Site Admin


Joined: Aug 28, 2003
Posts: 6792
Location: Ha Noi, Viet Nam

PostPosted: Tue Jul 19, 2005 3:59 am Reply with quote

I would ask them to provde some evidence of their claims. I see nothing in your post above that indicates the server was being compromised.
Do you have any error logs or better still raw access logs - was the server subject to sudden bandwidth useage?
did you have any of Chatserv's 'patches' installed or Sentinel?
 
View user's profile Send private message Send e-mail
KOMAPA
PostPosted: Wed Jul 20, 2005 1:57 am Reply with quote

It's old story....

I use phpnuke 6.0 with all posible patches I thing....

I have a lot hard hand working in the code myself and if I try to upgrade I will lost much unfo from 2,5 years.

Now i download a raw access log, but it's very big... were I can to put it or send it to?...
 
Guardian2003
PostPosted: Wed Jul 20, 2005 2:50 am Reply with quote

You shouldnt lose anything by upgrading but it would take some time by using a file comparison utility.
You didnt say whether or not you had a version of Sentinel or other system installed.
Are you by any chance using a host who provides unlimited bandwidth/ disc space?

Perhaps it is time to change hosts if they cannot provide evidence of server attacks.
You mention 'spamming' - did you still have the old Webmail module installed?
 
KOMAPA
PostPosted: Fri Jul 22, 2005 2:37 am Reply with quote

Quote:

You shouldnt lose anything by upgrading but it would take some time by using a file comparison utility.

I'l do that this couple of days with 6.0Patched files: Only registered users can see links on this board! Get registered or login!
What comparison utility I must to use?
Quote:

You didnt say whether or not you had a version of Sentinel or other system installed.
Are you by any chance using a host who provides unlimited bandwidth/ disc space?

I use SQL Injection Hack Alert: Only registered users can see links on this board! Get registered or login!
(there is no Sentinel for PHPNuke v 6.0)
Quote:

You mention 'spamming' - did you still have the old Webmail module installed?

I'm not using it (not active), but it was there... I delete it.
 
Guardian2003
PostPosted: Fri Jul 22, 2005 12:01 pm Reply with quote

There are a number of file comparison utilities available and I think everyone has a *favourite* depending on the features and complexity they need.
My own 'must have' is a utility called 'Beyond Compare2' Only registered users can see links on this board! Get registered or login! although it is a 30 day trial it would suit your needs as it compare whole sites in one go including sub folders etc.

I'm not sure what thoughts others have but I would definitely try to upgrade your nuke to 6.9.
If you have back-ups of your files, you have nothing to lose and everything to gain and there is always someone to guide and assist you.
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Fri Jul 22, 2005 12:33 pm Reply with quote

I have licensed copies of CompareIT, Beyond Compare2 (I think), and most recently, ExamDiff Pro. My preference is ExamDiff Pro (It has a 30 day trial also). I switched to ExamDiff Pro about a month ago as it seems to find the like code better than the others. Just my opinion; ymmv.

As to my hack-alert script, it is outdated, unfortunately. If you had a spamming/server attack, outside of phpnuke, NukeSentinel and Chatserv's patches wouldn't help you there. If you'd like to discuss updating your site (contract work), PM me and we can see what can be negotiated.
 
View user's profile Send private message
KOMAPA
PostPosted: Sat Jul 23, 2005 12:59 pm Reply with quote

Tanx guys!

I found this KDiff3 - I use soft like this for fist time, but it works fine for me Smile
Quote:
KDiff3 Version 0.9.88

Tool for Comparison and Merge of Files and Directories

(c) 2002-2005 Joachim Eibl

Homepage: Only registered users can see links on this board! Get registered or login!

Licence: GNU GPL Version 2
I use the Chatserv's patches and remove the old unused webmail module...

I thik it resolve the problem.

Tanx again Smile!
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©