Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
springmill
New Member
New Member


Joined: Dec 07, 2004
Posts: 7

PostPosted: Sat Dec 03, 2005 11:32 am Reply with quote

Hi All,

There must be a new exploit out. My site and all of my member sites keep getting owned by Only registered users can see links on this board! Get registered or login!

I have to keep SSH and FTP off so I am guessing that there is an exploit for the password somehow.

We have the latest and greatest. Any help will be greatly appreciated.

I found this lying around and wonder if that is what they are using.

Code:


/modules.php?name=Downloads&d_op=viewsdownload&sid=-1/**/UNION/**/SELECT/**/0,0,aid,pwd,0,0,0,0,0,0,0,0/**/FROM/**/nu ke_authors/**/WHERE/**/radminsuper=1/**/LIMIT/**/1/* 


I found it here.

Only registered users can see links on this board! Get registered or login!




Thanks,
Springmill
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Sat Dec 03, 2005 12:12 pm Reply with quote

NukeSentinel(tm) always has stopped that so that is not the issue. I would look for an uploads module exploit. The patches and NukeSentinel(tm) don't control those.
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Sat Dec 03, 2005 5:24 pm Reply with quote

There's a patch for some problems with phpBB in the latest BBToNuke 2.0.18 release. Please check and make sure they didn't install any backdoors into your system.

As Raven said, also disable anything that allows uploading and check all files that have been uploaded.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
djmaze
Subject Matter Expert


Joined: May 15, 2004
Posts: 719
Location: http://tinyurl.com/5z8dmv

PostPosted: Sat Dec 03, 2005 7:06 pm Reply with quote

springmill wrote:
Hi All,

There must be a new exploit out. My site and all of my member sites keep getting owned


Server is hacked on the root level.

Check AWStats, Apache and PHP versions.
Check /tmp for malicious files
Change root password
 
View user's profile Send private message Visit poster's website
springmill
PostPosted: Mon Dec 05, 2005 5:22 pm Reply with quote

Hi All,

I would like to clarify my issue. After getting an email from the "CRACKERS" demanding protection Money from Hacking I have a little more insight. They say my server is not secure on it's own and the hacks have nothing to do with PHPNUKE.

I have implemented the hosts.deny file with some luck. But I fear I have not totally fixed all of the issues. FTP and SSH both allowed root login and I fixed that. I changed my root password, all web site owners passwords but the sites have still be owned.

I am a noob so if I am missing somethign please let me know. I have no upload programs in use.

Fedora Core 4, Webmin, Usermin, and Virtualmin
are the software packages in use.

To answer the following questions:

Server is hacked on the root level.

Check AWStats, Apache and PHP versions.
Check /tmp for malicious files
Change root password

Not sure what AWSTATS is: Apache and PHP are standard Fedora Core releases. I believe php is 5.x something.

root password is easy to change again.

In my /tmp folder I have
.ICE-unix
.font-unix
.webmin
backup-config-manifests

Any help would be greatly appreciated.
 
Raven
PostPosted: Mon Dec 05, 2005 5:26 pm Reply with quote

You should have stayed with RWH Wink - Sorry, couldn't resist it, especially after .....
 
evaders99
PostPosted: Mon Dec 05, 2005 5:54 pm Reply with quote

AWStats is a common website stat package. Usually it is preinstalled if you're using some package. There was a major vulnerability with the scripts. If you've set up your server yourself, then you'd know if it was installed.
 
springmill
PostPosted: Mon Dec 05, 2005 6:53 pm Reply with quote

Gaylen,

I appreciate your grace and timing on the issue. As well as your usual sensitivity.
However, you should know that smarty remarks like that is exactly why I created
freephpnukehosting.com

Greg McAbee

Does anyone have any other insight other than nanner nanner boo boo?
 
Raven
PostPosted: Mon Dec 05, 2005 8:23 pm Reply with quote

Now Greg, that's not the whole story and you know it. If you want a public bruhaha we could do that. It's your call.
 
springmill
PostPosted: Tue Dec 06, 2005 1:07 pm Reply with quote

No Thank You
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©