Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Dacubz
Worker
Worker


Joined: Apr 27, 2004
Posts: 156
Location: Homer Glen, Illinois

PostPosted: Tue Dec 27, 2005 6:39 pm Reply with quote

Something has corrupted my site, and is trying to force an image download a file expl1_tank.wmf from trust4free.ws every time my index.php is accessed. I overwrote my index.php and it appears OK for now. How can it have happened, and how can I stop it from happening again? I'm running Raven's 7.6 distro with Sentinel BTW.
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Tue Dec 27, 2005 7:14 pm Reply with quote

Well i doubt that..
Every idiot can try to abuse a site or try to hack it.
But it would help if you could provide more info...
 
View user's profile Send private message
Dacubz
PostPosted: Tue Dec 27, 2005 8:21 pm Reply with quote

Doubt what, and What kind of info should I provide?
 
hitwalker
PostPosted: Tue Dec 27, 2005 8:34 pm Reply with quote

well how do you know this?
How do you know they are using your index.php ?
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Dec 27, 2005 9:26 pm Reply with quote

Dacubz, the base RavenNuke76 distribution should not have allowed this to happen. Now, if you have installed other modules or hacks which allow file uploads, such as Copermine, or a forum file upload mod, or some form of chat module, that could have been the way they broke in... Again, that is if you are certain your index.php was overwritten. Also, are you sure that you configured NukeSentinel per the provided instructions?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Dacubz
PostPosted: Wed Dec 28, 2005 8:03 pm Reply with quote

I don't have anything unusual installed, but one of my users did some research and came up with this. I haven't done anything besides overwrite my index.php so far.
Only registered users can see links on this board! Get registered or login!


Domain Name: TRUST4FREE.WS
Registrant: personal

Administrative Contact: Only registered users can see links on this board! Get registered or login!
18666254678

Registrar:
Rustelekom (www.NameServers.ru)
1 866 6254678 Only registered users can see links on this board! Get registered or login!

Domain created on 2005-10-15 10:10:39
Domain last updated on 2005-10-15 10:10:39

Name servers:

ns0.xname.org
ns1.xname.org
 
Dacubz
PostPosted: Wed Dec 28, 2005 8:29 pm Reply with quote

Reported to the host also, but I was wondering if this could have been caught.
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Thu Dec 29, 2005 3:27 am Reply with quote

Well you'd need to look at your access logs to see how he got it. There's gotta be a vulnerable part somewhere.. usually its an uploading script

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©