Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Nash
Regular
Regular


Joined: Jan 10, 2006
Posts: 93

PostPosted: Tue Jan 10, 2006 3:10 pm Reply with quote

OK, my site has been hacked thrice in the last two weeks. The address is Only registered users can see links on this board! Get registered or login!
Admins were added, public messages created, footers changed, site title changed.
Seemed like "tagging" mostly. The first hack I got someone put a big DIV tag in the footer which took up the whole page and had a message with the turkish flag.

I am running a version of PHP 7.3 that I modded a bit back about a year ago or so. I spent a bunch of time putting in the latest updates and Raven, I think I used yours or Chatserv's modified script files and replaced variable assignments with specific data type assignments (i.e., data=$id to data='$id') (It was awhile ago so I don't quite remember).

However, people are still getting in. I am concerned because I also run a much larger site which has similar code.

My questions would be:
1. How are they getting in? SQL injection? Union hack (I should have this blocked. Not sure what this means really).

2. What Admin program should I install? I have AdminTap from nukecops implemented as well as some code which is supposed to block union hacks, but I don't know if it works.

3. If (should I?) upgrade to a new version of PHP-Nuke, will my modules still work correctly. I custom made my front-page module and a bunch of others as well. They don't do anything super-complex other than pull things into and out of mySQL databases and access the user name variables, etc.

This seems to happen - I spend a ton of time installing a new version of nuke, remodding my modules and files to work, finding out what bugs to fix for security, then I am good for about 6 months-1 year, get hacked, and repeat.

Thanks for your help.
 
View user's profile Send private message
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Tue Jan 10, 2006 4:07 pm Reply with quote

The only surefire way I know of detecting intrusions is by going through your logs line-by-line. Personally, I do this manually, using a text editor. It's very time consuming, but...

There are some utility proggies out there that will make this task easier, but I haven't tried them.

Example: Only registered users can see links on this board! Get registered or login!

I might also mention... many of these hacks depend on 'globals' being enabled on your server. You might try adding this to your .htaccess file:

Code:
#Offers protection during hacking attempts by NOT displaying error

#messages, server paths, et cetera, and turns off your globals.
php_flag display_errors off
php_flag register_globals off


That's what I run on my site[s]. Every little bit helps... Wink

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Tue Jan 10, 2006 5:21 pm Reply with quote

If its this same Turkish hacker, he is using exploits within phpBB. You should upgrade to the latest Patched files - includes BBToNuke 2.0.17 (probably go ahead and install 2.0.18 and 2.0.19 as well)

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Nash
PostPosted: Tue Jan 10, 2006 5:23 pm Reply with quote

Thanks for the suggestions.

I will try modding my htaccess with that.

evad - Hmm, I will check that out. The turkish hacker I had was secretlyx, does that help? Thanks
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Jan 10, 2006 10:04 pm Reply with quote

AdminTap is terribly outdated. Get NukeSentinel(tm) installed immediately. That will stop the adding of admins.
 
View user's profile Send private message
VinDSL
PostPosted: Tue Jan 10, 2006 10:07 pm Reply with quote

Nash wrote:
The turkish hacker I had was secretlyx...

He's a busy little guy, eh what? Rated #44 on Zone-H...
Only registered users can see links on this board! Get registered or login!
 
Nash
PostPosted: Tue Jan 10, 2006 10:35 pm Reply with quote

Yeah had a ton of sites today alone. You'd think he gets paid for it.

Rav-on is Sentinel yours?
 
Raven
PostPosted: Tue Jan 10, 2006 10:46 pm Reply with quote

Basically mine and Bob's. Others have contributed but we are the main keepers.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©