Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Rumbaar
Regular
Regular


Joined: Apr 16, 2004
Posts: 78
Location: Melbourne, Australia

PostPosted: Sun Mar 26, 2006 5:24 pm Reply with quote

Hi,

One of my sites running an older version of php-nuke (not sure of version anymore maybe 7.6 standard) with a few of the fixes added to the mainfile.php file for common auth exploits. But I've hard coded most of that stuff to never be a worry.

But this recent night my configuration details were 'hacked' and my settings all deleted and the title of the site via the configuration was changed. They couldn't create or delete the authors so couldn't change anything.

My questions is (I've done a rough search) does anyone know of this exploit/hack and how do I fix against it. My many modifications don't readily allow for a simple patch copy over files, so a type of code fix would be ideal.

But any help or knowledge of where to look, as I don't know how they did it.

_________________
Victim's aren't we all! 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Mar 26, 2006 8:32 pm Reply with quote

Are you saying that your preferences table was changed? If so, that sounds like a union attack. If you're not running NukeSentinel there, you should since it stops most of those types of attacks (and most other, too). The caveat is that all the modules have to use standard Nuke database access methods. So, if you use something unusual, NukeSentinel may not protect in that area.

Or, did a file (not a database table) get changed on your server? If so, something is allowing inappropriate access. Maybe the file settings were incorrect, or maybe there was a script that allowed access through a backdoor. Were you running a chat or photo gallery module?

Did you check your logs to see what was happening?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Rumbaar
PostPosted: Mon Mar 27, 2006 1:31 am Reply with quote

Yes the nuke_config table appears to be the one they changed.

Can I intergrate NukeSentinel into 7.2 with ease?
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Mon Mar 27, 2006 10:29 am Reply with quote

I see this alot with sites that run coppermine or SPChat. Would you happen to be using either?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
Rumbaar
PostPosted: Mon Mar 27, 2006 6:42 pm Reply with quote

No I don't run coppermine or SPChat, we I don't know what they are so I assume I don't run 'em Smile

I have 4 php-nuke sites and only one was 'defaced'. Tho the later two are running 7.6 patched and RavenNuke so I doubt they'll be defacable.
 
kguske
PostPosted: Mon Mar 27, 2006 8:42 pm Reply with quote

Was the defaced site running NukeSentinel or any other security addon?
 
Rumbaar
PostPosted: Tue Mar 28, 2006 6:20 pm Reply with quote

No it wasn't. Hence my later question of the possibility or ease of intergrating it into a 7.2 version of php-nuke. Also the same question for a 6.5 version of php-nuke.

Due to the restrictions on the character set allowed in user accounts I can't update earlier php-nukes.
 
kguske
PostPosted: Tue Mar 28, 2006 8:28 pm Reply with quote

I'm pretty sure it's being used with 7.2, and I think VinDSL might be using with his heavily modified 6.5 version. I guess it depends on how much you want to take on with modifying the code. It might not be hard, but you can get the latest patches for 6.5...
 
Rumbaar
PostPosted: Wed Mar 29, 2006 5:32 pm Reply with quote

I'll have to give it a look and see.

I know that later patched versions of php-nuke have serious issues with account like Rümßäär (which I have used on my 6.5 install for years now) and other 'fancy' or foreign language usernames so I'm unsure to what level I can patch 6.5 and not break it for my real users.

Not sure if 7.2 will have the same issue with user accounts.

It's funny how for a multi-langauge 'support' system like php-nuke no longer allows even the most basic foreign characters from say the German character set Smile

Look's like I have some serious investigation and work to do, which is most likely way beyond my skill level.

Thx anyways.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©