Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
fondy
Regular
Regular


Joined: Sep 12, 2003
Posts: 55

PostPosted: Wed May 24, 2006 12:12 am Reply with quote

Hi

got hacked last night. The only change was that the original config.php was deletet and changed with a new one with html codes with hack-info.

I use php-nuke 7.6 with sentinel 2.3.0. Have studied the tracked IP, but cant find any IP who have done this.

Can it be a security problem my ISP have?

regards fondy
 
View user's profile Send private message Visit poster's website
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Wed May 24, 2006 5:33 am Reply with quote

Quote:

Can it be a security problem my ISP have?


It could be. The only way I think this can happen is:

1) If they have figured out your login or even worse, root access.

2) Or you have a nuke add-on or other script running on that domain which has allowed the uploading of files.

There may be more, but being able to overwrite / upload files is a very serious hack indeed.

I would also check to make sure your files are 644 by default and folders are 755 by default (you may even be able to get away with less, but depends on how your host is set up). Only in rare occassions, such as NukeSentinel needing .htaccess set to 666, should you have permissions set any higher than that, especially if you are on a shared server.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
fondy
PostPosted: Wed May 24, 2006 5:49 am Reply with quote

Thanks a lot, I will check my site. Have also contacted my ISP, and they ar checking logs now.

regards fondy
 
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed May 24, 2006 9:13 am Reply with quote

If a file was changed then they either compromized your webserver or they used an exploit that allowed access to cmd. Are you using SPChat, vWar, Coppermine, or NuClendar?

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
fondy
PostPosted: Wed May 24, 2006 10:29 am Reply with quote

I use none of them. I use Gallery (menalto), Autotheme, Kisgb and MS analysis. Gallery is version 1.4.1, maybe I must upgrade here.
 
Doulos
Life Cycles Becoming CPU Cycles


Joined: Jun 06, 2005
Posts: 633

PostPosted: Wed May 24, 2006 11:23 am Reply with quote

Is Coppermine really a serious security risk? If so is there anything that can be done to overcome the risks of using Coppermine?

Using RN2.02 NSN2.4.2pl6. No other addons other than CPG.
 
View user's profile Send private message
montego
PostPosted: Wed May 24, 2006 10:55 pm Reply with quote

Coppermine has always been on the "bad list". I have no idea, though, if its being actively developed to where it is not a "bad boy" any longer? Any know?
 
gregexp
The Mouse Is Extension Of Arm


Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol

PostPosted: Thu May 25, 2006 2:21 am Reply with quote

Now i may be completely wrong here(information i HEARD)

But ive been told coppermin has not completely abandoned the script but has made another script and attempted to secure it a lot better.
 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
VinDSL
Life Cycles Becoming CPU Cycles


Joined: Jul 11, 2004
Posts: 614
Location: Arizona (USA) Admin: NukeCops.com Admin: Disipal Designs Admin: Lenon.com

PostPosted: Thu May 25, 2006 4:05 am Reply with quote

Ezekiel wrote:
Is Coppermine really a serious security risk? If so is there anything that can be done to overcome the risks of using Coppermine?

I'm using Coppermine 1.1d, which according to most ppl is the devils child. I've been using it since like 2003, and it's survived numerous hacking attempts, according to my logs, but I couldn't tell you what I've done to it -- it's been so long ago.

So, I guess, like everything else -- it all depends... Wink

_________________
.:: "The further in you go, the bigger it gets!" ::.
.:: Only registered users can see links on this board! Get registered or login! | Only registered users can see links on this board! Get registered or login! ::. 
View user's profile Send private message Visit poster's website ICQ Number
FiLiUsEvAe
Hangin' Around


Joined: Nov 24, 2005
Posts: 36
Location: Netherlands

PostPosted: Thu May 25, 2006 4:12 am Reply with quote

Coppermine has revived. Another developer group took over the development of it. Only registered users can see links on this board! Get registered or login!
I don't know if it's better by now just know some ppl are working on it.
 
View user's profile Send private message Visit poster's website
montego
PostPosted: Thu May 25, 2006 6:03 am Reply with quote

Only registered users can see links on this board! Get registered or login!

Sad

Just make sure you do your due diligence.
 
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Thu May 25, 2006 1:25 pm Reply with quote

I would look at upgrading your version of Sentinel also. Do you use chatserv patches with your version of php 7.6?
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
fondy
PostPosted: Fri May 26, 2006 6:49 am Reply with quote

Yes, I am using the patches from chatserv. Maybe I will go to the latest version of RavenNuke with the patches and sentinel included.

Do I have to upgrade the tables in the database if I go from standard nuke 7.6 to RavenNuke 7.6?

regards fondy
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©