Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
vartax
New Member
New Member


Joined: Jan 24, 2006
Posts: 7
Location: Amsterdam, the Netherlands

PostPosted: Mon Jul 03, 2006 4:32 pm Reply with quote

I would like to advise all NS Users to tighten the security add the referrer tc-thc.org and maybe do like I did and block out the complete Turkish IP block. Not only did I had a lot of hack attempts originated from Turkey but there is also a person or a group going around calling himself or themselfes Cukurova'li Hacking for Turkey and the Islam.
He/They are targeting almost only PHP sites

I use NS 2.4.2pl9 on PHPNuke 7.6 (platinum) but besides my mainsite I also had HelpCenterLive installed in a subdirectory and I found out that this directory has been hacked by those f*****s They did not defaced this module but managed to installed a subdirectory called /.s with a file called linuxhak.php together with the files dc.pl, kral-imt.html and an altered index.html in the main directory.

Curious as i am i searched around and found out that now almost 16000 hits on google are found with this name and i lot of sites have been defaced. the google search is Only registered users can see links on this board! Get registered or login!

Only one question for the pro's, I managed to delete al the files except the linuxhak.php file. i chmodded it to all kind of combinations but it wont allow me to delete it. i tried it with ftp and thru cpanel-file manager but till now no luck.
Has anyone a idea how to do this
(i did manage to rename the directory names so that they are not easy to be found for the hackers but rather have the file deleted because when I downloaded it to my pc my virusscanner caught it as a backdoor trojan)

Rene

p.s.

some other related referrers;
BLue-Security.NeT
trgala.net
imhatimi.com
imhatimliyiz.biz


Last edited by vartax on Mon Jul 03, 2006 5:16 pm; edited 1 time in total 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Mon Jul 03, 2006 4:56 pm Reply with quote

Did you try deleting it through your control panel's file manager?

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
vartax
PostPosted: Mon Jul 03, 2006 5:18 pm Reply with quote

Yes, CPanel File Manager and several kinds of FTP Programms.
I dont have ssh access.

Rene
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Mon Jul 03, 2006 5:49 pm Reply with quote

You are not the owner of this file and the ftp user doesn´t have that right. Sorry, that s hard to explain but I can easily change this trough my account at my webhoster.
Maybe this helps don´t know:
Only registered users can see links on this board! Get registered or login!

There is another turkish hacker group they did a similar thing on another german website. Search for: d3ngsz
 
View user's profile Send private message
vartax
PostPosted: Mon Jul 03, 2006 6:21 pm Reply with quote

No I understand what you say. I used to rent a dedicated linux box and know a bit (but not that much) but have forgotten about the chown stuff.
as i do not have ssh access i should ask the hoster to chown this file for me.
Thnaks for pointing me in the right direction.

Rene
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Thu Jul 06, 2006 10:12 pm Reply with quote

Quote:

as i do not have ssh access i should ask the hoster to chown this file for me.
Thnaks for pointing me in the right direction.


Ask them to look into what user "owns" the file as they might be interested to know that as well and ask them to remove it.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©