Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Meoff
Regular
Regular


Joined: Aug 05, 2006
Posts: 55
Location: Thailand

PostPosted: Wed Aug 09, 2006 4:01 am Reply with quote

Hello to all,

I've learned a lot of great stuff about my PHP Nuke site from this forum, and hoping that some of you people who are a lot brighter than me can help me out.

My site was defaced last night by TILKIANDRE, who was able to create himself an admin account, and change my welcome message (#1) to a big F*** ISRAEL type political message.

From reading my IP logs, it seems that was all he did- so I guess that I have been lucky.

Doing some searching / reading about nuke security, I keep running across NukeSentinel, and how it is a worthwhile addition that combats alot of hack attempts / weaknesses in PHPNuke. I've read that I must also install patches prior to installing NukeSentinel.

Can someone steer me in the right direction... tell me (in basic / newbie style) everything I need to install to improve the security of my site? All the needed patches, programs, etc? Reaing the the topics in this forum is a little bit mind boggling / confusing.

I am currently using a plain - jane as downloaded version of PHPNuke 7.8. I've upgraded the PHPBB to the newest versions of BBtonuke 2.0.21.

Thanks for any and all input. Like I said, I believe that I was lucky this time, but realize that someone else who performs the same kind of attack and creates an admin account could do a world of damage. I might not be so lucky next time.

Meoff
 
View user's profile Send private message Visit poster's website
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Wed Aug 09, 2006 6:07 am Reply with quote

Is this a new site?

If it is the best option maybe to scrap it and start over RavenNuke.

This comes preinstalled with the latest Sentinel and Patches at the time of release. It is also based on 7.6, which is more secure than 7.8.

If not it is possible to downgrade to 7.6 and install RavenNuke this way.

Most of this has been discussed previously on this site and therefore if you do a search you should be able to find some advice.
 
View user's profile Send private message
Meoff
PostPosted: Wed Aug 09, 2006 6:24 am Reply with quote

Hello jakec,

Thanks for your reply.

No- it isn't a new site. It is over a year old, with several add-on modules, a lot of members and an active forum. Ideally, I'd like to find the way to secure what I have already. Any advice along this path would be appreciated!

From my rookie point of view, it seems that this would be the lesser nightmare- compared to migrating everything to the version 7.6 RavenNuke. Is it the correct way of thinking? How difficult would it be to migrate to another system? Could I still use my existing SQL database?
 
jakec
PostPosted: Wed Aug 09, 2006 6:35 am Reply with quote

Securing 7.8 may be difficult due to it's inherent securities holes, but you can try the latest patches and Sentinel, but there is no guarantee it will work.

Sentinel can be downloaded from: Only registered users can see links on this board! Get registered or login!
and the latest patches can be found here: Only registered users can see links on this board! Get registered or login!

I'm no expert, but the downgrade script, just downgrades your database to 7.6, which you should then be able to use with RavenNuke. Like I said this has been covered in other forums here, so probably best to have a read through them for advice.
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Wed Aug 09, 2006 8:21 am Reply with quote

Also, make sure to install Admin Authentication on both admin.php and your modules/Forums/admin (directory).

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©