Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
Blues
Regular
Regular


Joined: Jun 17, 2006
Posts: 81
Location: MD

PostPosted: Sun Aug 13, 2006 8:50 am Reply with quote

Woke up this morning to a call from the owner of the site I have been helping get all set up. Looks like a Turkish source hacked the site.
Only registered users can see links on this board! Get registered or login!

I have been trying to identify the pages accessed by looking at the logs, but I have been unsuccessful so far. I am running Nuke 7.8 and phpbb 2.0.18

I also accessed the phpmyadmin panel, and this is what I found.

Image

At this point I am trying to figure out how to fix this. Unfortunately, the last backup is at least a month old. It appears to be just an overlay over all of the pages on the site. Any suggestions where to start looking, as far as what files such a hack would be made to?
 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Aug 13, 2006 10:36 am Reply with quote

You'll probably want to reinstall phpMyAdmin (or have your host do it).

Check the logs to see how it was authorized. If you're not using NukeSentinel and admin authentication on both admin.php and the modules/Forums/admin directory, you should.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Blues
PostPosted: Sun Aug 13, 2006 11:09 am Reply with quote

So is there most likely no way to fix this?
 
Blues
PostPosted: Sun Aug 13, 2006 11:28 am Reply with quote

OK, it looks like I figured out what they did. Now I need to start working on securing what I can. Not sure if it would be a good idea to post corrective action or not, as it could be worse the next time.
 
Blues
PostPosted: Sun Aug 13, 2006 11:35 am Reply with quote

kguske wrote:
You'll probably want to reinstall phpMyAdmin (or have your host do it).

Check the logs to see how it was authorized. If you're not using NukeSentinel and admin authentication on both admin.php and the modules/Forums/admin directory, you should.


WHere can I get NukeSentinel? The downloads section has what appear to be only patches and add-ons for NS.
 
Blues
PostPosted: Sun Aug 13, 2006 11:40 am Reply with quote

Also created an Admin account, with admin name bela
 
Susann
Moderator


Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Sun Aug 13, 2006 1:52 pm Reply with quote

The full version NukeSentinel 2.5.0 7.0 - 7.9 you can download
from: Only registered users can see links on this board! Get registered or login!

The patch for version 2.5.1 is here in the download section.

You also need to change the admin name (your post) or why do you publish this for public ?

Update your forum and use .htaccess for the modules/forums/admin/ files.

Check here:

Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©