Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™
Author Message
nndoc
New Member
New Member


Joined: Aug 14, 2006
Posts: 8

PostPosted: Mon Aug 14, 2006 10:49 am Reply with quote

After installing nukesentinel, my upcoming events block is empty and my scrolling forums block is empty. If that is normal not sure if I want to leave it on.


Last edited by nndoc on Mon Aug 14, 2006 9:30 pm; edited 1 time in total 
View user's profile Send private message
Tao_Man
Involved
Involved


Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK

PostPosted: Mon Aug 14, 2006 11:20 am Reply with quote

don't use them myself so I will not swear to it, but no Nuke Sentinel should not break those. It least I know there are versions that work with sentinel.

_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! 
View user's profile Send private message Visit poster's website
nndoc
PostPosted: Mon Aug 14, 2006 11:54 am Reply with quote

the calendar is NuCalendar, not sure if there is a better one.

It only happens with the mainfile additions, if I reinstall the stock mainfile.php it goes back to normal.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9456
Location: Arizona

PostPosted: Mon Aug 14, 2006 7:30 pm Reply with quote

First of all, welcome!

Cannot imagine what would be causing this to happen unless you made a mistake in the mainfile.php edits. Which NS version and what version of PHP-Nuke, including patch level, are you using?

P.S. You might want to modify your topic title as it is way too vague. Please read the forum rules Only registered users can see links on this board! Get registered or login! for additional helpful "tips". Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
nndoc
PostPosted: Mon Aug 14, 2006 9:28 pm Reply with quote

Thank you both for your help. I am installing NukeSentinel 2.5 and am not sure which version of Nuke I am using. It is this modification that does it.

Old line in my mainfile.php

if (defined('FORUM_ADMIN')) {
require_once("../../../config.php");
require_once("../../../db/db.php");
} elseif (defined('INSIDE_MOD')) {
require_once("../../config.php");
require_once("../../db/db.php");
} else {
require_once("config.php");
require_once("db/db.php");
/* FOLLOWING TWO LINES ARE DEPRECATED BUT ARE HERE FOR OLD MODULES COMPATIBILITY */
/* PLEASE START USING THE NEW SQL ABSTRACTION LAYER. SEE MODULES DOC FOR DETAILS */
require_once("includes/sql_layer.php");
$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);
}


With this from NukeSentinel

if (defined('FORUM_ADMIN')) {
@require_once("../../../config.php");
@require_once("../../../db/db.php");
@require_once("../../../includes/sql_layer.php");
@include_once("../../../includes/nukesentinel.php");
} elseif (defined('INSIDE_MOD')) {
@require_once("../../config.php");
@require_once("../../db/db.php");
@require_once("../../includes/sql_layer.php");
@include_once("../../includes/nukesentinel.php");
} else {
@require_once("config.php");
@require_once("db/db.php");
@require_once("includes/sql_layer.php");
@include_once("includes/nukesentinel.php");
}


The page loads fine, no errors, but the scrolling forums block is empty and my NuCalendar block shows no upcoming events.

My website has been hacked 2 times in 2 days and am not sure how they are able to do this. I looked inside phpMyAdmin and there are only 3 admins, no new additions so not sure how they are creating blocks and deleting shouts from my shout box. I am not sure if there is something in the database I should be looking for that would give the access to these functions.

I bit the bullet and just installed NukeSentinel and will not have the use of those 2 blocks. I activated the standard forums block but do not have a upcoming event calendar.

Any help would be appreciated, thanks again.
 
nndoc
PostPosted: Mon Aug 14, 2006 9:35 pm Reply with quote

Wow, after reading my post I see my mistake. I am cutting out this line

$dbi = sql_connect($dbhost, $dbuname, $dbpass, $dbname);

After putting it back it works fine. I am very new to php-nuke and have not used nukesentinel before so not sure if everything is normal.

Do I need to install the IP files I saw in the download section?

Is there some script or hack that is still on my webserver that will still allow these jerks access eventhough I have NukeSentinel installed?

Thanks again for your help,
Jason (nndoc)
 
montego
PostPosted: Tue Aug 15, 2006 5:28 am Reply with quote

Great, glad you found it. Regarding your other questions...

Quote:

Do I need to install the IP files I saw in the download section?

Yes, this is important so that your users do not get an "Invalid IP" error message.

Quote:

Is there some script or hack that is still on my webserver that will still allow these jerks access eventhough I have NukeSentinel installed?

There are many threads here regarding getting hacked and I hate to say it, but, depending on how they are getting in, NS may not stop them either. NS will not always protect you from poorly written scripts. For example, anything which allows someone to upload a file, such as a photo gallery, or even some Chat systems, are very vulnerable to this.

You have to find out how they are getting in. You may need to get your host involved, but you should also be able to review your Apache access logs around the time-frames you suspect it is happening and look for how they are doing it. However, if they have compromised someone else's account, or worse, "root", on the same server, they could be doing this even outside of PHP-Nuke.

Let us not continue this other thread here as it clouds the original issue. If you run into issues with your analysis, please search for similar "I've been hacked" type issues and if you still need specific assistance with something you are seeing, please post in maybe the PHP-Security forum.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©