Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
shimshon
Hangin' Around



Joined: Sep 25, 2005
Posts: 48

PostPosted: Wed Aug 23, 2006 11:50 am Reply with quote

Hi,

I think I got hacked!?
I can't login to admin
All modules are inactive
All news disapeared.
What can I do?
Thanks,
Shimshon
see site at http://www.shimshon9.com[/url]
 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce



Joined:
Posts: 5661

PostPosted: Wed Aug 23, 2006 11:59 am Reply with quote

go to your admin.php and create account..
very fast..
 
View user's profile Send private message
shimshon







PostPosted: Wed Aug 23, 2006 12:30 pm Reply with quote

I tried to do it but I can't log in. I always get redirected to the 'create account' page
 
hitwalker







PostPosted: Wed Aug 23, 2006 12:54 pm Reply with quote

for better help you can pm me login details of cpanel/ftp..etc.....
 
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Wed Aug 23, 2006 12:54 pm Reply with quote

What happens if you create a new superuser account like it says?

or are you saying you've done that and it stills doesn't work?

Is this a new site?
 
View user's profile Send private message
shimshon







PostPosted: Wed Aug 23, 2006 1:04 pm Reply with quote

To Jacek - I did it but it didn't work.... the site is not new

To hitwalker: What details do you need? my login is not working anymore
 
hitwalker







PostPosted: Wed Aug 23, 2006 1:26 pm Reply with quote

well in order to get it working again i have to be in the database, so i need access to cpanel ..
but it looks like a hack...
problem is that you never know if they left anything behind..
 
hitwalker







PostPosted: Wed Aug 23, 2006 1:41 pm Reply with quote

i got the info but as soon as i wanted to use phpmyadmin it opend with an error...

Fatal error: Call to undefined function: pma_reloadnavigation() in /usr/local/apache/htdocs/phpMyAdmin-2.6.3/header.inc.php on line 133

i tried 3 times...
difficult to help...
 
shimshon







PostPosted: Wed Aug 23, 2006 1:45 pm Reply with quote

Saw that - what can I do? Looks like a lot of work...
 
hitwalker







PostPosted: Wed Aug 23, 2006 1:49 pm Reply with quote

well i get the error in firefox and IE.
best thing you can do is call your host...
and let them fix it asap..
 
shimshon







PostPosted: Wed Aug 23, 2006 1:56 pm Reply with quote

Well - thanks a lot anyway. Do you think it was a hack?
 
hitwalker







PostPosted: Wed Aug 23, 2006 1:59 pm Reply with quote

yes i think so but not sure...
they wiped out your details so that says enough...

untill its not fixed i suggest you take out the config.php file and put a maintenance index.html file in the root...
 
shimshon







PostPosted: Wed Aug 23, 2006 2:02 pm Reply with quote

thanks
 
shimshon







PostPosted: Wed Aug 23, 2006 2:21 pm Reply with quote

What can I do to protect my site in the future?
sentinel didn't seem to help there...
 
hitwalker







PostPosted: Wed Aug 23, 2006 2:30 pm Reply with quote

thats hard to say...
we all asume something hacked you but were not sure.,..
it will be more clear when the database can be seen.
 
hitwalker







PostPosted: Wed Aug 23, 2006 2:38 pm Reply with quote

when do you do have access again in phpmyadmin run this in the mysql box.

UPDATE nuke_modules
SET active = '1'
WHERE active = '0';
 
jakec







PostPosted: Thu Aug 24, 2006 6:06 am Reply with quote

Well it looks like you're using an older version of Sentinel so I would upgrade this to the latest.

It would be ineteresting to know how they got in so check your logs traces of how they got in.
 
hitwalker







PostPosted: Thu Aug 24, 2006 6:11 am Reply with quote

i doubt that,its atleast 2.4.2pl5 ,with ravennuke distro...
only chance you make is with vunerable 3d junk,and it doesnt look he has something like that installed.
 
Susann
Moderator



Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support

PostPosted: Thu Aug 24, 2006 8:11 am Reply with quote

Seems all is working again. Would be interesting if this has something to do with the database or was the site really hacked ?


Last edited by Susann on Thu Aug 24, 2006 8:13 am; edited 1 time in total 
View user's profile Send private message
hitwalker







PostPosted: Thu Aug 24, 2006 8:13 am Reply with quote

yeah ,would have been nice indeed..
 
shimshon







PostPosted: Fri Aug 25, 2006 2:48 am Reply with quote

Sorry I didn't post earlier the results......work.
Anyway, this is the response I got from my host:

'We are sorry for the inconvenience. It seems that password is got corrupted of your default mysql. It needs to be reset.'

Somehow without changing the password it works again and I am trying to find out what they did.

Question: Do I need to put in the lines hitwalker gave me into mysql box?
UPDATE nuke_modules
SET active = '1'
WHERE active = '0';

and How do I upgrade my Sentinel version?

Thanks for all your help.
 
izone
Involved
Involved



Joined: Sep 07, 2004
Posts: 354
Location: Sweden

PostPosted: Fri Aug 25, 2006 3:44 am Reply with quote

shimshon, I don't think that you were hacked. This happened to one of my friends too for a time ago. It was the sql server error. He had Plesk and all of the sudden he had access to other site's db too from his own db!!! Laughing

So I think it is better that you change your user and pass for your db and don't forget to do it in you config.php too.

Quote:

Question: Do I need to put in the lines hitwalker gave me into mysql box?
UPDATE nuke_modules
SET active = '1'
WHERE active = '0';


Your modules are active now and you don't need to run this.

Regards.
 
View user's profile Send private message
shimshon







PostPosted: Fri Aug 25, 2006 3:54 am Reply with quote

Will do that,
Thanks
 
hitwalker







PostPosted: Fri Aug 25, 2006 4:12 am Reply with quote

what a complete wacko story.... killing me
Quote:
It seems that password is got corrupted of your default mysql


if that would have been the case your whole site wouldnt work.
But i do know ipowerweb ,they are responsible for corrupting a friends database.
I helped him to repair everything....,and moved him to lunarpages.com
 
shimshon







PostPosted: Sat Aug 26, 2006 5:15 am Reply with quote

I don't know if I should start a new topic about that, but now I can't login to admin anymore?
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©