Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
rith
New Member
New Member


Joined: Sep 12, 2006
Posts: 7

PostPosted: Wed Sep 13, 2006 12:01 pm Reply with quote

To make a VERY long story short, my site became much more popular the last couple months, I guess that attracts hackers Crying or Very sad Well we were attack with the top news post saying 'pwned by g00ns ect ect.' about 2 days ago.

So I spent the next couples hours changing the admin passwords, creating new database users and delteing the old ones, and loading up p3.2b.

Everything seemed perfect, until yesterday at around 5pm the site seemed as if it could not connect to the nuke portion of the database: the news was gone, total member = 0, ect. - but certain non-nuke tables were working just fine (phpraid, eqdkp)

I went on and spent hours trying to find out wtf happened and learned that the DB was fine, and the ftp files were fine. So I went in and looked at the DB users - they had the right permissions, I unchecked and rechecked them. BAM the site worked perfect.

So later that day I loaded up Sentinal (amazing BTW) and had it set to track all IPs among other things.

Now I got on this morning and the site had lost connections to that individual DB user again (note all 3 other DB users still were connected just fine, it was only the nuke one)

So I looked at al the IPs that touched the site and they were all legit and people I know.

So now I'm wondering if this is not a hack but rather a glitch. It never did this until p3.2b.

Inout please.

Thanks in advanced,
Rith
 
View user's profile Send private message
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Wed Sep 13, 2006 2:19 pm Reply with quote

It's weird that phpNuke is losing the connection, but the other scripts aren't. Is your SQL server stable?

THere have been reports of hacks against phpRaid and eqdkp

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
rith
PostPosted: Wed Sep 13, 2006 3:19 pm Reply with quote

Ill try to explain the best I can in more detail -

When this happens, the site comes up with no errors (error printing is turned on in the config.php) but the news is gone, the membership block reports that im not signed in and the total member reads 0. Whenever I try to sign in it says name does not exist, and when I try to create a new member it gets to the last step and once you hit confirm it says '_ERROR'. Because im not signed in I can not goto the forums or other places since it is members only.

During this problem, one thing that I noticed was that the 'Menu' block shows up and works just fine... which is wierd because thats part of phpnuke and would connect to the database to grab the 'menu' just like the other things.

Before the update to p3.2b the site never had this problem for over a year.

Also my phpraid has been reinforced and reinforced again, im pretty sure its as secure as it can get as of this point. But im not to sure of EQDKP. - note phpraid and EQDKP access the DB using two different names.

What would cause the site to be able to access only certain parts of the DB and not others on the same DB username. This is beyond my knowledge. Sad
 
rith
PostPosted: Wed Sep 13, 2006 8:01 pm Reply with quote

Hmm happened again a couple minutes ago, but this time I got a error:

phpBB : Critical Error

Could not obtain lastvisit data from user table

DEBUG MODE

SQL Error : 1226 User 'DBUSERNAMEHERE' has exceeded the 'max_questions' resource (current value: 50000)

SELECT * FROM nuke_users WHERE user_id = '410'

Line : 74
File : sessions.php
 
rith
PostPosted: Wed Sep 13, 2006 8:20 pm Reply with quote

I understand what that means but it doesnt make sense... why happen every 8 hours since the upgrade. Could their be a leak in the patch that runs up the number of resources?
 
Tao_Man
Involved
Involved


Joined: Jul 15, 2004
Posts: 252
Location: OKC, OK

PostPosted: Thu Sep 14, 2006 10:30 am Reply with quote

what version of nuke are you using? did you install Nuke Sentinel 2.5.02 or another version? Your hosting company is cutting off your nuke db user name, because of the 50000 limit. It is possable that someting in nuke or the patches has caused an increase in db calls more then you had, but you may have been very close to this limit to begain with.

_________________
------------------------------------------
To strive, to seek, to find, but not to yield!
I don't know Kara-te but I do know cra-zy, and I WILL use it! 
View user's profile Send private message Visit poster's website
rith
PostPosted: Thu Sep 14, 2006 11:41 am Reply with quote

That sounds very possible - its phpnuke 7.8 (i know i know) and NukeSentinel(tm) 2.5.01. I have set up 4 DB names for nuke and Im going to see it that works
 
evaders99
PostPosted: Thu Sep 14, 2006 3:36 pm Reply with quote

It is your hosting company limiting you. You should get another host without such restrictions - phpNuke is a database intensive script
 
rith
PostPosted: Thu Sep 14, 2006 9:45 pm Reply with quote

hmmm.... Now this limit we speak of, it is by monitered by per DB username, or as a total of the site. I set up 4 names for DB and it still happens on one or two of them, but not the others... now while thier is a chance of hitting 50,000 requests on a simgle name, but its unlikly that when the site randomly picks one of 4 names, that one of them hits that limit.
 
Tao_Man
PostPosted: Fri Sep 15, 2006 10:16 am Reply with quote

Well I can't know how your host is set up, but most of the people that had this problem with there host it is on a per user name basis.
 
evaders99
PostPosted: Fri Sep 15, 2006 8:44 pm Reply with quote

It is per MySQL user.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©